TY - GEN
T1 - Energy distribution matters in greybox fuzzing
AU - Situ, Lingyun
AU - Wang, Linzhang
AU - Li, Xuandong
AU - Guan, Le
AU - Zhang, Wenhui
AU - Liu, Peng
N1 - Funding Information:
V. ACKNOWLEDGEMENT The paper was supported by the Nanjing University Innovation and Creative Program for PhD candidate (No.2016014).
Publisher Copyright:
© 2019 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - Existing energy distribution strategies of AFL and its variants have two limitations. (1) They focus on increasing coverage but ignore the fact that some code regions are more likely to be vulnerable. (2) They randomly select mutators and deterministically specify the number to mutator, therefore lack insights regarding which granularity of mutators are more helpful at that particular stage. We improve the two limitations of AFL's fuzzing energy distribution in a principled way. We direct the fuzzer to strengthen fuzzing toward regions that have a higher probability to contain vulnerabilities based on static semantic metrics of the target program. Furthermore, granularity-aware scheduling of mutators is proposed, which dynamically assigns ratios to different mutation operators. We implemented these improvements as an extension to AFL. Large-scale experimental evaluations showed the effectiveness of each improvement and performance of integration. The proposed tool has helped us find 12 new bugs and expose three new CVEs.
AB - Existing energy distribution strategies of AFL and its variants have two limitations. (1) They focus on increasing coverage but ignore the fact that some code regions are more likely to be vulnerable. (2) They randomly select mutators and deterministically specify the number to mutator, therefore lack insights regarding which granularity of mutators are more helpful at that particular stage. We improve the two limitations of AFL's fuzzing energy distribution in a principled way. We direct the fuzzer to strengthen fuzzing toward regions that have a higher probability to contain vulnerabilities based on static semantic metrics of the target program. Furthermore, granularity-aware scheduling of mutators is proposed, which dynamically assigns ratios to different mutation operators. We implemented these improvements as an extension to AFL. Large-scale experimental evaluations showed the effectiveness of each improvement and performance of integration. The proposed tool has helped us find 12 new bugs and expose three new CVEs.
UR - http://www.scopus.com/inward/record.url?scp=85071847178&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85071847178&partnerID=8YFLogxK
U2 - 10.1109/ICSE-Companion.2019.00109
DO - 10.1109/ICSE-Companion.2019.00109
M3 - Conference contribution
AN - SCOPUS:85071847178
T3 - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion, ICSE-Companion 2019
SP - 270
EP - 271
BT - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 41st IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2019
Y2 - 25 May 2019 through 31 May 2019
ER -