TY - GEN
T1 - Engineering a Better Fuzzer with Synergically Integrated Optimizations
AU - Liang, Jie
AU - Chen, Yuanliang
AU - Wang, Mingzhe
AU - Jiang, Yu
AU - Yang, Zijiang
AU - Sun, Chengnian
AU - Jiao, Xun
AU - Sun, Jiaguang
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/10
Y1 - 2019/10
N2 - State-of-the-art fuzzers implement various optimizations to enhance their performance. As the optimizations reside in different stages such as input seed selection and mutation, it is tempting to combine the optimizations in different stages. However, our initial attempts demonstrate that naive combination actually worsens the performance, which explains that most optimizations are still isolated by stages and metrics. In this paper, we present InteFuzz, the first framework that synergically integrates multiple fuzzing optimizations. We analyze the root cause for performance degradation in naive combination, and discover optimizations conflict in coverage criteria and optimization granularity. To resolve the conflicts, we propose a novel priority-based scheduling mechanism. The dynamic integration considers both branch-based and block-based coverage feedbacks that are used by most fuzzing optimizations. In our evaluation, we extract four optimizations from popular fuzzers such as AFLFast and FairFuzz and compare InteFuzz against naive combinations. The evaluation results show that InteFuzz outperforms the naive combination by 29% and 26% in path-and branch-coverage. Additionally, InteFuzz triggers 222 more unique crashes, and discovers 33 zero-day vulnerabilities in real-world projects with 12 registered as CVEs.
AB - State-of-the-art fuzzers implement various optimizations to enhance their performance. As the optimizations reside in different stages such as input seed selection and mutation, it is tempting to combine the optimizations in different stages. However, our initial attempts demonstrate that naive combination actually worsens the performance, which explains that most optimizations are still isolated by stages and metrics. In this paper, we present InteFuzz, the first framework that synergically integrates multiple fuzzing optimizations. We analyze the root cause for performance degradation in naive combination, and discover optimizations conflict in coverage criteria and optimization granularity. To resolve the conflicts, we propose a novel priority-based scheduling mechanism. The dynamic integration considers both branch-based and block-based coverage feedbacks that are used by most fuzzing optimizations. In our evaluation, we extract four optimizations from popular fuzzers such as AFLFast and FairFuzz and compare InteFuzz against naive combinations. The evaluation results show that InteFuzz outperforms the naive combination by 29% and 26% in path-and branch-coverage. Additionally, InteFuzz triggers 222 more unique crashes, and discovers 33 zero-day vulnerabilities in real-world projects with 12 registered as CVEs.
KW - Fuzzing
KW - Optimizations Integration
UR - https://www.scopus.com/pages/publications/85078889510
U2 - 10.1109/ISSRE.2019.00018
DO - 10.1109/ISSRE.2019.00018
M3 - 会议稿件
AN - SCOPUS:85078889510
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 82
EP - 92
BT - Proceedings - 2019 IEEE 30th International Symposium on Software Reliability Engineering, ISSRE 2019
A2 - Wolter, Katinka
A2 - Schieferdecker, Ina
A2 - Gallina, Barbara
A2 - Cukier, Michel
A2 - Natella, Roberto
A2 - Ivaki, Naghmeh
A2 - Laranjeiro, Nuno
PB - IEEE Computer Society
T2 - 30th IEEE International Symposium on Software Reliability Engineering, ISSRE 2019
Y2 - 28 October 2019 through 31 October 2019
ER -