• Title/Summary/Keyword: Hybrid Fuzzing

Search Result 7, Processing Time 0.021 seconds

EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization

  • Wang, Yunchao;Wu, Zehui;Wei, Qiang;Wang, Qingxian
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.9
    • /
    • pp.3885-3906
    • /
    • 2020
  • Hybrid fuzzing which combines fuzzing and concolic execution, has proved its ability to achieve higher code coverage and therefore find more bugs. However, current hybrid fuzzers usually suffer from inefficiency and poor scalability when applied to complex, real-world program testing. We observed that the performance bottleneck is the inefficient cooperation between the fuzzer and concolic executor and the slow symbolic emulation. In this paper, we propose a novel solution named EPfuzzer to improve hybrid fuzzing. EPfuzzer implements two key ideas: 1) only the hardest-to-reach branch will be prioritized for concolic execution to avoid generating uninteresting inputs; and 2) only input bytes relevant to the target branch to be flipped will be symbolized to reduce the overhead of the symbolic emulation. With these optimizations, EPfuzzer can be efficiently targeted to the hardest-to-reach branch. We evaluated EPfuzzer with three sets of programs: five real-world applications and two popular benchmarks (LAVA-M and the Google Fuzzer Test Suite). The evaluation results showed that EPfuzzer was much more efficient and scalable than the state-of-the-art concolic execution engine (QSYM). EPfuzzer was able to find more bugs and achieve better code coverage. In addition, we discovered seven previously unknown security bugs in five real-world programs and reported them to the vendors.

A Study of Coverage Improvement for Library Fuzzing (라이브러리 퍼징의 커버리지 향상 방법 연구)

  • Kim, Seoyoung;Cho, Mingi;Kim, Jongshin;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1079-1085
    • /
    • 2020
  • Fuzzing is used to find vulnerabilities for a library. Because library fuzzing only tests the implemented functions, in order to achieve higher code coverage, additional functions that are not implemented should be implemented. However, if a function is added without regard to the calling relationship of the functions in the library, a problem may arise that the function that has already been tested is added. We propose a novel method to improve the code coverage of library fuzzing. First, we analyze the function call graph of the library to efficiently add the functions for library fuzzing, and additionally implement a library function that has not been implemented. Then, we apply a hybrid fuzzing to explore for branches with complex constraints. As a result of our experiment, we observe that the proposed method is effective in terms of increasing code coverage on OpenSSL, mbedTLS, and Crypto++.

A Study of Machine Learning-Based Scheduling Strategy for Fuzzing (기계학습 기반 스케줄링 전략을 적용한 최신 퍼징 연구)

  • Jeewoo Jung;Taeho Kim;Taekyoung Kwon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.5
    • /
    • pp.973-980
    • /
    • 2024
  • Fuzzing is an automated testing technique that generates a lot of testcases and monitors for exceptions to test a program. Recently, fuzzing research using machine learning has been actively proposed to solve various problems in the fuzzing process, but a comprehensive evaluation of fuzzing research using machine learning is lacking. In this paper, we analyze recent research that applies machine learning to scheduling techniques for fuzzing, categorizing them into reinforcement learning-based and supervised learning-based fuzzers. We evaluated the coverage performance of the analyzed machine learning-based fuzzers against real-world programs with four different file formats and bug detection performance against the LAVA-M dataset. The results showed that AFL-HIER, which applied seed clustering and seed scheduling with reinforcement learning outperformed in coverage and bug detection. In the case of supervised learning, it showed high coverage on tcpdumps with high code complexity, and its superior bug detection performance when applied to hybrid fuzzing. This research shows that performance of machine learning-based fuzzer is better when both machine learning and additional fuzzing techniques are used to optimize the fuzzing process. Future research is needed on practical and robust machine learning-based fuzzing techniques that can be effectively applied to programs that handle various input formats.

The Status Quo and Future of Software Regression Bug Discovery via Fuzz Testing (퍼즈 테스팅을 통한 소프트웨어 회귀 버그 탐색 기법의 동향과 전망)

  • Lee, Gwangmu;Lee, Byoungyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.911-917
    • /
    • 2021
  • As software gets an increasing amount of patches, lots of software bugs are increasingly caused by such software patches, collectively known as regression bugs. To proactively detect the regressions bugs, both industry and academia are actively searching for a way to augment fuzz testing, one of the most popular automatic bug detection techniques. In this paper, we investigate the status quo of the studies on augmenting fuzz testing for regression bug detection and, based on the limitations of current proposals, provide an outlook of the relevant research.

A Design of Smart Fuzzing System Based on Hybrid Analysis (하이브리드 분석 기반의 스마트 퍼징 시스템 설계)

  • Kim, Mansik;Kang, Jungho;Jun, Moon-seog
    • Journal of Digital Convergence
    • /
    • v.15 no.3
    • /
    • pp.175-180
    • /
    • 2017
  • In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

A Study on Hybrid Fuzzing using Dynamic Analysis for Automatic Binary Vulnerability Detection (바이너리 취약점의 자동 탐색을 위한 동적분석 정보 기반 하이브리드 퍼징 연구)

  • Kim, Taeeun;Jurn, Jeesoo;Jung, Yong Hoon;Jun, Moon-Seog
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.20 no.6
    • /
    • pp.541-547
    • /
    • 2019
  • Recent developments in hacking technology are continuing to increase the number of new security vulnerabilities. Approximately 80,000 new vulnerabilities have been registered in the Common Vulnerability Enumeration (CVE) database, which is a representative vulnerability database, from 2010 to 2015, and the trend is gradually increasing in recent years. While security vulnerabilities are growing at a rapid pace, responses to security vulnerabilities are slow to respond because they rely on manual analysis. To solve this problem, there is a need for a technology that can automatically detect and patch security vulnerabilities and respond to security vulnerabilities in advance. In this paper, we propose the technology to extract the features of the vulnerability-discovery target binary through complexity analysis, and select a vulnerability-discovery strategy suitable for the feature and automatically explore the vulnerability. The proposed technology was compared to the AFL, ANGR, and Driller tools, with about 6% improvement in code coverage, about 2.4 times increase in crash count, and about 11% improvement in crash incidence.

H-Fuzz: A Snapshot-Based Practical Hybrid Fuzzing (H-Fuzz: 스냅샷 기반의 실용적인 하이브리드 퍼징)

  • Jae-young Chung;Byoung-young Lee
    • Annual Conference of KIPS
    • /
    • 2024.05a
    • /
    • pp.245-247
    • /
    • 2024
  • 프로그램의 버그는 해커에 의해 악용될 수 있기 때문에, 이를 사전에 발견하는 것이 매우 중요하다. 최근에는 프로그램의 취약점을 자동으로 찾기 위해 하이브리드 퍼징 기술이 연구되고 있다. 우리는 기존 하이브리드 퍼저들의 한계점인 부족한 확장성을 해결하고자, 스냅샷 기반 하이브리드 퍼저인 H-Fuzz 를 제안한다. H-Fuzz 는 스냅샷 기반 퍼징을 도입하여 하이브리드 퍼징의 확장성 부족 문제를 해결하였다. 그리고 기존 커버리지 기반 퍼저에 비해 H-Fuzz 가 버그를 발견하는데 효과적임을 실험을 통해 확인하였다.