Grammar-based Fuzzing Tool Using Markov Chain Model to Generate New Fuzzing Inputs

In recent years, Fuzzing has been one of the promising techniques in software testing field. It supports testers and software developers to find bugs and issues in their applications. Fuzzing is automated hence it saves time and energy for the testers. However, the biggest drawback of fuzzing is that it usually cannot reach the deeper levels in an application because randomly generated fuzzing inputs will most likely not satisfy the format requirement of the application. To solve this problem, we conducted our previous research and developed a grammar-based fuzzing tool by extracting grammars from sample inputs. Then, we took the sample input files and modified them to generate effective fuzzing input files. By modifying the sample input files, the generated fuzzing input can test deeper code because it meets the format requirement of the program. However, the limitation of modifying sample input files is the tool was limited by the quality of the sample input file. In addition, the tool used the same commands order which prevented going to other locations in the target program. In this paper we propose our new technique of generating fuzzing input files with the help of Markov chain model on top of our previous work. The new tool learns the commands order, the probability of occurrence of each command, and the structure of sample input file. It employs the analyzed grammars to generate completely new fuzzing files. We have tested the DARPA CGC dataset and the new tool has successfully crashed another 7 programs that were not discovered by our previous work.