CatchFuzz: Reliable active anti-fuzzing techniques against coverage-guided fuzzer

Abstract

Fuzzing techniques that can automatically detect software vulnerabilities are used widely today. However, attackers also abuse these fuzzing techniques to find software vulnerabilities in target programs. Researchers have proposed a number of anti-fuzzing techniques in response to this issue, but most of them cause significant computational overhead regardless of whether programs operate under the fuzzing environment or not. To this point, we develop a new anti-fuzzer called CatchFuzz, in which an anti-fuzzing algorithm is loaded only after detecting the fuzzing environment. CatchFuzz then breaks down the fuzzing strategy by directly disordering information used by the fuzzing system. These features ensure that there is little performance degradation during normal usage and make a fuzzer interpret an interesting input value as uninteresting. Also, CatchFuzz surpasses existing anti-fuzzing techniques by significantly reducing the number of detected crashes, while also addressing their current limitations. We conduct multiple empirical tests with nine real-world programs to evaluate CatchFuzz and compare our method with existing anti-fuzzers. Our tests show that CatchFuzz identifies the fuzzing environment with an accuracy of 99.6% and a false positive rate of 0.5%. CatchFuzz exhibits highly improved anti-fuzzing performance, as demonstrated by the significant reduction in the number of detected unique crashes by 95.39%.