704 Hits in 2.1 sec

Program-Adaptive Mutational Fuzzing

Sang Kil Cha, Maverick Woo, David Brumley
2015 2015 IEEE Symposium on Security and Privacy  
We present the design of an algorithm to maximize the number of bugs found for black-box mutational fuzzing given a program and a seed input.  ...  relation to compute a probabilistically optimal mutation ratio for this program-seed pair.  ...  Our technique automatically adapts to a given program-seed pair, and it enables efficient bug finding for mutational fuzzing. A.  ... 
doi:10.1109/sp.2015.50 dblp:conf/sp/ChaWB15 fatcat:nywgwkt2sfbyrkumqctopw2ru4

Framework for State-Aware Virtual Hardware Fuzzing

Hang Xu, Ganyu Qin, Junhu Zhu, Zimian Liu, Zhiqiang Liu, Keping Yu
2021 Wireless Communications and Mobile Computing  
Based on the source-to-source instrumentation, we afterwards propose a state-based fuzzing strategy to adapt to the state conditions of virtual hardware.  ...  Hardware Fuzzing).  ...  Aschermann et al. use the processing state of the program to guide the testcase mutation of the fuzzing [11] .  ... 
doi:10.1155/2021/6698311 fatcat:vxt5qrdcdnfppcp3it46qfdfuu

Steelix: program-state based binary fuzzing

Yuekang Li, Bihuan Chen, Mahinthan Chandramohan, Shang-Wei Lin, Yang Liu, Alwen Tiu
2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2017  
Such program state information informs a fuzzer about where the magic bytes are located in the test input and how to perform mutations to match the magic bytes efficiently.  ...  In this paper, we propose a program-state based binary fuzzing approach, named Steelix, which improves the penetration power of a fuzzer at the cost of an acceptable slow down of the execution speed.  ...  Algorithm 1 gives the procedure of the fuzzing loop, where the normal mutations and our local exhaustive mutation are applied adaptively.  ... 
doi:10.1145/3106237.3106295 dblp:conf/sigsoft/LiCCLLT17 fatcat:qmhniissr5dtrjduyxoqsyihue


Xuan-Bach D. Le, Corina Pasareanu, Rohan Padhye, David Lo, Willem Visser, Koushik Sen
2019 Software engineering notes  
Typically, fuzzers take a set of seed inputs and leverage random mutations to continually improve the inputs with respect to a cost, e.g. program code coverage, to discover vulnerabilities or bugs.  ...  Due to the nature of random mutations, the overwhelming abundance of inputs generated by this common fuzzing practice often adversely hinders the effectiveness and efficiency of fuzzers on grammar-aware  ...  We propose Saffron an adaptive grammar-based fuzzing approach to effectively and efficiently generate inputs that expose expensive executions in programs.  ... 
doi:10.1145/3364452.3364455 fatcat:5teto65eyncdnjhylfn6fzwnee

Efficient Fuzz Testing for Apache Spark Using Framework Abstraction [article]

Qian Zhang, Jiyuan Wang, Muhammad Ali Gulzar, Rohan Padhye, Miryung Kim
2021 arXiv   pre-print
We devise a novel fuzz testing tool called BigFuzz that automatically generates concrete data for an input Apache Spark program.  ...  The key essence of our approach is that we abstract the dataflow behavior of the DISC framework with executable specifications and we design schema-aware mutations based on common error types in DISC applications  ...  Fuzz Testing. Fuzz testing mutates the seed inputs through a fuzzer to maximize a specific guidance metric, such as branch coverage, and find crashes in programs and frameworks.  ... 
arXiv:2103.05118v1 fatcat:w4exupqkbrge7iyjx3nbzgprr4

Scheduling black-box mutational fuzzing

Maverick Woo, Sang Kil Cha, Samantha Gottlieb, David Brumley
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Black-box mutational fuzzing is a simple yet effective technique to find bugs in software.  ...  Given a set of program-seed pairs, we ask how to schedule the fuzzings of these pairs in order to maximize the number of unique bugs found at any point in time.  ...  Then, a program known as a black-box mutational fuzzer is used to fuzz the program p with the seed s, i.e., execute p on a potentially malformed input x obtained by randomly mutating s in a precise manner  ... 
doi:10.1145/2508859.2516736 dblp:conf/ccs/WooCGB13 fatcat:t63b5gz57ndbrlu27pb7cmpzga

Deep Reinforcement Fuzzing [article]

Konstantin Böttinger, Patrice Godefroid, Rishabh Singh
2018 arXiv   pre-print
By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs.  ...  We have implemented this new approach, and preliminary empirical evidence shows that reinforcement fuzzing can outperform baseline random fuzzing.  ...  All results in the following presentation refer to fuzzing the pdftotext program mutating a 168 kByte seed file with 101 PDF objects including binary fields. B.  ... 
arXiv:1801.04589v1 fatcat:ljuwtobxznb2bfbacr6uupthme

Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing [chapter]

Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith
2011 IFIP Advances in Information and Communication Technology  
This paper describes a fuzz-testing solution involving LZ-Fuzz, an inline tool that provides a domain expert with the ability to effectively fuzz SCADA devices.  ...  This paper describes LZFuzz, an inline fuzzing tool that enables infrastructure asset owners and operators to effectively fuzz their own equipment without needing to modify the target system being tested  ...  LZFuzz's adaptive live mutation fuzzing approach can fuzz the proprietary DAA protocol more efficiently than other methods.  ... 
doi:10.1007/978-3-642-24864-1_5 fatcat:mcwcvcoco5agrcx4uriu6poura

Better Pay Attention Whilst Fuzzing [article]

Shunkai Zhu and Jingyi Wang and Jun Sun and Jie Yang and Xingwei Lin and Liyi Zhang and Peng Cheng
2021 arXiv   pre-print
In particular, existing fuzzers suffer from the following main limitations: 1) lacking an overall analysis of the program to identify the most "rewarding" seeds, and 2) lacking an effective mutation strategy  ...  covering the hard-to-trigger program paths.  ...  In a nutshell, our technical contributions are as follows. • We propose a lightweight global analysis to dynamically and adaptively identify the most "rewarding" test inputs as seeds during the fuzzing  ... 
arXiv:2112.07143v1 fatcat:qmvmadjr4fgcjnqffnt3qi2p2m

PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization

Chen Chen, Han Xu, Baojiang Cui
2021 Applied Sciences  
Compared with coverage-oriented fuzzing, target-oriented fuzzing concentrates more computing resources on suspected vulnerable points to improve the testing efficiency.  ...  Coverage-oriented and target-oriented fuzzing are widely used in vulnerability detection.  ...  Non-oriented fuzzing focuses only on whether the program crashes in the test process; it does not interfere with the mutation according to the real-time internal state of the program.  ... 
doi:10.3390/app11031095 fatcat:q46uxbejfnhbnfp54ri66nk4su

HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection [article]

Mengjie Ding, Peiru Li, Shanshan Li, He Zhang
2021 arXiv   pre-print
In this paper, we propose HFContractFuzzer, a method based on Fuzzing technology to detect Hyperledger Fabric smart contracts, which combines a Fuzzing tool for golang named go-fuzz and smart contracts  ...  Fuzzing has proven to be very effective in traditional programs.  ...  After setting the initial corpus, D-go-fuzz adopts a variety of mutation algorithms to mutate the initial corpus. As shown in Table 2 , there are 20 mutation algorithms.  ... 
arXiv:2106.11210v1 fatcat:n4vxcivbdzhoxoyok4ruakkryu

MTFuzz: Fuzzing with a Multi-Task Neural Network [article]

Dongdong She, Rahul Krishna, Lu Yan, Suman Jana, Baishakhi Ray
2020 arXiv   pre-print
As the input space of the target programs is high dimensional and sparse, it is prohibitively expensive to collect many diverse samples demonstrating successful and unsuccessful mutations to train the  ...  Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage.  ...  Since this only happens to the top − k hot-bytes, the number of newly mutated seeds remains manageable. We use these mutated inputs for fuzzing and monitor various coverage.  ... 
arXiv:2005.12392v1 fatcat:46luwyy3mja5naldfaz2lkcula

Refined Grey-Box Fuzzing with SIVO [article]

Ivica Nikolic and Radu Mantu and Shiqi Shen and Prateek Saxena
2021 arXiv   pre-print
Thus the fuzzer can easily adapt to a target program and rapidly increase coverage. We compare our fuzzer to 11 other state-of-the-art grey-box fuzzers on 27 popular benchmarks.  ...  First, SIVO refines data-flow fuzzing in two ways: (a) it provides a new taint inference engine that requires only logarithmic in the input size number of tests to infer the dependency of all program branches  ...  First, fuzzed programs come in different flavors, hence the fuzzer should be flexible and adaptive.  ... 
arXiv:2102.02394v2 fatcat:3zwqfzx53jhmjmhyakl3sjqtce

CPFuzz: Combining Fuzzing and Falsification of Cyber-Physical Systems

Fute Shang, Buhong Wang, Tengyao Li, Jiwei Tian, Kunrui Cao
2020 IEEE Access  
The models are adapted from the research [5] .  ...  S3CAMX uses static symbolic execution on the controller program to find violations. The adapted version of AFL is the same as CPFuzz except that it does not exploit robustness to guide the search.  ... 
doi:10.1109/access.2020.3023250 fatcat:xpustwilqfh6ldb3ysdimvnciq

MooFuzz: Many-Objective Optimization Seed Schedule for Fuzzer

Xiaoqi Zhao, Haipeng Qu, Wenjie Lv, Shuo Li, Jianliang Xu
2021 Mathematics  
We implement our fuzzing framework and evaluate it on seven real-world programs.  ...  Second, it can automatically update the collected information, including the path risk, the path frequency, and the mutation information.  ...  GREYONE [60] uses a fuzzing-driven taint inference to infer taint variables for mutation. Superion [61] deploys mutation strategies to fuzz programs that process structured inputs.  ... 
doi:10.3390/math9030205 fatcat:dqs6zaz54rdmthyrhr3gzdnyuu
« Previous Showing results 1 — 15 out of 704 results