CAMFuzz: Explainable Fuzzing with Local Interpretation

Abstract Grey-box fuzzing techniques have been widely used in software bug finding. In general, there are many decisions to make the process, including which code block target program should be explored first, bytes of an input seed mutated reach block, and how mutate chosen bytes. However, existing solutions usually rely on random exploration or certain heuristics choose where fuzz, limits efficiency fuzzing. this paper, we propose a novel solution CAMFuzz guide process with explainable artificial intelligence (XAI). First, dynamic weight adjustment algorithm, considers both difficulty reaching number unvisited blocks nearby, find worthy explore first. Second, utilize local interpretation technique, i.e., class activation mapping (CAM), recognize part given block. Therefore, can distinguish is more important positions file order achieve better coverage finding efficiency. Third, further help fuzzer increase efficiency, leverage lightweight static analysis identify magic values. We implement prototype evaluate it 13 real-world programs (including 11 open source targets, 2 closed-source commercial products Microsoft component Hancom Office) Results show that outperforms state-of-the-art fuzzers To detail, average achieves 2.07 $$\times$$ × bugs 1.17 improvements. total, found 19 previously unknown vulnerabilities, 6 assigned by CVE so far.