Directed Fuzzing Based on Bottleneck Detection

Yifeng Wan, Wenting Wang, Jiajun Sun*, Donghai Tian

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Fuzzing, which rapidly generates test cases through seed mutation, is considered as one of the most efficient detection technologies currently available. Directed fuzzing has the ability to gradually guide the fuzzer towards specific targets specified by the user, thereby enhancing the efficiency of discovering vulnerabilities in specified areas. However, fuzzing may hit bottlenecks and fail to reach the target area effectively, resulting in fuzzing stagnation. Traditional directed fuzzers calculate the distance between seed execution paths and points, which leads to resource-consuming preprocessing. In this paper, we proposed a new directed fuzzing method which extracts the dominance path of the target from ICFG, locates critical bottlenecks using basic block access frequency and selects fuzzing seeds that reaches these targets. Meanwhile we improved the "exploration-exploitation"phase switching mechanism and energy assignment algorithm. We implemented the techniques in a prototype system, BDFuzz. Crash reproduction experiments on several real-world programs show that BDFuzz outperforms other classic fuzzers, AFL and AFLGo.

Original languageEnglish
Title of host publicationCNIOT 2024 - Conference Proceeding, 2024 5th International Conference on Computing, Networks and Internet of Things
PublisherAssociation for Computing Machinery
Pages32-37
Number of pages6
ISBN (Electronic)9798400716751
DOIs
Publication statusPublished - 24 May 2024
Event5th International Conference on Computing, Networks and Internet of Things, CNIOT 2024 - Tokyo, Japan
Duration: 24 May 202426 May 2024

Publication series

NameACM International Conference Proceeding Series

Conference

Conference5th International Conference on Computing, Networks and Internet of Things, CNIOT 2024
Country/TerritoryJapan
CityTokyo
Period24/05/2426/05/24

Keywords

  • Bottleneck Detection
  • Directed Fuzzing
  • Dominance Path
  • Static Analysis

Fingerprint

Dive into the research topics of 'Directed Fuzzing Based on Bottleneck Detection'. Together they form a unique fingerprint.

Cite this

Wan, Y., Wang, W., Sun, J., & Tian, D. (2024). Directed Fuzzing Based on Bottleneck Detection. In CNIOT 2024 - Conference Proceeding, 2024 5th International Conference on Computing, Networks and Internet of Things (pp. 32-37). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3670105.3670111