Proceedings of the 3rd International Conference on Management Science and Software Engineering (ICMSSE 2023)

<Previous Article In Volume
Next Article In Volume>

BitAFL: Provide More Accurate Coverage Information for Coverage-guided Fuzzing

Authors
Hang Xu1, Zhi Yang1, *, Xingyuan Chen1, Bing Han1, Xuehui Du1
1PLA Information Engineering University, Zhengzhou, China
*Corresponding author. Email: zynoah@163.com
Corresponding Author
Zhi Yang
Available Online 9 October 2023.
DOI
10.2991/978-94-6463-262-0_54How to use a DOI?
Keywords
fuzzing; vulnerability; hash collision; bit operation; instrumentation
Abstract

CGF (Coverage-guided fuzzing) has found a large number of software vulnerabilities with its low cost and adaptability. CGF mutates at the bit or byte level, so most of the mutated test cases cover the same paths. But no previous work had quantified the percentage of test cases that covered the duplicate paths. Therefore, we designed the experimental framework GSPR (get same path rate) based on AFL. We fuzzed seven applications using GSPR and found that approximately 70% of the test cases covered duplicate paths. Based on the above experimental results, we solve the hash collision issue in AFL. We analyzed the various situations that cause hash collision, and introduced the concepts of local collision and global collision. Because a large number of test cases cover duplicate paths, there are much repeated global collision. Based on these findings, we propose different solutions to hash collision according to the size of target program. We extended AFL to implement BitAFL and evaluated it on seven applications. In a comparison experiment with AFL, the results show that our method can completely eliminate hash collisions in small programs. In large programs, BitAFL is able to reduce collisions by more than 80%. In addition, on average, BitAFL found 8.87% more paths than AFL. In summary, our approach provides AFL with more accurate coverage information and can find more paths.

Copyright
© 2024 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the 3rd International Conference on Management Science and Software Engineering (ICMSSE 2023)
Series
Atlantis Highlights in Engineering
Publication Date
9 October 2023
ISBN
978-94-6463-262-0
ISSN
2589-4943
DOI
10.2991/978-94-6463-262-0_54How to use a DOI?
Copyright
© 2024 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - Hang Xu
AU  - Zhi Yang
AU  - Xingyuan Chen
AU  - Bing Han
AU  - Xuehui Du
PY  - 2023
DA  - 2023/10/09
TI  - BitAFL: Provide More Accurate Coverage Information for Coverage-guided Fuzzing
BT  - Proceedings of the 3rd International Conference on Management Science and Software Engineering (ICMSSE 2023)
PB  - Atlantis Press
SP  - 521
EP  - 530
SN  - 2589-4943
UR  - https://doi.org/10.2991/978-94-6463-262-0_54
DO  - 10.2991/978-94-6463-262-0_54
ID  - Xu2023
ER  -