BazzAFL : Moving Fuzzing Campaigns Towards Bugs Via Grouping Bug-Oriented Seeds
IEEE Transactions on Dependable and Secure Computing(2024)
摘要
As one of the most successful techniques in hunting software bugs, Coverage-guided Greybox Fuzzing (CGF) intends to move fuzzing campaigns towards executions that can trigger bugs. This process can be divided into two steps, including reaching suspicious code regions and exploring their execution states. Many CGFs propose approaches to efficiently reach suspicious code regions and individual execution states, but fail to explore complex execution states. The challenge is how to explore execution states so that fuzzing can detect multiple types of bugs, while maintaining the code coverage. To address this challenge, we propose
BazzAFL
to investigate code coverage and multiple types of bugs. The crux of
BazzAFL
is to maintain a bunch of seed groups, where each seed saves the best performance on one objective. With the seed group,
BazzAFL
prioritizes code regions that most likely contain bugs based on multi-objective optimization and adaptively divides energy among the seeds in a group based on Shannon's entropy. Meanwhile, during mutation,
BazzAFL
tends to mutating the bytes that can change the execution states. With these solutions,
BazzAFL
gradually moves fuzzing campaigns towards locations and execution states of bugs. Experimental results show that
BazzAFL
identifies at least 62 more bugs on 24 programs compared with other fuzzers.
更多查看译文
关键词
Fuzz testing,fuzzing theory,security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要