AFLPro: Direction sensitive fuzzing. (October 2020)
- Record Type:
- Journal Article
- Title:
- AFLPro: Direction sensitive fuzzing. (October 2020)
- Main Title:
- AFLPro: Direction sensitive fuzzing
- Authors:
- Ji, Tiantian
Wang, Zhongru
Tian, Zhihong
Fang, Binxing
Ruan, Qiang
Wang, Haichen
Shi, Wei - Abstract:
- Abstract: Fuzzing is a simple and popular technique that has been widely used to detect vulnerabilities in software. However, due to its blind mutation, fuzzing brings many limitations. First, it is difficult for fuzzing to pass the sanity checks, which makes fuzzing unable to target vulnerability or crash locations effectively. Secondly, blind mutation limits the diversity of seed generation and makes it difficult for the fuzzing process to achieve convergence. In this paper, we propose a direction sensitive fuzzing solution AFLPro. On the one hand, it focuses on seed selection, using a new fuzzing scheme based on Basic Block Aggregation (BBA), which reduces the possibility of seed selection in the wrong direction. By applying a multi-dimensional oriented seed selection strategy, it achieves fine-grained seed selection. On the other hand, based on biological evolution, AFLPro optimizes genetic variation to ensure the diversity of seed varieties and the convergence of fuzzing tests. Besides, AFLPro also incorporates lightweight static analysis to obtain information about the target program (this paper only studies closed source programs), providing complete semantic guidance for fuzzing through resource integration. We implemented a prototype of AFLPro based on the popular fuzzer AFL. We evaluated it on three datasets: DARPA Grand Challenges (CGC), LAVA-M dataset, and a set of real-world applications. The results show that in 92% of all three datasets, AFLPro exhibits betterAbstract: Fuzzing is a simple and popular technique that has been widely used to detect vulnerabilities in software. However, due to its blind mutation, fuzzing brings many limitations. First, it is difficult for fuzzing to pass the sanity checks, which makes fuzzing unable to target vulnerability or crash locations effectively. Secondly, blind mutation limits the diversity of seed generation and makes it difficult for the fuzzing process to achieve convergence. In this paper, we propose a direction sensitive fuzzing solution AFLPro. On the one hand, it focuses on seed selection, using a new fuzzing scheme based on Basic Block Aggregation (BBA), which reduces the possibility of seed selection in the wrong direction. By applying a multi-dimensional oriented seed selection strategy, it achieves fine-grained seed selection. On the other hand, based on biological evolution, AFLPro optimizes genetic variation to ensure the diversity of seed varieties and the convergence of fuzzing tests. Besides, AFLPro also incorporates lightweight static analysis to obtain information about the target program (this paper only studies closed source programs), providing complete semantic guidance for fuzzing through resource integration. We implemented a prototype of AFLPro based on the popular fuzzer AFL. We evaluated it on three datasets: DARPA Grand Challenges (CGC), LAVA-M dataset, and a set of real-world applications. The results show that in 92% of all three datasets, AFLPro exhibits better vulnerability detection capabilities than all of the state-of-the-art fuzzers mentioned in this paper. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 54(2020)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 54(2020)
- Issue Display:
- Volume 54, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 54
- Issue:
- 2020
- Issue Sort Value:
- 2020-0054-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-10
- Subjects:
- Automated binary fuzzing -- Direction sensitive fuzzing -- Basic block aggregation -- Seed selection -- Seed energy scheduling -- Static analysis
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2020.102497 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22468.xml