TY - GEN
T1 - Guan-fuzz
T2 - 9th International Conference on Dependable Systems and Their Applications, DSA 2022
AU - Lu, Han Lin
AU - Lin, Guan Ming
AU - Huang, Shih Kun
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Recently, fuzzers have become more important in software security. Various fuzzer strategies have been proposed continuously in order to improve the efficiency of fuzzer exploration. In order to find more program vulnerabilities, multi-parameter fuzzing has been proposed in recent years. For example, SQ-Fuzz and CRFuzz use multi-argument fuzzing to find many program vulnerabilities that were not found by single-argument fuzzer. However, there is no relevant research on optimizing parameter-based fuzzing at present. To make multi-argument fuzzer more efficient, selecting suitable combinations of command arguments is necessary. Therefore, in this paper, we propose Guan-fuzz, which uses the MeanShift algorithm to group the execution coverage of different program parameters. It can reduce the number of execution of similar parameters. The experimental results show that Guan-fuzz has 84% and 14% higher program coverage than AFL and SQ-Fuzzer. Guan-fuzz's improvement in multi-argument fuzzing is significant. Guan-fuzz can find more vulnerabilities that SQ-Fuzzu did not find, and in the real world programs, Guan-fuzz found 41 new bugs, of which 32 have been fixed, and eight have been assigned CVE IDs.
AB - Recently, fuzzers have become more important in software security. Various fuzzer strategies have been proposed continuously in order to improve the efficiency of fuzzer exploration. In order to find more program vulnerabilities, multi-parameter fuzzing has been proposed in recent years. For example, SQ-Fuzz and CRFuzz use multi-argument fuzzing to find many program vulnerabilities that were not found by single-argument fuzzer. However, there is no relevant research on optimizing parameter-based fuzzing at present. To make multi-argument fuzzer more efficient, selecting suitable combinations of command arguments is necessary. Therefore, in this paper, we propose Guan-fuzz, which uses the MeanShift algorithm to group the execution coverage of different program parameters. It can reduce the number of execution of similar parameters. The experimental results show that Guan-fuzz has 84% and 14% higher program coverage than AFL and SQ-Fuzzer. Guan-fuzz's improvement in multi-argument fuzzing is significant. Guan-fuzz can find more vulnerabilities that SQ-Fuzzu did not find, and in the real world programs, Guan-fuzz found 41 new bugs, of which 32 have been fixed, and eight have been assigned CVE IDs.
KW - fuzz testing
KW - meanshift
KW - multi-argument fuzz testing
KW - software security
UR - http://www.scopus.com/inward/record.url?scp=85141368712&partnerID=8YFLogxK
U2 - 10.1109/DSA56465.2022.00062
DO - 10.1109/DSA56465.2022.00062
M3 - Conference contribution
AN - SCOPUS:85141368712
T3 - Proceedings - 2022 9th International Conference on Dependable Systems and Their Applications, DSA 2022
SP - 421
EP - 430
BT - Proceedings - 2022 9th International Conference on Dependable Systems and Their Applications, DSA 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 August 2022 through 5 August 2022
ER -