155 Hits in 3.2 sec

Scheduling black-box mutational fuzzing

Maverick Woo, Sang Kil Cha, Samantha Gottlieb, David Brumley
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Black-box mutational fuzzing is a simple yet effective technique to find bugs in software.  ...  We develop an analytic framework using a mathematical model of black-box mutational fuzzing and use it to evaluate 26 existing and new randomized online scheduling algorithms.  ...  Black-box Mutational Fuzzing Black-box mutational fuzzing is a dynamic bug-finding technique.  ... 
doi:10.1145/2508859.2516736 dblp:conf/ccs/WooCGB13 fatcat:t63b5gz57ndbrlu27pb7cmpzga

P-Fuzz: A Parallel Grey-Box Fuzzing Framework

Congxi Song, Xu Zhou, Qidi Yin, Xinglu He, Hangwei Zhang, Kai Lu
2019 Applied Sciences  
Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment.  ...  ., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz.  ...  Black-Box Fuzzing The black-box fuzzer does not have any knowledge of the source code, but it generates test cases randomly and swiftly.  ... 
doi:10.3390/app9235100 fatcat:n5gf5r4j4jeh3naaumojnpv3pi

The Art, Science, and Engineering of Fuzzing: A Survey [article]

Valentin J.M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo
2019 arXiv   pre-print
view of fuzzing.  ...  To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature.  ...  In this section, we will discuss scheduling algorithms for black-and greybox fuzzing only; scheduling in white-box fuzzing requires a complex setup unique to symbolic executors and we refer the reader  ... 
arXiv:1812.00140v4 fatcat:zk2ow477dffc5pllixqigz24ba

On Designing an Efficient Distributed Black-Box Fuzzing System for Mobile Devices

Wang Hao Lee, Murali Srirangam Ramanujam, S.P.T. Krishnan
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
MVDP employs a few novel black-box fuzzing techniques such as distributed fuzzing, parameter selection, mutation position optimisation and selection of good seed files.  ...  To conduct voluntary security testing, black-box fuzzing is one of the ideal low-cost and simple techniques to find system level vulnerabilities for the less technical crowd.  ...  They particularly developed an analytic framework using a mathematical model of black-box mutational fuzzing, which modeled black-box mutational fuzzing as a WCCP process with unknown weights and used  ... 
doi:10.1145/2714576.2714607 dblp:conf/ccs/HaoRK15 fatcat:uygurjg6fnaizjnocg3wavzupm

Greybox fuzzing as a contextual bandits problem [article]

Ketan Patil, Aditya Kanade
2018 arXiv   pre-print
fuzzing, assigning fuzzing iterations to test case(s).  ...  Our learning algorithm selects the multiplier of the number of fuzzing iterations to be assigned to a test case during random fuzzing, given a fixed length substring of the test case to be fuzzed.  ...  The black box fuzzing can be made more efficient by using techniques like good quality seed selections [7, 8] , proper scheduling of mutations [9] .  ... 
arXiv:1806.03806v1 fatcat:n3ll3kfpx5di5dnlglcwwbwa44

AFL Extended with Test Case Prioritization Techniques

Gen Zhang, Xu Zhou
2018 International Journal of Modeling and Optimization  
Index Terms-AFL fuzzing, test case prioritization, coverage information, software se.  ...  Fuzzing is an efficient testing technique to expose bugs and vulnerabilities, and fuzzers extended with coverage information can generate interesting results and find potential bugs in programs.  ...  There are three main types of fuzzing techniques in use: black-box fuzzing [5] , white-box fuzzing [6] and grey-box fuzzing [7] .  ... 
doi:10.7763/ijmo.2018.v8.622 fatcat:tvgsay5bnfavxhxlyufxql64hi

Chemotactic Test Case Recombinationfor Large-Scale Fuzzing

Konstantin B�ttinger
2017 Journal of Cyber Security and Mobility  
We present a bio-inspired method for large-scale fuzzing to detect vulnerabilities in binary executables.  ...  Attempts to optimize black-box fuzzing [12, 19] often neglect the distributed nature of parallel large-scale fuzzing campaigns.  ...  Beyond generational (format-aware) and mutational (format-blind) fuzzers we can generally distinguish between feedback-driven and black-box fuzzers.  ... 
doi:10.13052/jcsm2245-1439.542 fatcat:y7zmnvdk7nfh3azocvuzveo5ne

Facilitating Parallel Fuzzing with mutually-exclusive Task Distribution [article]

Yifan Wang and Yuchen Zhang and Chengbin Pang and Peng Li and Nikolaos Triandopoulos and Jun Xu
2021 arXiv   pre-print
Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry.  ...  Following this model, we develop a solution, called AFL-EDGE, to improve the parallel mode of AFL, considering a round of mutations to a unique seed as a task and adopting edge coverage to define the uniqueness  ...  Efforts along this line have revolutionized fuzzing from being programstructure-agnostic and black-box [2, 5, 28] to be program-structure-aware and grey-box/white-box [52, 37, 16, 49, 40] , which significantly  ... 
arXiv:2109.08635v1 fatcat:oax56e3wz5ftpixp2z3neob35i

Fuzzing Based on Function Importance by Interprocedural Control Flow Graph [article]

Wenshuo Wang, Liang Cheng, Yang Zhang
2021 arXiv   pre-print
Then the seed selection and energy scheduling of a seed input are determined by the importance of its execution trace.  ...  Based on the above observations, we propose a fuzzing method based on the importance of functions.  ...  BACKGROUND AND RELATED WORK 2.1 Fuzzing From the perspective of the cognition of the source code, fuzzing can be divided into three types: black box fuzzing, white box fuzzing and gray box fuzzing [17  ... 
arXiv:2010.03482v4 fatcat:xwrq4iade5aftf67miczlje5vu

FMViz: Visualizing Tests Generated by AFL at the Byte-level [article]

Aftab Hussain, Mohammad Amin Alipour
2021 arXiv   pre-print
In this paper, we report the development of Fuzzer Mutation Visualizer (FMViz), a tool that focuses on visualizing byte-level mutations in fuzzers.  ...  The random nature of fuzzing makes monitoring and understanding the behavior of fuzzers difficult.  ...  there is one theme that all fuzzers have in common, albeit in varying degrees: randomness, which con- tributes to the “black-box  ... 
arXiv:2112.13207v1 fatcat:v3oztlsek5eixmll6yk5h4xmfa

UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling [article]

Xu Zhou, Pengfei Wang, Chenyifan Liu, Tai Yue, Yingying Liu, Congxi Song, Kai Lu, Qidi Yin
2020 arXiv   pre-print
In this paper, we design and implement UniFuzz, a distributed fuzzing optimization based on a dynamic centralized task scheduling.  ...  Fuzzing is one of the most efficient technology for vulnerability detection.  ...  Clusterfuzz supports coverage-based grey-box fuzzers (e.g., LibFuzzer and AFL) and black-box fuzzers. As the fuzzing backend for OSS-Fuzz [54] , it has uncovered thousands of vulnerabilities.  ... 
arXiv:2009.06124v1 fatcat:ektilqy6ijctfnv26bftylqdma

Program-Adaptive Mutational Fuzzing

Sang Kil Cha, Maverick Woo, David Brumley
2015 2015 IEEE Symposium on Security and Privacy  
We present the design of an algorithm to maximize the number of bugs found for black-box mutational fuzzing given a program and a seed input.  ...  relation to compute a probabilistically optimal mutation ratio for this program-seed pair.  ...  It then performs traditional black-box mutational fuzzing with the derived mutation ratio.  ... 
doi:10.1109/sp.2015.50 dblp:conf/sp/ChaWB15 fatcat:nywgwkt2sfbyrkumqctopw2ru4

RDFuzz: Accelerating Directed Fuzzing with Intertwined Schedule and Optimized Mutation

Jiaxi Ye, Ruilin Li, Bin Zhang
2020 Mathematical Problems in Engineering  
in mutation toward the target code areas.  ...  Moreover, an intertwined testing schedule is leveraged to perform the exploration and exploitation in turn.  ...  Exploitation and Exploration Strategies in Fuzzing. ere are many approaches for fuzzing taxonomy, such as black-box, grey-box, and white-box fuzzers [8] and mutation-based and generation-based fuzzers  ... 
doi:10.1155/2020/7698916 fatcat:sh7fgnt27netpkf62rbb3mjd3i

Coverage-based Greybox Fuzzing as Markov Chain

Marcel Böhme, Van-Thuan Pham, Abhik Roychoudhury
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input.  ...  Energy is controlled with a power schedule. We implemented the exponential schedule by extending AFL.  ...  There are three major categories depending on the degree of leverage of internal program structure: black-box fuzzing only requires the program to execute [23, 25, 28] while white-box fuzzing [5, 11  ... 
doi:10.1145/2976749.2978428 dblp:conf/ccs/BohmePR16 fatcat:y5lv2yjewnedhozj5jfni326xu

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Fayozbek Rustamov, Juhwan Kim, Jihyeon Yu, Joobeom Yun
2021 IEEE Access  
Although several studies have been conducted on hybrid fuzzing in recent years, a comprehensive and consistent review of hybrid fuzzing techniques has not been explored.  ...  To add coherence to the extensive literature on hybrid fuzzing and to make it reach a large audience, this study provides an overview of key concepts along with the taxonomy of existing hybrid fuzzing  ...  Furthermore, fuzzers can also be classified as whitebox, greybox, or black-box fuzzers.  ... 
doi:10.1109/access.2021.3114202 fatcat:6yvqxkcqcvg5xl4g2bjf6ndsue
« Previous Showing results 1 — 15 out of 155 results