Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing
Coverage-guided greybox fuzzing has become one of the most common techniques for finding software bugs. Coverage metric, which decides how a fuzzer selects new seeds, is an essential parameter of fuzzing and can significantly affect the results. While there are many existing works on the effectivene...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8169 https://ink.library.smu.edu.sg/context/sis_research/article/9172/viewcontent/Be_Sensitive_and_Collaborative_Analyzing_Impact_of_Coverage_Metrics_in_Greybox_Fuzzing.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9172 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-91722023-09-26T10:33:54Z Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing WANG, Jinghan DUAN, Yue SONG, Wei YIN, Heng SONG, Chengyu Coverage-guided greybox fuzzing has become one of the most common techniques for finding software bugs. Coverage metric, which decides how a fuzzer selects new seeds, is an essential parameter of fuzzing and can significantly affect the results. While there are many existing works on the effectiveness of different coverage metrics on software testing, little is known about how different coverage metrics could actually affect the fuzzing results in practice. More importantly, it is unclear whether there exists one coverage metric that is superior to all the other metrics. In this paper, we report the first systematic study on the impact of different coverage metrics in fuzzing. To this end, we formally define and discuss the concept of sensitivity, which can be used to theoretically compare different coverage metrics. We then present several coverage metrics with their variants. We conduct a study on these metrics with the DARPA CGC dataset, the LAVA-M dataset, and a set of real-world applications (a total of 221 binaries). We find that because each fuzzing instance has limited resources (time and computation power), (1) each metric has its unique merit in terms of flipping certain types of branches (thus vulnerability finding) and (2) there is no grand slam coverage metric that defeats all the others. We also explore combining different coverage metrics through cross-seeding, and the result is very encouraging: this pure fuzzing based approach can crash at least the same numbers of binaries in the CGC dataset as a previous approach (Driller) that combines fuzzing and concolic execution. At the same time, our approach uses fewer computing resources 2019-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8169 https://ink.library.smu.edu.sg/context/sis_research/article/9172/viewcontent/Be_Sensitive_and_Collaborative_Analyzing_Impact_of_Coverage_Metrics_in_Greybox_Fuzzing.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Computation power Computing resource Concolic execution Coverage metrics Real-world Software bug Systematic study; Vulnerability finding Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Computation power Computing resource Concolic execution Coverage metrics Real-world Software bug Systematic study; Vulnerability finding Information Security |
| spellingShingle |
Computation power Computing resource Concolic execution Coverage metrics Real-world Software bug Systematic study; Vulnerability finding Information Security WANG, Jinghan DUAN, Yue SONG, Wei YIN, Heng SONG, Chengyu Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing |
| description |
Coverage-guided greybox fuzzing has become one of the most common techniques for finding software bugs. Coverage metric, which decides how a fuzzer selects new seeds, is an essential parameter of fuzzing and can significantly affect the results. While there are many existing works on the effectiveness of different coverage metrics on software testing, little is known about how different coverage metrics could actually affect the fuzzing results in practice. More importantly, it is unclear whether there exists one coverage metric that is superior to all the other metrics. In this paper, we report the first systematic study on the impact of different coverage metrics in fuzzing. To this end, we formally define and discuss the concept of sensitivity, which can be used to theoretically compare different coverage metrics. We then present several coverage metrics with their variants. We conduct a study on these metrics with the DARPA CGC dataset, the LAVA-M dataset, and a set of real-world applications (a total of 221 binaries). We find that because each fuzzing instance has limited resources (time and computation power), (1) each metric has its unique merit in terms of flipping certain types of branches (thus vulnerability finding) and (2) there is no grand slam coverage metric that defeats all the others. We also explore combining different coverage metrics through cross-seeding, and the result is very encouraging: this pure fuzzing based approach can crash at least the same numbers of binaries in the CGC dataset as a previous approach (Driller) that combines fuzzing and concolic execution. At the same time, our approach uses fewer computing resources |
| format |
text |
| author |
WANG, Jinghan DUAN, Yue SONG, Wei YIN, Heng SONG, Chengyu |
| author_facet |
WANG, Jinghan DUAN, Yue SONG, Wei YIN, Heng SONG, Chengyu |
| author_sort |
WANG, Jinghan |
| title |
Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing |
| title_short |
Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing |
| title_full |
Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing |
| title_fullStr |
Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing |
| title_full_unstemmed |
Be sensitive and collaborative: Analyzing impact of coverage metrics in Greybox fuzzing |
| title_sort |
be sensitive and collaborative: analyzing impact of coverage metrics in greybox fuzzing |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/8169 https://ink.library.smu.edu.sg/context/sis_research/article/9172/viewcontent/Be_Sensitive_and_Collaborative_Analyzing_Impact_of_Coverage_Metrics_in_Greybox_Fuzzing.pdf |
| _version_ |
1779157190258458624 |