Probabilistic path prioritization for hybrid fuzzing
Hybrid fuzzing that combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, state-of-the-art hybrid fuzzing systems deploy “optimal concolic testing” and “...
Saved in:
Main Authors: | , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2022
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/8198 https://ink.library.smu.edu.sg/context/sis_research/article/9201/viewcontent/ProbPathPrioritization_2022_av.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-9201 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-92012023-10-04T05:24:05Z Probabilistic path prioritization for hybrid fuzzing ZHAO, Lei CAO, Pengcheng DUAN, Yue YIN, Heng XUAN, Jifeng Hybrid fuzzing that combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, state-of-the-art hybrid fuzzing systems deploy “optimal concolic testing” and “demand launch” strategies. Although these ideas sound intriguing, we point out several fundamental limitations in them, due to unrealistic or oversimplified assumptions. Further, we propose a novel “discriminative dispatch” strategy and design a probabilistic hybrid fuzzing system to better utilize the capability of concolic execution. Specifically, we design a Monte Carlo-based probabilistic path prioritization model to quantify each path’s difficulty, and then prioritize them for concolic execution. Our model assigns the most difficult paths to concolic execution. We implement a prototype named DigFuzz and evaluate our system with two representative datasets and real-world programs. Results show that the concolic execution in DigFuzz outperforms than those in state-of-the-art hybrid fuzzing systems in every major aspect. In particular, the concolic execution in DigFuzz contributes to discovering more vulnerabilities (12 versus 5) and producing more code coverage (18.9 versus 3.8 percent) on the CQE dataset than the concolic execution in Driller. 2022-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8198 info:doi/10.1109/TDSC.2020.3042259 https://ink.library.smu.edu.sg/context/sis_research/article/9201/viewcontent/ProbPathPrioritization_2022_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software security Fuzz testing Concolic execution Hybrid fuzzing Information Security Software Engineering |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Software security Fuzz testing Concolic execution Hybrid fuzzing Information Security Software Engineering |
spellingShingle |
Software security Fuzz testing Concolic execution Hybrid fuzzing Information Security Software Engineering ZHAO, Lei CAO, Pengcheng DUAN, Yue YIN, Heng XUAN, Jifeng Probabilistic path prioritization for hybrid fuzzing |
description |
Hybrid fuzzing that combines fuzzing and concolic execution has become an advanced technique for software vulnerability detection. Based on the observation that fuzzing and concolic execution are complementary in nature, state-of-the-art hybrid fuzzing systems deploy “optimal concolic testing” and “demand launch” strategies. Although these ideas sound intriguing, we point out several fundamental limitations in them, due to unrealistic or oversimplified assumptions. Further, we propose a novel “discriminative dispatch” strategy and design a probabilistic hybrid fuzzing system to better utilize the capability of concolic execution. Specifically, we design a Monte Carlo-based probabilistic path prioritization model to quantify each path’s difficulty, and then prioritize them for concolic execution. Our model assigns the most difficult paths to concolic execution. We implement a prototype named DigFuzz and evaluate our system with two representative datasets and real-world programs. Results show that the concolic execution in DigFuzz outperforms than those in state-of-the-art hybrid fuzzing systems in every major aspect. In particular, the concolic execution in DigFuzz contributes to discovering more vulnerabilities (12 versus 5) and producing more code coverage (18.9 versus 3.8 percent) on the CQE dataset than the concolic execution in Driller. |
format |
text |
author |
ZHAO, Lei CAO, Pengcheng DUAN, Yue YIN, Heng XUAN, Jifeng |
author_facet |
ZHAO, Lei CAO, Pengcheng DUAN, Yue YIN, Heng XUAN, Jifeng |
author_sort |
ZHAO, Lei |
title |
Probabilistic path prioritization for hybrid fuzzing |
title_short |
Probabilistic path prioritization for hybrid fuzzing |
title_full |
Probabilistic path prioritization for hybrid fuzzing |
title_fullStr |
Probabilistic path prioritization for hybrid fuzzing |
title_full_unstemmed |
Probabilistic path prioritization for hybrid fuzzing |
title_sort |
probabilistic path prioritization for hybrid fuzzing |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2022 |
url |
https://ink.library.smu.edu.sg/sis_research/8198 https://ink.library.smu.edu.sg/context/sis_research/article/9201/viewcontent/ProbPathPrioritization_2022_av.pdf |
_version_ |
1779157222776897536 |