Paper Info
Title
VisFuzz: understanding and intervening fuzzing with interactive visualization
Abstract
ABSTRACTFuzzing is widely used for vulnerability detection. One of the challenges for an efficient fuzzing is covering code guarded by constraints such as the magic number and nested conditions. Recently, academia has partially addressed the challenge via whitebox methods. However, high-level constraints such as array sorts, virtual function invocations and tree set queries are yet to be handled. To meet this end, we present VisFuzz1, an interactive tool for better understanding and intervening fuzzing process via real-time visualization. It extracts call graph and control flow graph from source code, maps each function and basic block to the line of source code and tracks real-time execution statistics with detail constraint contexts. With VisFuzz, test engineers first locate blocking constraints, and then learn its semantic context, which helps to craft targeted inputs or update test drivers. Preliminary evaluations are conducted on four real-world programs in Google fuzzer-test-suite. Given additional 15 minutes to understand and intervene the state of fuzzing, the intervened fuzzing outperforms the original pure AFL fuzzing, and the path coverage improvements range from 10.84% to 150.58%, equally fuzzed for 12 hours.
Year
DOI
Venue
2019
10.1109/ASE.2019.00106
ASE
Field
DocType
Citations 
Programming language,Fuzz testing,Control flow graph,Source code,Visualization,Computer science,Call graph,Theoretical computer science,Basic block,Interactive visualization,Virtual function
Conference
0
PageRank 
References 
Authors
0.34
0
6
Name
Order
Citations
PageRank
Chijin Zhou162.88
Mingzhe Wang2468.23
Jie Liang3387.73
Zhe Liu428754.56
Chengnian Sun511.36
Yu Jiang634656.49