Abstract
AFL is the most widely used coverage-guided fuzzer, which relies on rough execution information to assign seeds energy, which can lead to waste. We track the program executed by AFL and discover that the hit counts of each edge might vary greatly when using different seeds as inputs. Some seeds, which are continuously given too much energy, experience very high hit counts of several edges without new crashes or edges being explored, which results in invalid execution and waste of performance. We also define time-consuming edges and discover that they only occupy a small part of the program. In this paper, we define invalid execution edges and time-consuming edges as hot-spots and propose a fuzzing solution SpotFuzz to solve energy waste caused by the above hot-spot phenomenon. It allocates seeds with more hot-spots during execution and uses less energy to reduce energy waste. Moreover, it preferentially selects seeds with less time-consuming edges as test cases, allowing for more edges to be explored in a limited time. We implement an SpotFuzz prototype based on AFL and test it on several real programs for 600 CPU days. The experimental results show that minimizing the invalid and time-consuming execution of edges can improve the fuzzing efficiency. On average, SpotFuzz could find 42.96% more unique crashes and 14.25% more edges than AFL on GNU Binutils and tcpdump.
Highlights
Vulnerability mining technology mainly includes fuzzing, taint analysis, and symbolic execution [1]
We use the original 43 test cases and empty file as input. We use this data set to evaluate the effect of hit hot-spots and time hot-spots on fuzzing
We study the fuzzing efficiency affected by different inputs
Summary
Vulnerability mining technology mainly includes fuzzing, taint analysis, and symbolic execution [1]. Fuzzing generates numerous random inputs automatically for triggering vulnerabilities in programs. Compared with them, fuzzing, which is universal, efficient, and can be scaled up to large applications [2], is a relatively accurate vulnerability detection method preferred by many researchers [3]. Miller et al [15] conduct system testing on utility programs running on the UNIX operating system by constructing random inputs. They propose fuzz testing technology for the first time, which solves the problem that traditional program verification technology is challenging to apply to large-scale systems. AFL is a widely used coverage-based grey-box fuzzer. The fuzzing process of AFL is divided into two stages.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
