Probabilistic path prioritization for hybrid fuzzing

Hybrid fuzzing that combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, state-of-the-art hybrid fuzzing systems deploy “optimal concolic testing” and “...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHAO, Lei, CAO, Pengcheng, DUAN, Yue, YIN, Heng, XUAN, Jifeng
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2022
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8198
https://ink.library.smu.edu.sg/context/sis_research/article/9201/viewcontent/ProbPathPrioritization_2022_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9201
record_format dspace
spelling sg-smu-ink.sis_research-92012023-10-04T05:24:05Z Probabilistic path prioritization for hybrid fuzzing ZHAO, Lei CAO, Pengcheng DUAN, Yue YIN, Heng XUAN, Jifeng Hybrid fuzzing that combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, state-of-the-art hybrid fuzzing systems deploy “optimal concolic testing” and “demand launch” strategies. Although these ideas sound intriguing, we point out several fundamental limitations in them, due to unrealistic or oversimplified assumptions. Further, we propose a novel “discriminative dispatch” strategy and design a probabilistic hybrid fuzzing system to better utilize the capability of concolic execution. Specifically, we design a Monte Carlo-based probabilistic path prioritization model to quantify each path’s difficulty, and then prioritize them for concolic execution. Our model assigns the most difficult paths to concolic execution. We implement a prototype named DigFuzz and evaluate our system with two representative datasets and real-world programs. Results show that the concolic execution in DigFuzz outperforms than those in state-of-the-art hybrid fuzzing systems in every major aspect. In particular, the concolic execution in DigFuzz contributes to discovering more vulnerabilities (12 versus 5) and producing more code coverage (18.9 versus 3.8 percent) on the CQE dataset than the concolic execution in Driller. 2022-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8198 info:doi/10.1109/TDSC.2020.3042259 https://ink.library.smu.edu.sg/context/sis_research/article/9201/viewcontent/ProbPathPrioritization_2022_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software security Fuzz testing Concolic execution Hybrid fuzzing Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Software security
Fuzz testing
Concolic execution
Hybrid fuzzing
Information Security
Software Engineering
spellingShingle Software security
Fuzz testing
Concolic execution
Hybrid fuzzing
Information Security
Software Engineering
ZHAO, Lei
CAO, Pengcheng
DUAN, Yue
YIN, Heng
XUAN, Jifeng
Probabilistic path prioritization for hybrid fuzzing
description Hybrid fuzzing that combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, state-of-the-art hybrid fuzzing systems deploy “optimal concolic testing” and “demand launch” strategies. Although these ideas sound intriguing, we point out several fundamental limitations in them, due to unrealistic or oversimplified assumptions. Further, we propose a novel “discriminative dispatch” strategy and design a probabilistic hybrid fuzzing system to better utilize the capability of concolic execution. Specifically, we design a Monte Carlo-based probabilistic path prioritization model to quantify each path’s difficulty, and then prioritize them for concolic execution. Our model assigns the most difficult paths to concolic execution. We implement a prototype named DigFuzz and evaluate our system with two representative datasets and real-world programs. Results show that the concolic execution in DigFuzz outperforms than those in state-of-the-art hybrid fuzzing systems in every major aspect. In particular, the concolic execution in DigFuzz contributes to discovering more vulnerabilities (12 versus 5) and producing more code coverage (18.9 versus 3.8 percent) on the CQE dataset than the concolic execution in Driller.
format text
author ZHAO, Lei
CAO, Pengcheng
DUAN, Yue
YIN, Heng
XUAN, Jifeng
author_facet ZHAO, Lei
CAO, Pengcheng
DUAN, Yue
YIN, Heng
XUAN, Jifeng
author_sort ZHAO, Lei
title Probabilistic path prioritization for hybrid fuzzing
title_short Probabilistic path prioritization for hybrid fuzzing
title_full Probabilistic path prioritization for hybrid fuzzing
title_fullStr Probabilistic path prioritization for hybrid fuzzing
title_full_unstemmed Probabilistic path prioritization for hybrid fuzzing
title_sort probabilistic path prioritization for hybrid fuzzing
publisher Institutional Knowledge at Singapore Management University
publishDate 2022
url https://ink.library.smu.edu.sg/sis_research/8198
https://ink.library.smu.edu.sg/context/sis_research/article/9201/viewcontent/ProbPathPrioritization_2022_av.pdf
_version_ 1779157222776897536