Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection

Yuekang Li, Yinxing Xue, Hongxu Chen, Xiuheng Wu, Cen Zhang, Xiaofei Xie, Haijun Wang, Yang Liu

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

38 被引用数 (Scopus)

抄録

Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the quality of seeds properly, which involves making two decisions: 1) which is the most promising seed to fuzz next (seed prioritization), and 2) how many efforts should be made to the current seed (power scheduling). In this paper, we present our fuzzer, Cerebro, to address the above challenges. For the seed prioritization problem, we propose an online multi-objective based algorithm to balance various metrics such as code complexity, coverage, execution time, etc. To address the power scheduling problem, we introduce the concept of input potential to measure the complexity of uncovered code and propose a cost-effective algorithm to update it dynamically. Unlike previous approaches where the fuzzer evaluates an input solely based on the execution traces that it has covered, Cerebro is able to foresee the benefits of fuzzing the input by adaptively evaluating its input potential. We perform a thorough evaluation for Cerebro on 8 different real-world programs. The experiments show that Cerebro can find more vulnerabilities and achieve better coverage than state-of-the-art fuzzers such as AFL and AFLFast.

本文言語英語
ホスト出版物のタイトルESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering
編集者Sven Apel, Marlon Dumas, Alessandra Russo, Dietmar Pfahl
出版社Association for Computing Machinery, Inc
ページ533-544
ページ数12
ISBN(電子版)9781450355728
DOI
出版ステータス出版済み - 8月 12 2019
外部発表はい
イベント27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019 - Tallinn, エストニア
継続期間: 8月 26 20198月 30 2019

出版物シリーズ

名前ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

会議

会議27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019
国/地域エストニア
CityTallinn
Period8/26/198/30/19

!!!All Science Journal Classification (ASJC) codes

  • 人工知能
  • ソフトウェア

フィンガープリント

「Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル