TY - GEN
T1 - Directed Fuzzing Based on Bottleneck Detection
AU - Wan, Yifeng
AU - Wang, Wenting
AU - Sun, Jiajun
AU - Tian, Donghai
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/5/24
Y1 - 2024/5/24
N2 - Fuzzing, which rapidly generates test cases through seed mutation, is considered as one of the most efficient detection technologies currently available. Directed fuzzing has the ability to gradually guide the fuzzer towards specific targets specified by the user, thereby enhancing the efficiency of discovering vulnerabilities in specified areas. However, fuzzing may hit bottlenecks and fail to reach the target area effectively, resulting in fuzzing stagnation. Traditional directed fuzzers calculate the distance between seed execution paths and points, which leads to resource-consuming preprocessing. In this paper, we proposed a new directed fuzzing method which extracts the dominance path of the target from ICFG, locates critical bottlenecks using basic block access frequency and selects fuzzing seeds that reaches these targets. Meanwhile we improved the "exploration-exploitation"phase switching mechanism and energy assignment algorithm. We implemented the techniques in a prototype system, BDFuzz. Crash reproduction experiments on several real-world programs show that BDFuzz outperforms other classic fuzzers, AFL and AFLGo.
AB - Fuzzing, which rapidly generates test cases through seed mutation, is considered as one of the most efficient detection technologies currently available. Directed fuzzing has the ability to gradually guide the fuzzer towards specific targets specified by the user, thereby enhancing the efficiency of discovering vulnerabilities in specified areas. However, fuzzing may hit bottlenecks and fail to reach the target area effectively, resulting in fuzzing stagnation. Traditional directed fuzzers calculate the distance between seed execution paths and points, which leads to resource-consuming preprocessing. In this paper, we proposed a new directed fuzzing method which extracts the dominance path of the target from ICFG, locates critical bottlenecks using basic block access frequency and selects fuzzing seeds that reaches these targets. Meanwhile we improved the "exploration-exploitation"phase switching mechanism and energy assignment algorithm. We implemented the techniques in a prototype system, BDFuzz. Crash reproduction experiments on several real-world programs show that BDFuzz outperforms other classic fuzzers, AFL and AFLGo.
KW - Bottleneck Detection
KW - Directed Fuzzing
KW - Dominance Path
KW - Static Analysis
UR - http://www.scopus.com/inward/record.url?scp=85200962730&partnerID=8YFLogxK
U2 - 10.1145/3670105.3670111
DO - 10.1145/3670105.3670111
M3 - Conference contribution
AN - SCOPUS:85200962730
T3 - ACM International Conference Proceeding Series
SP - 32
EP - 37
BT - CNIOT 2024 - Conference Proceeding, 2024 5th International Conference on Computing, Networks and Internet of Things
PB - Association for Computing Machinery
T2 - 5th International Conference on Computing, Networks and Internet of Things, CNIOT 2024
Y2 - 24 May 2024 through 26 May 2024
ER -