TY - GEN
T1 - pAFL
T2 - 13th International Conference on Communication and Network Security, ICCNS 2023
AU - Ma, Rui
AU - Zhou, Xvhong
AU - Wang, Xiajing
AU - Zhang, Zheng
AU - Jiang, Jinman
AU - Huo, Wei
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/12/6
Y1 - 2023/12/6
N2 - Recently, Fuzzing has regarded as one of the most widely used tools of discovering software vulnerabilities, due to its effectiveness and efficiency. With various fuzzers developing, ineffective seed generation has emerged as a concern. American Fuzzy Lop (AFL), a coverage-guided fuzzer, allocates mutation energy to seeds to create new inputs. Nevertheless, AFL's fixed mutation energy for the same seed after multiple mutations leads to the exploration of unproductive paths, reducing vulnerability detection efficiency. To overcome this problem, we proposed a novel adaptive energy allocation scheme, pAFL. Utilizing reinforcement learning, pAFL dynamically assigns energy to seeds in iterations. Initially, it assigns more energy to promising seeds which are judged by several native metrics, followed by employing the Upper Confidence Bound (UCB) algorithm to balance exploration and exploitation. This prevents the same seeds from over-exploitation and improves exploration among different seeds. The evaluations on LAVA-M dataset and 7 real-world programs demonstrate that pAFL outperforms AFL significantly. Additionally, we verifies that pAFL could achieve better performance by overcoming more path constraints on fuzzer_challenges dataset compared to AFL, AFLFast, EcoFuzz and MOPT.
AB - Recently, Fuzzing has regarded as one of the most widely used tools of discovering software vulnerabilities, due to its effectiveness and efficiency. With various fuzzers developing, ineffective seed generation has emerged as a concern. American Fuzzy Lop (AFL), a coverage-guided fuzzer, allocates mutation energy to seeds to create new inputs. Nevertheless, AFL's fixed mutation energy for the same seed after multiple mutations leads to the exploration of unproductive paths, reducing vulnerability detection efficiency. To overcome this problem, we proposed a novel adaptive energy allocation scheme, pAFL. Utilizing reinforcement learning, pAFL dynamically assigns energy to seeds in iterations. Initially, it assigns more energy to promising seeds which are judged by several native metrics, followed by employing the Upper Confidence Bound (UCB) algorithm to balance exploration and exploitation. This prevents the same seeds from over-exploitation and improves exploration among different seeds. The evaluations on LAVA-M dataset and 7 real-world programs demonstrate that pAFL outperforms AFL significantly. Additionally, we verifies that pAFL could achieve better performance by overcoming more path constraints on fuzzer_challenges dataset compared to AFL, AFLFast, EcoFuzz and MOPT.
KW - Energy Allocation
KW - Fuzzing
KW - Reinforcement Learning
UR - http://www.scopus.com/inward/record.url?scp=85191459259&partnerID=8YFLogxK
U2 - 10.1145/3638782.3638792
DO - 10.1145/3638782.3638792
M3 - Conference contribution
AN - SCOPUS:85191459259
T3 - ACM International Conference Proceeding Series
SP - 62
EP - 68
BT - ICCNS 2023 - 2023 13th International Conference on Communication and Network Security
PB - Association for Computing Machinery
Y2 - 1 December 2023 through 3 December 2023
ER -