Gradient-oriented gray-box protocol fuzzing

Qin, Yinfan; Li, Xiang; Tian, Jianwen; Gu, Taotao; Kuang, Xiaohui

doi:10.1109/dsc53577.2021.00056

Cited by 2 publications

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AFL has been extensively used in the vulnerability mining of real-world applications, such as Firefox, Flash, and Openssl, where it has shown to be an effective and valuable fuzzing tool. The core of AFL fuzzing employs the genetic algorithm in the loop by picking a better seed as the parent sample, using a series of mutation techniques [21], creating sub-samples for numbers and certain kinds, and running them by the program, which will find new vulnerabilities. Subsamples of covered routes are added to the queue in which the modification is carried out.…”

Section: Aflmentioning

confidence: 99%

Optimization Research of Directed Fuzzing Based on AFL

Feng

Liu

2022

Electronics

View full text Add to dashboard Cite

Fuzz testing is the process of testing programs by continually producing unique inputs in order to detect and identify security flaws. It is often used in vulnerability mining. The most prevalent fuzzing approach is grey-box fuzzing, which combines lightweight code instrumentation with data-feedback-driven generation of fresh program input seeds. AFL (American Fuzzy Lop) is an outstanding grey-box fuzzing tool that is well known for its quick fork server execution, dependable genetic algorithm, and numerous mutation techniques. AFLGO proposes and executes power scheduling based on a simulated annealing process for a more appropriate energy allocation to seeds, however it is neither reliable nor successful. To tackle this issue, we offer an energy-dynamic scheduling strategy based on the algorithm of the fruit fly. Adjusting the energy of the seeds dynamically controls the production of test cases. The findings demonstrate that the approach suggested in this research can test the target region more rapidly and thoroughly and has a high application value for patch testing and vulnerability replication.

show abstract

Section: Aflmentioning

confidence: 99%