Method to improve edge coverage in fuzzing

Chunfu JIA; Shengbo YAN; Zhi WANG; Chenlu WU; Hang LI

doi:10.11959/j.issn.1000-436x.2019223

您当前的位置：

首页 >

文章列表页 >

Method to improve edge coverage in fuzzing

Papers | 更新时间：2024-06-05

- Method to improve edge coverage in fuzzing
- Journal on Communications Vol. 40, Issue 11, Pages: 76-85(2019)
- 作者机构：
  
  1. 南开大学网络空间安全学院，天津 300350
  2. 南开大学人工智能学院，天津 300350
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61972215);The National Natural Science Foundation of China(61702399);The National Natural Science Foundation of China(61972073);The National Natural Science Foundation of China(61872202);The Natural Science Foundation of Tianjin(17JCZDJC30500);CERNET Innovation Project(NGII20180401)
- DOI：10.11959/j.issn.1000-436x.2019223
  CLC： TP311.1
- Online First：2019-11，
  
  Published：25 November 2019
- 稿件说明：
移动端阅览
Chunfu JIA, Shengbo YAN, Zhi WANG, et al. Method to improve edge coverage in fuzzing[J]. Journal on Communications, 2019, 40(11): 76-85.
DOI：

Chunfu JIA, Shengbo YAN, Zhi WANG, et al. Method to improve edge coverage in fuzzing[J]. Journal on Communications, 2019, 40(11): 76-85. DOI： 10.11959/j.issn.1000-436x.2019223.

摘要

针对 AFL 边覆盖不全、未充分利用边覆盖信息和有效字节信息的问题，提出了改进方法。首先，设计了新的种子选择算法，在一轮循环中可完全覆盖所有已发现的边；其次，按边覆盖热度对路径评分，以此调整种子的测试次数；最后，对有效字节进行更多的变异。基于上述方法实现了新的 fuzzing 工具—efuzz。实验表明， efuzz的平均边覆盖数比AFL和AFLFast分别增加了5%和9%；在LAVA-M测试集中，efuzz发现的漏洞数超过了AFL；在常用软件中，efuzz发现了3个新的CVE漏洞。所提方法可以有效提高fuzzing的边覆盖率、提升漏洞发现能力，具有实用性。

Abstract

Aiming at the problems of incomplete edge coverage

insufficient uses of edge coverage information and valid bytes information in AFL (American fuzz lop)

a novel method was proposed.Firstly

a new seed selection algorithm was introduced

which could completely cover all edges discovered in one cycle.Secondly

the paths were scored according to the frequency of edges

to adjust the number of tests for each seed.Finally

more mutations were crafted on the valid bytes of AFL.Based on the method above

a new fuzzing tool named efuzz was implemented.Experiment results demonstrate that efuzz outperforms AFL and AFLFast in the edge coverage

with the increases of 5% and 9% respectively.In the LAVA-M dataset

efuzz found more vulnerabilities than AFL.Moreever

in real world applications efuzz has found three new security bugs with CVEs assigned.The method can effectively improve the edge coverage and vulnerability detection ability of fuzzer.

关键词

Keywords

references

SUTTON M , GREENE A , AMINI P . Fuzzing:brute force vulnerability discovery [M ] . NJ : Pearson EducationPress , 2007 .

CHEN C , CUI B , MA J , et al . A systematic review of fuzzing techniques [J ] . Computers ＆ Security , 2018 , 75 ( 1 ): 118 - 137 .

RAWAT S , JAIN V , KUMAR A , et al . VUzzer:application-aware evolutionary fuzzing [C ] // ISOC Network and Distributed System Security Symposium . ISOC , 2017 : 1 - 14 .

BÖHME M , PHAM V T , NGUYEN M D , et al . Directed greybox fuzzing [C ] // ACM Conference on Computer and Communications Security . ACM , 2017 : 2329 - 2344

CHEN H , XUE Y , LI Y , et al . Hawkeye:towards a desired directed grey-box fuzzer [C ] // ACM Conference on Computer and Communications Security . ACM , 2018 : 2095 - 2108 .

STEPHENS N , GROSEN J , SALLS C , et al . Driller:augmenting fuzzing through selective symbolic execution [C ] // ISOC Network and Distributed System Security Symposium . ISOC , 2016 : 1 - 16 .

SHOSHITAISHVILI Y , WANG R , SALLS C , et al . Sok:state of the art of war:offensive techniques in binary analysis [C ] // IEEE Symposium on Security and Privacy . IEEE , 2016 : 138 - 157 .

OGNAWALA S , KILGER F , PRETSCHNER A . Compositional fuzzing aided by targeted symbolic execution [J ] . arXiv Preprint,arXiv:1903.02981 , 2019 .

CADAR C , DUNBAR D , ENGLER D R . KLEE:unassisted and automatic generation of high-coverage tests for complex systems programs [C ] // USENIX Symposium on Operating Systems Design and Implementation . USENIX , 2008 : 209 - 224 .

孙鸿宇 , 何远 , 王基策 , 等 . 人工智能技术在安全漏洞领域的应用 [J ] . 通信学报 , 2018 , 39 ( 8 ): 1 - 17 .

SUN H Y , HE Y , WANG J C , et al . Application of artificial intelligence technology in the field of security vulnerability [J ] . Journal on Communications , 2018 , 39 ( 8 ): 1 - 17 .

GODEFROID P , PELEG H , SINGH R . Learn ＆ fuzz:machine learning for input fuzzing [C ] // IEEE/ACM International Conference on Automated Software Engineering . IEEE/ACM , 2017 : 50 - 59 .

WANG J , CHEN B , WEI L , et al . Skyfire:Data-driven seed generation for fuzzing [C ] // IEEE Symposium on Security and Privacy . IEEE , 2017 : 579 - 594 .

GAN S , ZHANG C , QIN X , et al . CollAFL:path sensitive fuzzing [C ] // IEEE Symposium on Security and Privacy . IEEE , 2018 : 679 - 696 .

KLEES G , RUEF A , COOPER B , et al . Evaluating fuzz testing [C ] // ACM Conference on Computer and Communications Security . ACM , 2018 : 2123 - 2138 .

DOLAN-GAVITT B , HULIN P , KIRDA E , et al . Lava:large-scale automated vulnerability addition [C ] // IEEE Symposium on Security and Privacy . IEEE , 2016 : 110 - 121 .

LI J , ZHAO B , ZHANG C . Fuzzing:a survey [J ] . Cybersecurity , 2018 , 1 ( 1 ):6.

>BÖHME M , PHAM V T , Roychoudhury A . Coverage-based greybox fuzzing as Markov chain [C ] // ACM Conference on Computer and Communications Security . ACM , 2016 : 1032 - 1043 .

WANG M , LIANG J , CHEN Y , et al . SAFL:increasing and accelerating testing coverage with symbolic execution and guided fuzzing [C ] // International Conference on Software Engineering . 2018 : 61 - 64 .

王志 , 蔡亚运 , 刘露 , 等 . 基于覆盖率分析的僵尸网络控制命令发掘方法 [J ] . 通信学报 , 2014 , 35 ( 1 ): 156 - 166 .

WANG Z , CAI Y Y , LIU L , et al . Using coverage analysis to extract Botnet command-and-control protocol [J ] . Journal on Communications , 2014 , 35 ( 1 ): 156 - 166 .

Views

3268

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research of discovering vulnerabilities of NFC applications on Android platform

Smart Fuzzing method based on comparison algorithm of control flow sequences

Related Author

Zhi-qiang WANG

Qi-xu LIU

Yu-qing ZHANG

Ying WANG

Yi-xian YANG

Xin-xin NIU

Li-ze GU

Related Institution

State Key Laboratory of Integrated Services Networks, Xidian University

National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences

Information Security Center,School of Computer,Beij ng University of Posts and Telecommunications

AI问答

⁰