Boosting fuzzer efficiency: an information theoretic perspective

Böhme, Marcel; Manès, Valentin J. M.; Kil, Sang

doi:10.1145/3368089.3409748

Cited by 70 publications

(35 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our results show that the fuzzer skills also improve in terms of crash detection and coverage for several cases when diversity is embedded within the generation process. This is similar to the results of Böhme et al [25] when they leverage entropy to increase the diversity of behaviours during fuzzing campaigns. Therefore, r-wise independent hash functions compensate the adversarial behaviour of fuzzers and solvers during the input generation process by improving the fuzzers diversity.…”

Section: Discussion and Limitationssupporting

confidence: 89%

See 1 more Smart Citation

Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection

Menéndez

Clark

2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

Section: Discussion and Limitationssupporting

confidence: 89%

“…Since our comparison is based on performance, using different machines will affect the final results. The results might also be affected if the fuzzers add a new diversity strategy, as was recently the case for LibFuzzer, that now includes the "Entropic" extension, improving diversity during the queue selection process [25].…”

Section: Threats To Validitymentioning

confidence: 99%

Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection

Menéndez

Clark

2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…To mitigate this problem, fuzzers calculate itness based on execution states (e.g., code coverage) because execution states can provide fuzzing with more information. Most existing fuzzers compute itness based on code coverage, i.e., they intend to discover more code coverage [21,23,62,88,157,203]. Another reason for using code coverage is that larger code coverage indicates a higher possibility of bug discovery [130].…”

Section: Fitness By State Transition (Markov Chainmentioning

confidence: 99%

“…However, the essential objective of fuzzing is to discover new states, e.g., new code coverage, new crashes, or new bugs. This motivates Böhme et al [17,20,21] to formulate fuzzing processes as a species discovery problem [32,33,52]. In a nutshell, ecologists collect numerous samples from the wild, and the species in the samples may be abundant or rare.…”

Section: Fitness By State Discoverymentioning

confidence: 99%

Fuzzing: A Survey for Roadmap

et al. 2022

View full text Add to dashboard Cite

Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It generates a large number of test cases and monitors the executions for defects. Fuzzing has detected thousands of bugs and vulnerabilities in various applications. Although effective, there lacks systematic analysis of gaps faced by fuzzing. As a technique of defect detection, fuzzing is required to narrow down the gaps between the entire input space and the defect space. Without limitation on the generated inputs, the input space is infinite. However, defects are sparse in an application, which indicates that the defect space is much smaller than the entire input space. Besides, because fuzzing generates numerous test cases to repeatedly examine targets, it requires fuzzing to perform in an automatic manner. Due to the complexity of applications and defects, it is challenging to automatize the execution of diverse applications. In this paper, we systematically review and analyze the gaps as well as their solutions, considering both breadth and depth. This survey can be a roadmap for both beginners and advanced developers to better understand fuzzing.

show abstract

“…Entropic [3] improves libFuzzer's seed scheduling algorithm. It quantifies the amount of information gained by each seed and chooses which seed to mutate first according to this value.…”

Section: A Enhancing Libfuzzermentioning

confidence: 99%