Fuzzing With Optimized Grammar-Aware Mutation Strategies
نویسندگان
چکیده
Fuzzing is a widely used technique to discover vulnerabilities in software. However, for programs requiring highly structured inputs, the byte-based mutation strategies existing fuzzers have difficulties generating valid inputs. To resolve this challenge, Grammar-Based (GBF) utilizes grammar specifications generate new Some GBFs perform based on Abstract Syntax Trees (ASTs), which can inputs conforming grammars. neglect using feedback optimize strategies, and blindly without considering effectiveness of those In paper, we use power schedule subtree pool strategies. Specifically, first translate input files into ASTs, extract subtrees from ASTs pool. Then, AST nodes probabilistic model. That is, adaptively determine time budget mutating an node. Finally, replace along with their ones select We implement fuzzing tool demonstrate our The experiment results show that method outperforms state-of-the-art methods efficiency.
منابع مشابه
Complementing Model Learning with Mutation-Based Fuzzing
An ongoing challenge for learning algorithms formulated in the Minimally Adequate Teacher framework is to efficiently obtain counterexamples. In this paper we compare and combine conformance testing and mutation-based fuzzing methods for obtaining counterexamples when learning finite state machine models for the reactive software systems of the Rigorous Exampination of Reactive Systems (RERS) c...
متن کاملVUzzer: Application-aware Evolutionary Fuzzing
Fuzzing is an effective software testing technique to find bugs. Given the size and complexity of real-world applications, modern fuzzers tend to be either scalable, but not effective in exploring bugs that lie deeper in the execution, or capable of penetrating deeper in the application, but not scalable. In this paper, we present an application-aware evolutionary fuzzing strategy that does not...
متن کاملFuzzing with Code Fragments (-2)
Fuzz testing is an automated technique providing random data as input to a software system in the hope to expose a vulnerability. In order to be effective, the fuzzed input must be common enough to pass elementary consistency checks; a JavaScript interpreter, for instance, would only accept a semantically valid program. On the other hand, the fuzzed input must be uncommon enough to trigger exce...
متن کاملImproving Fuzzing with Symbolic Execution
Fuzzing is a great technique to, for example, discover and reproduce software system vulnerabilities. However, there exist problems with finding test inputs for complex checks (e.g., string equality checks). A recent approach proposes to combine fuzzing techniques with symbolic execution to effectively tackle this problem [1]. The student should examine and discuss the approach given in the pap...
متن کاملDistributed evolutionary fuzzing with Evofuzz
This paper describes the design of a tool (called Evofuzz) that implements the technique of evolutionary (or coverage-guided) fuzzing in a scalable, distributed manner. The architecture, design-choices and implementation specifics of this tool are examined, explained and criticized. After outlining possible improvements and future work that is not yet completed, the paper finishes by presenting...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2021
ISSN: ['2169-3536']
DOI: https://doi.org/10.1109/access.2021.3093904