Abstract
Greybox Fuzzing is the most reliable and essentially powerful technique for automated software testing. Notwithstanding, a majority of greybox fuzzers are not effective in directed fuzzing, for example, towards complicated patches, as well as towards suspicious and critical sites. To overcome these limitations of greybox fuzzers, Directed Greybox Fuzzing (DGF) approaches were recently proposed. Current DGFs are powerful and efficient approaches that can compete with Coverage-Based Fuzzers. Nevertheless, DGFs neglect to accomplish stability between usefulness and proficiency, and random mutations make it hard to handle complex paths. To alleviate this problem, we propose an innovative methodology, a target-oriented hybrid fuzzing tool that utilizes a fuzzer and dynamic symbolic execution (also referred to as a concolic execution) engine. Our proposed method aims to generate inputs that can quickly reach the target sites in each sequence and trigger potential hard-to-reach vulnerabilities in the program binary. Specifically, to dive deep into the target binary, we designed a proposed technique named BugMiner, and to demonstrate the capability of our implementation, we evaluated it comprehensively on bug hunting and crash reproduction. Evaluation results showed that our proposed implementation could not only trigger hard-to-reach bugs 3.1, 4.3, 2.9, 2.0, 1.8, and 1.9 times faster than Hawkeye, AFLGo, AFL, AFLFast, QSYM, and ParmeSan respectively but also scale to several real-world programs.
Highlights
The development of modern information technology is accompanied by adverse events such as industrial spyware, computer crimes, unauthorized access, and modification or loss of confidential information
Hawkeye [17] is a Directed Greybox Fuzzing (DGF) tool that instruments the program to measure the distance of a certain test input to the target sites
We propose a novel target-oriented hybrid fuzzing tool named BugMiner that combines fuzzing and Target-Oriented Concolic Execution (TOCE) that enhances the directed fuzzing process
Summary
The development of modern information technology is accompanied by adverse events such as industrial spyware, computer crimes, unauthorized access, and modification or loss of confidential information. The main reason for this is the presence of a vulnerability in the software. Software bugs have emerged as the underpinning reason for dangers to the safety of virtual life. Defined in RFC 2828 [2], a software flaw is an error or faintness in a system’s layout, application, or process and control that could break the system’s security policy. Fuzzing is the most efficient technique to detect software vulnerabilities. There are blackbox, whitebox, and greybox fuzzing approaches in software testing. The simplest form of Blackbox Fuzzing produces random inputs to detect software vulnerabilities. On the opposite side of the range, there is Whitebox Fuzzing [30,31], utilizing heavyweight examination, for example, Symbolic Execution (SE), to produce test cases that trigger vulnerabilities, as opposed to blindly analyzing a massive variety of inputs
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
