Boosting fuzzing performance with differential seed scheduling

Chung Yi Lin; Chia Wei Tien; Chun Ying Huang

doi:10.1109/AsiaJCIS.2019.000-3

Boosting fuzzing performance with differential seed scheduling

Chung Yi Lin, Chia Wei Tien, Chun Ying Huang

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Fuzzing is a common technique used to perform automated vulnerability discovery. Fuzzing performance could be improved by various means. In this paper, we discuss the impacts of seed scheduling, and propose differential seed scheduling to maximize fuzzing performance by increasing the number of crashes identified within a limited time. Differential seed scheduling works for grey-box fuzzers that generate seeds based on runtime code coverage measurement. It attempts to evaluate the value of fuzzing seeds and selectively pick the best one to achieve balance between fuzzing effectiveness and efficiency. Our contribution is four-fold. First, we proposed differential seed scheduling to improve overall fuzzing performance. Second, we implemented AFLExplorer by integrating differential seed scheduling with the open-source American Fuzzy Lop (AFL) fuzzer. Third, we conducted in-depth experiments with AFLExplorer to show the effectiveness and the efficiency of seed scheduling. Our evaluations showed that AFLExplorer can discover up to 90% more unique crashes compared with a vanilla fuzzer. Last, we reported newly identified vulnerabilities to the authors of the tested applications, had them fixed, and 15 common vulnerabilities and exposures (CVE) numbers were assigned as of writing of this paper.

Original language	English
Title of host publication	Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	72-79
Number of pages	8
ISBN (Electronic)	9781728125565
DOIs	https://doi.org/10.1109/AsiaJCIS.2019.000-3
State	Published - Aug 2019
Event	14th Annual Asia Joint Conference on Information Security, AsiaJCIS 2019 - Kobe, Japan Duration: 1 Aug 2019 → 2 Aug 2019

Publication series

Name	Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019

Conference

Conference	14th Annual Asia Joint Conference on Information Security, AsiaJCIS 2019
Country	Japan
City	Kobe
Period	1/08/19 → 2/08/19

Keywords

Fuzz testing
Greybox fuzzing
Hamming distance
Software security

Access to Document

10.1109/AsiaJCIS.2019.000-3

Fingerprint Dive into the research topics of 'Boosting fuzzing performance with differential seed scheduling'. Together they form a unique fingerprint.

Cite this

Lin, C. Y., Tien, C. W., & Huang, C. Y. (2019). Boosting fuzzing performance with differential seed scheduling. In Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019 (pp. 72-79). [8826951] (Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS.2019.000-3

@inproceedings{42694b43668b40858cf49824e1d491e3,

title = "Boosting fuzzing performance with differential seed scheduling",

abstract = "Fuzzing is a common technique used to perform automated vulnerability discovery. Fuzzing performance could be improved by various means. In this paper, we discuss the impacts of seed scheduling, and propose differential seed scheduling to maximize fuzzing performance by increasing the number of crashes identified within a limited time. Differential seed scheduling works for grey-box fuzzers that generate seeds based on runtime code coverage measurement. It attempts to evaluate the value of fuzzing seeds and selectively pick the best one to achieve balance between fuzzing effectiveness and efficiency. Our contribution is four-fold. First, we proposed differential seed scheduling to improve overall fuzzing performance. Second, we implemented AFLExplorer by integrating differential seed scheduling with the open-source American Fuzzy Lop (AFL) fuzzer. Third, we conducted in-depth experiments with AFLExplorer to show the effectiveness and the efficiency of seed scheduling. Our evaluations showed that AFLExplorer can discover up to 90% more unique crashes compared with a vanilla fuzzer. Last, we reported newly identified vulnerabilities to the authors of the tested applications, had them fixed, and 15 common vulnerabilities and exposures (CVE) numbers were assigned as of writing of this paper.",

keywords = "Fuzz testing, Greybox fuzzing, Hamming distance, Software security",

author = "Lin, {Chung Yi} and Tien, {Chia Wei} and Huang, {Chun Ying}",

year = "2019",

month = aug,

doi = "10.1109/AsiaJCIS.2019.000-3",

language = "English",

series = "Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "72--79",

booktitle = "Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019",

address = "United States",

note = "null ; Conference date: 01-08-2019 Through 02-08-2019",

}

Lin, CY, Tien, CW & Huang, CY 2019, Boosting fuzzing performance with differential seed scheduling. in Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019., 8826951, Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019, Institute of Electrical and Electronics Engineers Inc., pp. 72-79, 14th Annual Asia Joint Conference on Information Security, AsiaJCIS 2019, Kobe, Japan, 1/08/19. https://doi.org/10.1109/AsiaJCIS.2019.000-3

Boosting fuzzing performance with differential seed scheduling. / Lin, Chung Yi; Tien, Chia Wei; Huang, Chun Ying.

Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 72-79 8826951 (Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Boosting fuzzing performance with differential seed scheduling

AU - Lin, Chung Yi

AU - Tien, Chia Wei

AU - Huang, Chun Ying

PY - 2019/8

Y1 - 2019/8

N2 - Fuzzing is a common technique used to perform automated vulnerability discovery. Fuzzing performance could be improved by various means. In this paper, we discuss the impacts of seed scheduling, and propose differential seed scheduling to maximize fuzzing performance by increasing the number of crashes identified within a limited time. Differential seed scheduling works for grey-box fuzzers that generate seeds based on runtime code coverage measurement. It attempts to evaluate the value of fuzzing seeds and selectively pick the best one to achieve balance between fuzzing effectiveness and efficiency. Our contribution is four-fold. First, we proposed differential seed scheduling to improve overall fuzzing performance. Second, we implemented AFLExplorer by integrating differential seed scheduling with the open-source American Fuzzy Lop (AFL) fuzzer. Third, we conducted in-depth experiments with AFLExplorer to show the effectiveness and the efficiency of seed scheduling. Our evaluations showed that AFLExplorer can discover up to 90% more unique crashes compared with a vanilla fuzzer. Last, we reported newly identified vulnerabilities to the authors of the tested applications, had them fixed, and 15 common vulnerabilities and exposures (CVE) numbers were assigned as of writing of this paper.

AB - Fuzzing is a common technique used to perform automated vulnerability discovery. Fuzzing performance could be improved by various means. In this paper, we discuss the impacts of seed scheduling, and propose differential seed scheduling to maximize fuzzing performance by increasing the number of crashes identified within a limited time. Differential seed scheduling works for grey-box fuzzers that generate seeds based on runtime code coverage measurement. It attempts to evaluate the value of fuzzing seeds and selectively pick the best one to achieve balance between fuzzing effectiveness and efficiency. Our contribution is four-fold. First, we proposed differential seed scheduling to improve overall fuzzing performance. Second, we implemented AFLExplorer by integrating differential seed scheduling with the open-source American Fuzzy Lop (AFL) fuzzer. Third, we conducted in-depth experiments with AFLExplorer to show the effectiveness and the efficiency of seed scheduling. Our evaluations showed that AFLExplorer can discover up to 90% more unique crashes compared with a vanilla fuzzer. Last, we reported newly identified vulnerabilities to the authors of the tested applications, had them fixed, and 15 common vulnerabilities and exposures (CVE) numbers were assigned as of writing of this paper.

KW - Fuzz testing

KW - Greybox fuzzing

KW - Hamming distance

KW - Software security

UR - http://www.scopus.com/inward/record.url?scp=85073454573&partnerID=8YFLogxK

U2 - 10.1109/AsiaJCIS.2019.000-3

DO - 10.1109/AsiaJCIS.2019.000-3

M3 - Conference contribution

AN - SCOPUS:85073454573

T3 - Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019

SP - 72

EP - 79

BT - Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 1 August 2019 through 2 August 2019

ER -

Lin CY, Tien CW, Huang CY. Boosting fuzzing performance with differential seed scheduling. In Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 72-79. 8826951. (Proceedings - 2019 14th Asia Joint Conference on Information Security, AsiaJCIS 2019). https://doi.org/10.1109/AsiaJCIS.2019.000-3