期刊论文详细信息
Cybersecurity
PosFuzz: augmenting greybox fuzzing with effective position distribution
Research
Wei Zou1  Nanyu Zhong1  Ji Shi1  Wei Huo1  Yanyan Zou1  Yu Zhang1  JiaCheng Zhao2 
[1] Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences, Beijing, China;Beijing Key Laboratory of Network Security and Protection Technology, Beijing, China;State Key Lab of Processors, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China;Zhongguancun Laboratory, Beijing, China;
关键词: Greybox fuzzing;    Mutation position;    Mutation operator;    Code coverage;    Vulnerability discovery;   
DOI  :  10.1186/s42400-023-00143-2
 received in 2022-08-06, accepted in 2023-02-10,  发布年份 2023
来源: Springer
PDF
【 摘 要 】

Mutation-based greybox fuzzing has been one of the most prevalent techniques for security vulnerability discovery and a great deal of research work has been proposed to improve both its efficiency and effectiveness. Mutation-based greybox fuzzing generates input cases by mutating the input seed, i.e., applying a sequence of mutation operators to randomly selected mutation positions of the seed. However, existing fruitful research work focuses on scheduling mutation operators, leaving the schedule of mutation positions as an overlooked aspect of fuzzing efficiency. This paper proposes a novel greybox fuzzing method, PosFuzz, that statistically schedules mutation positions based on their historical performance. PosFuzz makes use of a concept of effective position distribution to represent the semantics of the input and to guide the mutations. PosFuzz first utilizes Good-Turing frequency estimation to calculate an effective position distribution for each mutation operator. It then leverages two sampling methods in different mutating stages to select the positions from the distribution. We have implemented PosFuzz on top of AFL, AFLFast and MOPT, called Pos-AFL, -AFLFast and -MOPT respectively, and evaluated them on the UNIFUZZ benchmark (20 widely used open source programs) and LAVA-M dataset. The result shows that, under the same testing time budget, the Pos-AFL, -AFLFast and -MOPT outperform their counterparts in code coverage and vulnerability discovery ability. Compared with AFL, AFLFast, and MOPT, PosFuzz gets 21% more edge coverage and finds 133% more paths on average. It also triggers 275% more unique bugs on average.

【 授权许可】

CC BY   
© The Author(s) 2023

【 预 览 】
附件列表
Files Size Format View
RO202309076323424ZK.pdf 3541KB PDF download
Fig. 3 163KB Image download
Fig. 1 261KB Image download
Fig. 2 1798KB Image download
Fig. 1 1048KB Image download
MediaObjects/12974_2023_2830_MOESM1_ESM.docx 9117KB Other download
Fig. 5 40KB Image download
Fig. 7 839KB Image download
12864_2023_9424_Article_IEq2.gif 1KB Image download
12864_2023_9407_Article_IEq46.gif 1KB Image download
MediaObjects/13046_2023_2715_MOESM2_ESM.docx 18KB Other download
Fig. 4 1698KB Image download
Fig. 2 1003KB Image download
Fig. 3 134KB Image download
Fig. 4 766KB Image download
Fig. 6 58KB Image download
12864_2023_9424_Article_IEq11.gif 1KB Image download
Fig. 2 221KB Image download
40538_2023_419_Article_IEq1.gif 1KB Image download
Fig. 7 165KB Image download
Fig. 3 211KB Image download
Fig. 3 1002KB Image download
42004_2023_932_Article_IEq5.gif 1KB Image download
MediaObjects/13046_2023_2715_MOESM5_ESM.pdf 1570KB PDF download
12302_2023_750_Article_IEq5.gif 1KB Image download
Fig. 1 396KB Image download
Fig. 1 72KB Image download
40854_2023_495_Article_IEq22.gif 1KB Image download
Fig. 2 83KB Image download
Fig. 8 845KB Image download
Fig. 6 1515KB Image download
Fig. 4 3514KB Image download
12302_2023_750_Article_IEq8.gif 1KB Image download
12302_2023_750_Article_IEq9.gif 1KB Image download
Fig. 1 90KB Image download
MediaObjects/12302_2023_750_MOESM1_ESM.docx 602KB Other download
Fig. 9 480KB Image download
MediaObjects/12888_2023_4894_MOESM1_ESM.docx 25KB Other download
40854_2023_495_Article_IEq32.gif 1KB Image download
MediaObjects/42004_2023_899_MOESM1_ESM.pdf 300KB PDF download
Fig. 1 3497KB Image download
Fig. 2 200KB Image download
MediaObjects/12951_2023_1942_MOESM2_ESM.tiff 5073KB Other download
42004_2023_911_Article_IEq8.gif 1KB Image download
42004_2023_911_Article_IEq9.gif 1KB Image download
42004_2023_911_Article_IEq10.gif 1KB Image download
MediaObjects/13046_2023_2715_MOESM8_ESM.pdf 1037KB PDF download
42004_2023_911_Article_IEq13.gif 1KB Image download
【 图 表 】

42004_2023_911_Article_IEq13.gif

42004_2023_911_Article_IEq10.gif

42004_2023_911_Article_IEq9.gif

42004_2023_911_Article_IEq8.gif

Fig. 2

Fig. 1

40854_2023_495_Article_IEq32.gif

Fig. 9

Fig. 1

12302_2023_750_Article_IEq9.gif

12302_2023_750_Article_IEq8.gif

Fig. 4

Fig. 6

Fig. 8

Fig. 2

40854_2023_495_Article_IEq22.gif

Fig. 1

Fig. 1

12302_2023_750_Article_IEq5.gif

42004_2023_932_Article_IEq5.gif

Fig. 3

Fig. 3

Fig. 7

40538_2023_419_Article_IEq1.gif

Fig. 2

12864_2023_9424_Article_IEq11.gif

Fig. 6

Fig. 4

Fig. 3

Fig. 2

Fig. 4

12864_2023_9407_Article_IEq46.gif

12864_2023_9424_Article_IEq2.gif

Fig. 7

Fig. 5

Fig. 1

Fig. 2

Fig. 1

Fig. 3

【 参考文献 】
  • [1]
  • [2]
  • [3]
  • [4]
  • [5]
  • [6]
  • [7]
  • [8]
  • [9]
  • [10]
  • [11]
  • [12]
  • [13]
  • [14]
  • [15]
  • [16]
  • [17]
  • [18]
  • [19]
  • [20]
  • [21]
  • [22]
  • [23]
  • [24]
  • [25]
  • [26]
  • [27]
  • [28]
  • [29]
  • [30]
  • [31]
  • [32]
  • [33]
  • [34]
  • [35]
  • [36]
  • [37]
  • [38]
  • [39]
  文献评价指标  
  下载次数:10次 浏览次数:3次