PrescientFuzz: A more effective exploration approach for grey-box fuzzing

April 29, 2024 Β· Declared Dead Β· πŸ› arXiv.org

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Daniel Blackwell, David Clark arXiv ID 2404.18887 Category cs.SE: Software Engineering Cross-listed cs.CR Citations 2 Venue arXiv.org Last Checked 4 months ago
Abstract
Since the advent of AFL, the use of mutational, feedback directed, grey-box fuzzers has become critical in the automated detection of security vulnerabilities. A great deal of research currently goes into their optimisation, including improving the rate at which they achieve branch coverage early in a campaign. We produce an augmented version of LibAFL's `fuzzbench' fuzzer, called PrescientFuzz, that makes use of semantic information from the target program's control flow graph (CFG). We develop an input corpus scheduler that prioritises the selection of inputs for mutation based on the proximity of their execution path to uncovered edges. Simple as this idea is, PrescientFuzz leads all fuzzers using the Google FuzzBench at the time of writing -- in both average code coverage and average ranking, across the benchmark SUTs. Whilst the existence of uncovered edges in the CFG does not guarantee their feasibility, the improvement in coverage over the state-of-the-art fuzzers suggests that this is not an issue in practice.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted