Learning Inputs in Greybox Fuzzing

07/20/2018
by   Valentin Wüstholz, et al.
0

Greybox fuzzing is a lightweight testing approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is guarded by complex checks. In this paper, we present a technique that extends greybox fuzzing with a method for learning new inputs based on already explored program executions. These inputs can be learned such that they guide exploration toward specific executions, for instance, ones that increase path coverage or reveal vulnerabilities. We have evaluated our technique and compared it to traditional greybox fuzzing on 26 real-world benchmarks. In comparison, our technique significantly increases path coverage (by up to 3X) and detects more bugs (up to 38

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/15/2019

Harvey: A Greybox Fuzzer for Smart Contracts

We present Harvey, an industrial greybox fuzzer for smart contracts, whi...
research
03/14/2022

Investigating Coverage Guided Fuzzing with Mutation Testing

Coverage guided fuzzing (CGF) is an effective testing technique which ha...
research
09/20/2017

FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage

In recent years, fuzz testing has proven itself to be one of the most ef...
research
12/25/2020

Fuzzing with Fast Failure Feedback

Fuzzing – testing programs with random inputs – has become the prime tec...
research
11/21/2018

Improving Grey-Box Fuzzing by Modeling Program Behavior

Grey-box fuzzers such as American Fuzzy Lop (AFL) are popular tools for ...
research
06/18/2019

SAVIOR: Towards Bug-Driven Hybrid Testing

Hybrid testing combines fuzz testing and concolic execution. It leverage...
research
01/25/2017

Learn&Fuzz: Machine Learning for Input Fuzzing

Fuzzing consists of repeatedly testing an application with modified, or ...

Please sign up or login with your details

Forgot password? Click here to reset