EnFuzz: From Ensemble Learning to Ensemble Fuzzing

by   Yuanliang Chen, et al.

Fuzzing is widely used for software vulnerability detection. There are various kinds of fuzzers with different fuzzing strategies, and most of them perform well on their targets. However, in industry practice and empirical study, the performance and generalization ability of those well-designed fuzzing strategies are challenged by the complexity and diversity of real-world applications. In this paper, inspired by the idea of ensemble learning, we first propose an ensemble fuzzing approach EnFuzz, that integrates multiple fuzzing strategies to obtain better performance and generalization ability than that of any constituent fuzzer alone. First, we define the diversity of the base fuzzers and choose those most recent and well-designed fuzzers as base fuzzers. Then, EnFuzz ensembles those base fuzzers with seed synchronization and result integration mechanisms. For evaluation, we implement EnFuzz , a prototype basing on four strong open-source fuzzers (AFL, AFLFast, AFLGo, FairFuzz), and test them on Google's fuzzing test suite, which consists of widely used real-world applications. The 24-hour experiment indicates that, with the same resources usage, these four base fuzzers perform variously on different applications, while EnFuzz shows better generalization ability and always outperforms others in terms of path coverage, branch coverage and crash discovery. Even compared with the best cases of AFL, AFLFast, AFLGo and FairFuzz, EnFuzz discovers 26.8 executes 9.16 21.4



There are no comments yet.


page 1

page 2

page 3

page 4


Diversity and Generalization in Neural Network Ensembles

Ensembles are widely used in machine learning and, usually, provide stat...

When does Diversity Help Generalization in Classification Ensembles?

Ensembles, as a widely used and effective technique in the machine learn...

Pruning Techniques for Mixed Ensembles of Genetic Programming Models

The objective of this paper is to define an effective strategy for build...

Promoting High Diversity Ensemble Learning with EnsembleBench

Ensemble learning is gaining renewed interests in recent years. This pap...

What helped, and what did not? An Evaluation of the Strategies to Improve Continuous Integration

Continuous integration (CI) is a widely used practice in modern software...

A Rigourous Study on Named Entity Recognition: Can Fine-tuning Pretrained Model Lead to the Promised Land?

Fine-tuning pretrained model has achieved promising performance on stand...

EaZy Learning: An Adaptive Variant of Ensemble Learning for Fingerprint Liveness Detection

In the field of biometrics, fingerprint recognition systems are vulnerab...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.