Rare-Seed Generation for Fuzzing

12/18/2022
by   Seemanta Saha, et al.
0

Starting with a random initial seed, fuzzers search for inputs that trigger bugs or vulnerabilities. However, fuzzers often fail to generate inputs for program paths guarded by restrictive branch conditions. In this paper, we show that by first identifying rare-paths in programs (i.e., program paths with path constraints that are unlikely to be satisfied by random input generation), and then, generating inputs/seeds that trigger rare-paths, one can improve the coverage of fuzzing tools. In particular, we present techniques 1) that identify rare paths using quantitative symbolic analysis, and 2) generate inputs that can explore these rare paths using path-guided concolic execution. We provide these inputs as initial seed sets to three state of the art fuzzers. Our experimental evaluation on a set of programs (that contain a lot of restrictive branch conditions) shows that the fuzzers achieve better coverage with the rare-path based seed set compared to a random initial seed.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/07/2019

Optimizing seed inputs in fuzzing with machine learning

The success of a fuzzing campaign is heavily depending on the quality of...
research
12/25/2021

DIAR: Removing Uninteresting Bytes from Seeds in Software Fuzzing

Software fuzzing mutates bytes in the test seeds to explore different be...
research
12/19/2022

Explainable Fuzzer Evaluation

While the aim of fuzzer evaluation is to establish fuzzer performance in...
research
05/30/2019

MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation

Mutation-based fuzzing typically uses an initial set of valid seed input...
research
11/08/2017

Faster Fuzzing: Reinitialization with Deep Neural Models

We improve the performance of the American Fuzzy Lop (AFL) fuzz testing ...
research
10/24/2022

We need to talk about random seeds

Modern neural network libraries all take as a hyperparameter a random se...
research
11/15/2022

Improving AFL++ CmpLog: Tackling the bottlenecks

The performance of the AFL++ CmpLog feature varies considerably for spec...

Please sign up or login with your details

Forgot password? Click here to reset