DeepAI
Log In Sign Up

EnFuzz: From Ensemble Learning to Ensemble Fuzzing

06/30/2018
by   Yuanliang Chen, et al.
0

Fuzzing is widely used for software vulnerability detection. There are various kinds of fuzzers with different fuzzing strategies, and most of them perform well on their targets. However, in industry practice and empirical study, the performance and generalization ability of those well-designed fuzzing strategies are challenged by the complexity and diversity of real-world applications. In this paper, inspired by the idea of ensemble learning, we first propose an ensemble fuzzing approach EnFuzz, that integrates multiple fuzzing strategies to obtain better performance and generalization ability than that of any constituent fuzzer alone. First, we define the diversity of the base fuzzers and choose those most recent and well-designed fuzzers as base fuzzers. Then, EnFuzz ensembles those base fuzzers with seed synchronization and result integration mechanisms. For evaluation, we implement EnFuzz , a prototype basing on four strong open-source fuzzers (AFL, AFLFast, AFLGo, FairFuzz), and test them on Google's fuzzing test suite, which consists of widely used real-world applications. The 24-hour experiment indicates that, with the same resources usage, these four base fuzzers perform variously on different applications, while EnFuzz shows better generalization ability and always outperforms others in terms of path coverage, branch coverage and crash discovery. Even compared with the best cases of AFL, AFLFast, AFLGo and FairFuzz, EnFuzz discovers 26.8 executes 9.16 21.4

READ FULL TEXT

page 1

page 2

page 3

page 4

10/26/2021

Diversity and Generalization in Neural Network Ensembles

Ensembles are widely used in machine learning and, usually, provide stat...
10/13/2022

An efficient combination strategy for hybird quantum ensemble classifier

Quantum machine learning has shown advantages in many ways compared to c...
10/30/2019

When does Diversity Help Generalization in Classification Ensembles?

Ensembles, as a widely used and effective technique in the machine learn...
01/23/2018

Pruning Techniques for Mixed Ensembles of Genetic Programming Models

The objective of this paper is to define an effective strategy for build...
02/12/2021

What helped, and what did not? An Evaluation of the Strategies to Improve Continuous Integration

Continuous integration (CI) is a widely used practice in modern software...
04/23/2021

Comparing Mutation Coverage Against Branch Coverage in an Industrial Setting

The state-of-the-practice in software development is driven by constant ...
09/18/2020

An Independence Test Based on Recurrence Rates. An empirical study and applications to real data

In this paper we propose several variants to perform the independence te...