Jinman Jiang
ABSTRACT
Fuzzing has become one of the most widely used technology for discovering software vulnerabilities thanks to its effectiveness. However, even the state-of-the-art fuzzers are not very efficient at identifying promising seeds. Coverage-guided fuzzers like American Fuzzy Lop (AFL) usually employ single criterion to evaluate the quality of seeds that may pass up potential seeds. To overcome this problem, we design a potential seed selection scheme, called MOAFL. The key idea is to measure seed potential utilizing multiple objectives and prioritize promising seeds that are more likely to generate interesting seeds via mutation. More specifically, MOAFL leverages lightweight swarm intelligence techniques like Multi-Objective Particle Swarm Optimization (MOPSO) to handle multi-criteria seed selection, which allows MOAFL to choose promising seeds effectively. We implement this scheme based on AFL and our evaluations on LAVA-M dataset and 7 popular real-world programs demonstrate that MOAFL significantly increases the code coverage over AFL.
- Michal Zalewski. 2019. American Fuzzy Lop. http://lcamtuf.coredump.cx/afl/Google Scholar
- M. Böhme, V. Pham, and A. Roychoudhury. 2016. Coverage-based Greybox Fuzzing as Markov Chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM. https://doi.org/10.1145/2976749.2978428Google ScholarDigital Library
- S. Gan, C. Zhang, X. Qin, X. Tu, K. Li, Z. Pei, and Z. Chen. 2018. CollAFL: Path Sensitive Fuzzing. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (S&P). IEEE. https://doi.org/10.1109/SP.2018.00040Google ScholarCross Ref
- C. Lemieux and K. Sen. 2018. FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ASE 2018, 475–485. https://doi.org/10.1145/3238147.3238176Google ScholarDigital Library
- S. Karamcheti, G. Mann, and D. Rosenberg. 2018. Adaptive Grey-Box Fuzz-Testing with Thompson Sampling. In Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security. ACM, 37-47. https://doi.org/10.1145/3270101.3270108Google ScholarDigital Library
- C. Lyu, S. Ji, C. Zhang, Y. Li, W. Lee, Y. Song, and R. Beyah. 2019. MOPT: Optimized Mutation Scheduling for Fuzzers. In Proceedings of 28th USENIX Security Symposium. USENIX.Google Scholar
- J. Wang, B. Chen, L. Wei, and Y. Liu. 2017. Skyfire: Data-driven Seed Generation for Fuzzing. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (S&P). IEEE. https://doi.org/10.1109/SP.2017.23Google ScholarCross Ref
- P. Godefroid, H. Peleg, and R. Singh. 2017. Learn&fuzz: Machine learning for input fuzzing. In Proceedings of 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE/ACM, 50-59. https://doi.org/10.1109/ASE.2017.8115618Google Scholar
- C. Aschermann, T. Frassetto, T. Holz, P. Jauernig, A.-R. Sadeghi, and D. Teuchert. 2019. NAUTILUS: Fishing for Deep Bugs with Grammars. In Proceedings of 2019 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2019.23412Google ScholarCross Ref
- S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS). http://doi.org/10.14722/ndss.2017.23404Google ScholarCross Ref
- W. Wang, H. Sun, and Q. Zeng. 2016. Seededfuzz: Selecting and generating seeds for directed fuzzing. In 10th International Symposium on Theoretical Aspects of Software Engineering (TASE), 49–56. https://doi.org/10.1109/TASE.2016.15Google Scholar
- B. Dolan-Gavitt, P. Hulin, E. Kirda, T. Leek, A. Mambretti, W. Robertson, F. Ulrich, and R. Whelan. 2016. Lava: Large-scale automated vulnerability addition. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (S&P). IEEE. https://doi.org/10.1109/SP.2016.15Google ScholarCross Ref
- C. A. C. Coello, G. T. Pulido and M. S. Lechuga. 2004. Handling multiple objectives with particle swarm optimization. In IEEE Transactions on Evolutionary Computation, 256-279. https://doi.org/10.1109/TEVC.2004.82606Google ScholarCross Ref
Recommendations
Attributed multi-objective comprehensive learning particle swarm optimization for optimal security of networks
In particle swarm optimization (PSO) each particle uses its personal and global or local best positions by linear summation. However, it is very time consuming to find the global or local best positions in case of complex problems. To overcome this ...
SYNTONY: Potential-aware fuzzing with particle swarm optimization
Highlights- Present potential-aware fuzzing scheme SYNTONY using particle swarm optimization.
- Devise multi-criteria selection strategy for prioritizing the most promising seed.
- Employ unique seed potential to facilitate power scheduling for ...
AbstractFuzzing has gained significant traction in academic research as well as industry thanks to its effectiveness for discovering software vulnerabilities. However, even the state-of-the-art fuzzers are not very efficient at identifying promising ...
Multi-objective particle swarm optimization based on minimal particle angle
ICIC'05: Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part IParticle swarm optimization is a computational intelligence method of solving the multiobjective optimization problems. But for a given particle, there is no effective way to select its globally optimal particle and locally optimal particle. The ...
Comments