Boosting fuzzing performance with differential seed scheduling

Chung Yi Lin, Chia Wei Tien, Chun Ying Huang

研究成果: Conference contribution同行評審

摘要

Fuzzing is a common technique used to perform automated vulnerability discovery. Fuzzing performance could be improved by various means. In this paper, we discuss the impacts of seed scheduling, and propose differential seed scheduling to maximize fuzzing performance by increasing the number of crashes identified within a limited time. Differential seed scheduling works for grey-box fuzzers that generate seeds based on runtime code coverage measurement. It attempts to evaluate the value of fuzzing seeds and selectively pick the best one to achieve balance between fuzzing effectiveness and efficiency. Our contribution is four-fold. First, we proposed differential seed scheduling to improve overall fuzzing performance. Second, we implemented AFLExplorer by integrating differential seed scheduling with the open-source American Fuzzy Lop (AFL) fuzzer. Third, we conducted in-depth experiments with AFLExplorer to show the effectiveness and the efficiency of seed scheduling. Our evaluations showed that AFLExplorer can discover up to 90% more unique crashes compared with a vanilla fuzzer. Last, we reported newly identified vulnerabilities to the authors of the tested applications, had them fixed, and 15 common vulnerabilities and exposures (CVE) numbers were assigned as of writing of this paper.

原文English
主出版物標題Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019
發行者Institute of Electrical and Electronics Engineers Inc.
頁面72-79
頁數8
ISBN(電子)9781728125565
DOIs
出版狀態Published - 8月 2019
事件14th Annual Asia Joint Conference on Information Security, AsiaJCIS 2019 - Kobe, Japan
持續時間: 1 8月 20192 8月 2019

出版系列

名字Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019

Conference

Conference14th Annual Asia Joint Conference on Information Security, AsiaJCIS 2019
國家/地區Japan
城市Kobe
期間1/08/192/08/19

指紋

深入研究「Boosting fuzzing performance with differential seed scheduling」主題。共同形成了獨特的指紋。

引用此