2020
DOI: 10.1109/tse.2019.2941681
|View full text |Cite
|
Sign up to set email alerts
|

Smart Greybox Fuzzing

Abstract: Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively constructs (and fuzzes) a seed corpus by retaining those generated files which enhance coverage. However, random bitflips are unlikely to produce valid files (or valid chunks in files), for applications processing complex file formats.In this work, we introduce smart greybox fuzzing… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

2
83
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
5
2
2

Relationship

0
9

Authors

Journals

citations
Cited by 114 publications
(85 citation statements)
references
References 36 publications
2
83
0
Order By: Relevance
“…Markov chain, PSO and MAB) to help energy assignment. Note that AFLSmart [24] leverages the structure representation in seed files to guide mutation, and defines a validity-based power schedule to generate test inputs that are more likely to explore deeper program logic. Although it is close to main ideas of grammar-based and generationbased fuzzers, its application scenarios are limited due to the relatively simple chunk strategy and virtual file structure.…”
Section: A Guided Mutation-based Fuzzingmentioning
confidence: 99%
See 1 more Smart Citation
“…Markov chain, PSO and MAB) to help energy assignment. Note that AFLSmart [24] leverages the structure representation in seed files to guide mutation, and defines a validity-based power schedule to generate test inputs that are more likely to explore deeper program logic. Although it is close to main ideas of grammar-based and generationbased fuzzers, its application scenarios are limited due to the relatively simple chunk strategy and virtual file structure.…”
Section: A Guided Mutation-based Fuzzingmentioning
confidence: 99%
“…While, in classic mutation-based fuzzers, the influence of mutation priority and frequency has been proved to be significant ( [1] [19] [21]). Many mutation-based fuzzers have developed different approaches to optimize power schedule, such as reducing the search space of inputs ( [16], [19], [21], [23]), or modeling the process of power schedule ( [17], [18], [24]).…”
Section: Introductionmentioning
confidence: 99%
“…Based on RedQueen [32], Grimoire [33] identifies fragments from an initial set of inputs that trigger new coverage, strips them and later splices in other parts, thus mimicking grammar combinations. Chunk-based fuzzers such as Peach [8] and AFLSmart [34] generate inputs following a tree hierarchy, using C structure-like data chunks to form individual nodes. Peach applies format-aware mutations to the initial valid input set through a user-defined input specification (called a "peach pit file").…”
Section: B Format-aware Fuzzingmentioning
confidence: 99%
“…The STADS framework [15] is general in the sense that it does not depend on a specific programming language, or execution environment, testing objective, or test generation technique. For instance, STADS facilitates the extrapolation of statement coverage, mutation adequacy, or the number of bugs exposed for Java, C, and Python programs on Linux, Windows, and MacOS using CSmith [29], Randoop [30], or AFL [31]- [34].…”
Section: A Software Testing As Species Discoverymentioning
confidence: 99%