Abstract
Directed greybox fuzzing guides fuzzers to explore specific objective code areas and has achieved good performance in some scenarios such as patch testing. However, if there are multiple objective code to explore, existing directed greybox fuzzers, such as AFLGo and Hawkeye, often neglect some targets because they use harmonic means of distance and prefers to test those targets with shorter reachable path. Besides, existing directed greybox fuzzers cannot calculate the accurate distance due to indirect calls in the program. In addition, existing directed greybox fuzzers fail to address the exploration and exploitation problem and have poor efficiency in seed scheduling. To address these problems, we propose a dynamic seed distance calculation scheme, it increase the seed distance dynamically when the reachable path encounter indirect call. Besides, the seed distance calculation can deal with the bias problem in multi-targets scenarios. With the seed distance calculation method, we propose a new seed scheduling algorithm based on the upper confidence bound algorithm to deal with the exploration and exploitation problem in drected greybox fuzzing. We implemented a prototype RLTG and evaluate it on real-world programs. Evaluation of our prototype shows that our approach outperforms a state-of-the-art directed fuzzer AFLGo. On the multi-targets benchmark Magma, RLTG reproduces bugs with 6.9x speedup and finds 66.7% more bugs than AFLGo.
Publisher
Public Library of Science (PLoS)
Reference43 articles.
1. Böhme M, Pham VT, Nguyen MD, Roychoudhury A. Directed Greybox Fuzzing. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30—November 03, 2017. ACM;. p. 2329–2344.
2. Peng J, Li F, Liu B, Xu L, Liu B, Chen K, et al. 1dVul: Discovering 1-Day Vulnerabilities through Binary Patches. In: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE;. p. 605–616. Available from: https://ieeexplore.ieee.org/document/8809537/.
3. You W, Zong P, Chen K, Wang X, Liao X, Bian P, et al. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits. In: Thuraisingham BM, Evans D, Malkin T, Xu D, editors. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30—November 03, 2017. ACM;. p. 2139–2154.
4. Dai J, Zhang Y, Xu H, Lyu H, Wu Z, Xing X, et al. Facilitating Vulnerability Assessment through PoC Migration. In: Kim Y, Kim J, Vigna G, Shi E, editors. CCS’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15—19, 2021. ACM;. p. 3300–3317.
5. Chen W, Zou X, Li G, Qian Z. KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities. In: 29th USENIX Security Symposium, USENIX Security 2020, August 12–14, 2020. USENIX Association;. p. 1093–1110. Available from: https://www.usenix.org/conference/usenixsecurity20/presentation/chen-weiteng.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献