Sanjay Rawat scite author profile

Fuzzing is an effective software testing technique to find bugs. Given the size and complexity of real-world applications, modern fuzzers tend to be either scalable, but not effective in exploring bugs that lie deeper in the execution, or capable of penetrating deeper in the application, but not scalable. In this paper, we present an application-aware evolutionary fuzzing strategy that does not require any prior knowledge of the application or input format. In order to maximize coverage and explore deeper paths, we leverage control-and data-flow features based on static and dynamic analysis to infer fundamental properties of the application. This enables much faster generation of interesting inputs compared to an application-agnostic approach. We implement our fuzzing strategy in VUzzer and evaluate it on three different datasets: DARPA Grand Challenge binaries (CGC), a set of real-world applications (binary input parsers), and the recently released LAVA dataset. On all of these datasets, VUzzer yields significantly better results than state-of-the-art fuzzers, by quickly finding several existing and new bugs. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level

Veen

Göktaş

Contag

et al. 2016

140

View full text Add to dashboard Cite

A chaotic system based fragile watermarking scheme for image tamper detection

Rawat

Raman

2011

AEU - International Journal of Electronics and Communications

132

View full text Add to dashboard Cite

Toward Large-Scale Vulnerability Discovery using Machine Learning

et al. 2016

View full text Add to dashboard Cite

A blind watermarking algorithm based on fractional Fourier transform and visual cryptography

2012

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sanjay Rawat

VUzzer: Application-aware Evolutionary Fuzzing

A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level

A chaotic system based fragile watermarking scheme for image tamper detection

Toward Large-Scale Vulnerability Discovery using Machine Learning

A blind watermarking algorithm based on fractional Fourier transform and visual cryptography

Contact Info

Product

Resources

About