Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing
Hybrid fuzzing which combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, the state-of-the-art hybrid fuzzing systems deploy ``demand launch''...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8170 https://ink.library.smu.edu.sg/context/sis_research/article/9173/viewcontent/Send_Hardest_Problems_My_Way_Probabilistic_Path_Prioritization_for_Hybrid_Fuzzing.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9173 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-91732023-09-26T10:33:38Z Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing ZHAO, Lei DUAN, Yue XUAN, Jifeng Hybrid fuzzing which combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, the state-of-the-art hybrid fuzzing systems deploy ``demand launch'' and ``optimal switch'' strategies. Although these ideas sound intriguing, we point out several fundamental limitations in them, due to oversimplified assumptions. We then propose a novel ``discriminative dispatch'' strategy to better utilize the capability of concolic execution. We design a novel Monte Carlo based probabilistic path prioritization model to quantify each path's difficulty and prioritize them for concolic execution. This model treats fuzzing as a random sampling process. It calculates each path's probability based on the sampling information. Finally, our model prioritizes and assigns the most difficult paths to concolic execution. We implement a prototype system DigFuzz and evaluate our system with two representative datasets. Results show that the concolic execution in DigFuzz outperforms than that in a state-of-the-art hybrid fuzzing system Driller in every major aspect. In particular, the concolic execution in DigFuzz contributes to discovering more vulnerabilities (12 vs. 5) and producing more code coverage (18.9% vs. 3.8%) on the CQE dataset than the concolic execution in Driller. 2019-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8170 info:doi/10.14722/ndss.2019.23504 https://ink.library.smu.edu.sg/context/sis_research/article/9173/viewcontent/Send_Hardest_Problems_My_Way_Probabilistic_Path_Prioritization_for_Hybrid_Fuzzing.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems Theory and Algorithms |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Databases and Information Systems Theory and Algorithms |
| spellingShingle |
Databases and Information Systems Theory and Algorithms ZHAO, Lei DUAN, Yue XUAN, Jifeng Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing |
| description |
Hybrid fuzzing which combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, the state-of-the-art hybrid fuzzing systems deploy ``demand launch'' and ``optimal switch'' strategies. Although these ideas sound intriguing, we point out several fundamental limitations in them, due to oversimplified assumptions. We then propose a novel ``discriminative dispatch'' strategy to better utilize the capability of concolic execution. We design a novel Monte Carlo based probabilistic path prioritization model to quantify each path's difficulty and prioritize them for concolic execution. This model treats fuzzing as a random sampling process. It calculates each path's probability based on the sampling information. Finally, our model prioritizes and assigns the most difficult paths to concolic execution. We implement a prototype system DigFuzz and evaluate our system with two representative datasets. Results show that the concolic execution in DigFuzz outperforms than that in a state-of-the-art hybrid fuzzing system Driller in every major aspect. In particular, the concolic execution in DigFuzz contributes to discovering more vulnerabilities (12 vs. 5) and producing more code coverage (18.9% vs. 3.8%) on the CQE dataset than the concolic execution in Driller. |
| format |
text |
| author |
ZHAO, Lei DUAN, Yue XUAN, Jifeng |
| author_facet |
ZHAO, Lei DUAN, Yue XUAN, Jifeng |
| author_sort |
ZHAO, Lei |
| title |
Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing |
| title_short |
Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing |
| title_full |
Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing |
| title_fullStr |
Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing |
| title_full_unstemmed |
Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing |
| title_sort |
send hardest problems my way: probabilistic path prioritization for hybrid fuzzing |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/8170 https://ink.library.smu.edu.sg/context/sis_research/article/9173/viewcontent/Send_Hardest_Problems_My_Way_Probabilistic_Path_Prioritization_for_Hybrid_Fuzzing.pdf |
| _version_ |
1779157190438813696 |