Multiple Targets Directed Greybox Fuzzing
نویسندگان
چکیده
Directed greybox fuzzing (DGF) can quickly discover or reproduce bugs in programs by seeking to reach a program location explore some locations order. However, due their static stage division and coarse-grained energy scheduling, prior DGF tools perform poorly when facing multiple target (targets for short). In this paper, we present targets directed which aims campaign. Specifically, propose novel strategy adaptively coordinate exploration exploitation stages, scheduling considering more relations between seeds locations. We implement our approaches tool called LeoFuzz evaluate it on crash reproduction, true positives verification, vulnerability exposure real-world programs. Experimental results show that outperforms six state-of-the-art fuzzers, i.e. QYSM, AFLGo, Lolly, Berry, Beacon WindRanger terms of effectiveness efficiency. Moreover, has detected 23 new vulnerabilities programs, 12 them have been assigned CVE IDs.
منابع مشابه
Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing
Automatic test-case generation techniques of symbolic execution and fuzzing are the most widely used methods to discover vulnerabilities in, both, academia and industry. However, both these methods suffer from fundamental drawbacks that stop them from achieving high path coverage that may, consequently, lead to discovering vulnerabilities at the numerical scale of static analysis. In this prese...
متن کاملDirected Fuzzing Techniques
Beyond the more general fuzzing techniques that are, among others, used to generate tests with a certain amount of coverage, there exist techniques to direct fuzzers with the goal to execute specific program parts (recent changes, critical system calls, ...). A recent approach is described in [1]. The student is to examine the approach described in the given paper and compare it to similar exis...
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملImproving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach
Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage....
متن کاملDeep Reinforcement Fuzzing
Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-theart deep Q-learning algorithms that optimize rewards, which we define from runtime properties of...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Dependable and Secure Computing
سال: 2023
ISSN: ['1941-0018', '1545-5971', '2160-9209']
DOI: https://doi.org/10.1109/tdsc.2023.3253120