Improvement of Seed Selection Strategy for Graybox Fuzzing
- DOI
- 10.2991/emim-17.2017.113How to use a DOI?
- Keywords
- Software security; Fuzzing; American fuzzy loop; Operation system; Performance
- Abstract
According to AFL(American fuzzy lop) author, the famous hacker Michal Zalewski (lcamtuf)said that most of the current bugs were found by the fuzzing, rather than symbolic execution and other technical analysis based on the discovery of the program. The reason is that fuzzing is faster (no analysis program is needed, no need to constrain), and more extensible (the effect of path explosion is smaller). At present, the commonly used fuzzing tool AFL is a security-oriented fuzzing device, which uses a new compile-time instruments and genetic algorithms to automatically find clear and interesting test cases, triggering the target binary file in the new internal state. In the process of using AFL, we found that its genetic algorithm can not guide the direction of fuzzing. Through the design to control the number of variation of each fuzzing seed, to guide it to the low frequency path direction variation, could get a better fuzzing effect. In the same time, the improved AFL was 3 times faster than the old AFL.
- Copyright
- © 2017, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Huabin Tang AU - Wei Wang PY - 2017/04 DA - 2017/04 TI - Improvement of Seed Selection Strategy for Graybox Fuzzing BT - Proceedings of the 7th International Conference on Education, Management, Information and Mechanical Engineering (EMIM 2017) PB - Atlantis Press SP - 557 EP - 560 SN - 2352-538X UR - https://doi.org/10.2991/emim-17.2017.113 DO - 10.2991/emim-17.2017.113 ID - Tang2017/04 ER -