Paper Info
Title
Engineering a Better Fuzzer with Synergically Integrated Optimizations
Abstract
State-of-the-art fuzzers implement various optimizations to enhance their performance. As the optimizations reside in different stages such as input seed selection and mutation, it is tempting to combine the optimizations in different stages. However, our initial attempts demonstrate that naive combination actually worsens the performance, which explains that most optimizations are still isolated by stages and metrics. In this paper, we present InteFuzz, the first framework that synergically integrates multiple fuzzing optimizations. We analyze the root cause for performance degradation in naive combination, and discover optimizations conflict in coverage criteria and optimization granularity. To resolve the conflicts, we propose a novel priority-based scheduling mechanism. The dynamic integration considers both branch-based and block-based coverage feedbacks that are used by most fuzzing optimizations. In our evaluation, we extract four optimizations from popular fuzzers such as AFLFast and FairFuzz and compare InteFuzz against naive combinations. The evaluation results show that InteFuzz outperforms the naive combination by 29% and 26% in path-and branch-coverage. Additionally, InteFuzz triggers 222 more unique crashes, and discovers 33 zero-day vulnerabilities in real-world projects with 12 registered as CVEs.
Year
DOI
Venue
2019
10.1109/ISSRE.2019.00018
2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)
Keywords
Field
DocType
Fuzzing,Optimizations Integration
Fuzz testing,Computer science,Scheduling (computing),Granularity,Root cause,Reliability engineering,Distributed computing
Conference
ISSN
ISBN
Citations 
1071-9458
978-1-7281-4983-7
1
PageRank 
References 
Authors
0.35
10
8
Name
Order
Citations
PageRank
Jie Liang1387.73
Yuanliang Chen2323.87
Mingzhe Wang3468.23
Yu Jiang434656.49
Zijiang Yang535534.71
Chengnian Sun611.36
Xun Jiao77410.27
Jia-guang Sun81807134.30