PosFuzz: augmenting greybox fuzzing with effective position distribution

Abstract Mutation-based greybox fuzzing has been one of the most prevalent techniques for security vulnerability discovery and a great deal research work proposed to improve both its efficiency effectiveness. generates input cases by mutating seed, i.e., applying sequence mutation operators randomly selected positions seed. However, existing fruitful focuses on scheduling operators, leaving schedule as an overlooked aspect efficiency. This paper proposes novel method, PosFuzz, that statistically schedules based their historical performance. PosFuzz makes use concept effective position distribution represent semantics guide mutations. first utilizes Good-Turing frequency estimation calculate each operator. It then leverages two sampling methods in different stages select from distribution. We have implemented top AFL, AFLFast MOPT, called Pos-AFL, -AFLFast -MOPT respectively, evaluated them UNIFUZZ benchmark (20 widely used open source programs) LAVA-M dataset. The result shows that, under same testing time budget, outperform counterparts code coverage ability. Compared with AFLFast, gets 21% more edge finds 133% paths average. also triggers 275% unique bugs