SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration

Luo, Changhua; Meng, Weiyi; Li, Penghui

doi:10.1109/sp46215.2023.10179296

Cited by 14 publications

(4 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By this means, SelectFuzz [111] avoids exploring irrelevant code, further reducing the cost of fuzzing. By adopting these strategies, both BEACON [92] and SelectFuzz [111] effectively decrease the fuzzing cost by minimizing the exploration of code that does not contribute to reaching the desired targets, thereby enhancing the speed of bug exposure. In contrast, other techniques such as Windranger [97], CAFL [93], and FuzzGuard [91] actually increase the cost of fuzzing due to their requirements for analyzing and collecting DBBs and path constraints, or collecting and filtering seeds.…”

Section: Challenges Faced By Dgfmentioning

confidence: 99%

“…In recent years, two state‐of‐the‐art techniques, namely, BEACON [92] and SelectFuzz [111], have significantly improved the speed of bug exposure by reducing the cost of fuzzing. BEACON leverages symbolic execution to analyze the feasibility of different paths and eliminates those that cannot lead to the target, thereby reducing the overall fuzzing cost.…”

Section: Challenges Faced By Dgfmentioning

confidence: 99%

“…As a result, the overhead associated with instrumentation and seed distance calculation is minimized. By this means, SelectFuzz [111] avoids exploring irrelevant code, further reducing the cost of fuzzing. By adopting these strategies, both BEACON [92] and SelectFuzz [111] effectively decrease the fuzzing cost by minimizing the exploration of code that does not contribute to reaching the desired targets, thereby enhancing the speed of bug exposure.…”

Section: Challenges Faced By Dgfmentioning

confidence: 99%

See 2 more Smart Citations

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

Section: Challenges Faced By Dgfmentioning

confidence: 99%

Section: Challenges Faced By Dgfmentioning

confidence: 99%

Section: Challenges Faced By Dgfmentioning

confidence: 99%

See 1 more Smart Citation

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

show abstract

“…Nevertheless, some inadequacies persist [13,[21][22][23][24][25]. Firstly, while some fuzzers provide more accurate definitions for distance metrics, they neglect the fact that distinct branches may have varying arrival probabilities in certain situations.…”

Section: Introductionmentioning

confidence: 99%

WolfFuzz: A Dynamic, Adaptive, and Directed Greybox Fuzzer

Zeng,

Xiong,

et al. 2024

Electronics

View full text Add to dashboard Cite

As the directed greybox fuzzing (DGF) technique advances, it is being extensively utilized in various fields such as defect reproduction, patch testing, and vulnerability identification. Nevertheless, current DGFs waste a significant amount of resources due to their simplistic distance definitions and overly straightforward energy distribution for the seeds. To address these issues, a dynamic distance-weighting-based distance estimation strategy is proposed first, which facilitates strategies for seed distribution that take energy into consideration. Second, to overcome the limitations of current seed energy distribution strategies, the gray wolf optimizer (GWO) is improved by integrating four strategies, leading to the development of the improved gray wolf optimizer (IGWO). Lastly, an adaptive search algorithm is proposed, and the WolfFuzz prototype tool is implemented. In vulnerability recurrence scenarios, WolfFuzz is 3.2× faster on average compared with the baseline and reproduces 76.4% of existing bugs faster. WolfFuzz also discovers nine different types of bugs in seven real-world programs.

show abstract