Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection
Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the quality of seeds properly, which involves making two decisions: 1) which is the most promising seed to fuzz next (seed pri...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7072 https://ink.library.smu.edu.sg/context/sis_research/article/8075/viewcontent/3338906.3338975.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8075 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-80752022-04-07T08:15:10Z Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection LI, Yuekang XUE, Yinxing CHEN, Hongxu WU, Xiuheng ZHANG, Cen XIE, Xiaofei WANG, Haijun LIU, Yang Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the quality of seeds properly, which involves making two decisions: 1) which is the most promising seed to fuzz next (seed prioritization), and 2) how many efforts should be made to the current seed (power scheduling). In this paper, we present our fuzzer, Cerebro, to address the above challenges. For the seed prioritization problem, we propose an online multi-objective based algorithm to balance various metrics such as code complexity, coverage, execution time, etc. To address the power scheduling problem, we introduce the concept of input potential to measure the complexity of uncovered code and propose a cost-effective algorithm to update it dynamically. Unlike previous approaches where the fuzzer evaluates an input solely based on the execution traces that it has covered, Cerebro is able to foresee the benefits of fuzzing the input by adaptively evaluating its input potential. We perform a thorough evaluation for Cerebro on 8 different real-world programs. The experiments show that Cerebro can find more vulnerabilities and achieve better coverage than state-of-the-art fuzzers such as AFL and AFLFast. 2019-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7072 info:doi/10.1145/3338906.3338975 https://ink.library.smu.edu.sg/context/sis_research/article/8075/viewcontent/3338906.3338975.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Fuzz Testing Software Vulnerability OS and Networks Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Fuzz Testing Software Vulnerability OS and Networks Software Engineering |
| spellingShingle |
Fuzz Testing Software Vulnerability OS and Networks Software Engineering LI, Yuekang XUE, Yinxing CHEN, Hongxu WU, Xiuheng ZHANG, Cen XIE, Xiaofei WANG, Haijun LIU, Yang Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection |
| description |
Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the quality of seeds properly, which involves making two decisions: 1) which is the most promising seed to fuzz next (seed prioritization), and 2) how many efforts should be made to the current seed (power scheduling). In this paper, we present our fuzzer, Cerebro, to address the above challenges. For the seed prioritization problem, we propose an online multi-objective based algorithm to balance various metrics such as code complexity, coverage, execution time, etc. To address the power scheduling problem, we introduce the concept of input potential to measure the complexity of uncovered code and propose a cost-effective algorithm to update it dynamically. Unlike previous approaches where the fuzzer evaluates an input solely based on the execution traces that it has covered, Cerebro is able to foresee the benefits of fuzzing the input by adaptively evaluating its input potential. We perform a thorough evaluation for Cerebro on 8 different real-world programs. The experiments show that Cerebro can find more vulnerabilities and achieve better coverage than state-of-the-art fuzzers such as AFL and AFLFast. |
| format |
text |
| author |
LI, Yuekang XUE, Yinxing CHEN, Hongxu WU, Xiuheng ZHANG, Cen XIE, Xiaofei WANG, Haijun LIU, Yang |
| author_facet |
LI, Yuekang XUE, Yinxing CHEN, Hongxu WU, Xiuheng ZHANG, Cen XIE, Xiaofei WANG, Haijun LIU, Yang |
| author_sort |
LI, Yuekang |
| title |
Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection |
| title_short |
Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection |
| title_full |
Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection |
| title_fullStr |
Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection |
| title_full_unstemmed |
Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection |
| title_sort |
cerebro: context-aware adaptive fuzzing for effective vulnerability detection |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/7072 https://ink.library.smu.edu.sg/context/sis_research/article/8075/viewcontent/3338906.3338975.pdf |
| _version_ |
1770576206277640192 |