Guan-fuzz: Argument Selection With Mean Shift Clustering for Multi-argument Fuzzing

Han Lin Lu, Guan Ming Lin, Shih Kun Huang*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Recently, fuzzers have become more important in software security. Various fuzzer strategies have been proposed continuously in order to improve the efficiency of fuzzer exploration. In order to find more program vulnerabilities, multi-parameter fuzzing has been proposed in recent years. For example, SQ-Fuzz and CRFuzz use multi-argument fuzzing to find many program vulnerabilities that were not found by single-argument fuzzer. However, there is no relevant research on optimizing parameter-based fuzzing at present. To make multi-argument fuzzer more efficient, selecting suitable combinations of command arguments is necessary. Therefore, in this paper, we propose Guan-fuzz, which uses the MeanShift algorithm to group the execution coverage of different program parameters. It can reduce the number of execution of similar parameters. The experimental results show that Guan-fuzz has 84% and 14% higher program coverage than AFL and SQ-Fuzzer. Guan-fuzz's improvement in multi-argument fuzzing is significant. Guan-fuzz can find more vulnerabilities that SQ-Fuzzu did not find, and in the real world programs, Guan-fuzz found 41 new bugs, of which 32 have been fixed, and eight have been assigned CVE IDs.

Original languageEnglish
Title of host publicationProceedings - 2022 9th International Conference on Dependable Systems and Their Applications, DSA 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages421-430
Number of pages10
ISBN (Electronic)9781665488778
DOIs
StatePublished - 2022
Event9th International Conference on Dependable Systems and Their Applications, DSA 2022 - Wulumuqi, China
Duration: 4 Aug 20225 Aug 2022

Publication series

NameProceedings - 2022 9th International Conference on Dependable Systems and Their Applications, DSA 2022

Conference

Conference9th International Conference on Dependable Systems and Their Applications, DSA 2022
Country/TerritoryChina
CityWulumuqi
Period4/08/225/08/22

Keywords

  • fuzz testing
  • meanshift
  • multi-argument fuzz testing
  • software security

Fingerprint

Dive into the research topics of 'Guan-fuzz: Argument Selection With Mean Shift Clustering for Multi-argument Fuzzing'. Together they form a unique fingerprint.

Cite this