• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization

Vol. 14, No. 9, September 30, 2020
10.3837/tiis.2020.09.018, Download Paper (Free):

Abstract

Hybrid fuzzing which combines fuzzing and concolic execution, has proved its ability to achieve higher code coverage and therefore find more bugs. However, current hybrid fuzzers usually suffer from inefficiency and poor scalability when applied to complex, real-world program testing. We observed that the performance bottleneck is the inefficient cooperation between the fuzzer and concolic executor and the slow symbolic emulation. In this paper, we propose a novel solution named EPfuzzer to improve hybrid fuzzing. EPfuzzer implements two key ideas: 1) only the hardest-to-reach branch will be prioritized for concolic execution to avoid generating uninteresting inputs; and 2) only input bytes relevant to the target branch to be flipped will be symbolized to reduce the overhead of the symbolic emulation. With these optimizations, EPfuzzer can be efficiently targeted to the hardest-to-reach branch. We evaluated EPfuzzer with three sets of programs: five real-world applications and two popular benchmarks (LAVA-M and the Google Fuzzer Test Suite). The evaluation results showed that EPfuzzer was much more efficient and scalable than the state-of-the-art concolic execution engine (QSYM). EPfuzzer was able to find more bugs and achieve better code coverage. In addition, we discovered seven previously unknown security bugs in five real-world programs and reported them to the vendors.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Y. Wang, Z. Wu, Q. Wei, Q. Wang, "EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization," KSII Transactions on Internet and Information Systems, vol. 14, no. 9, pp. 3885-3906, 2020. DOI: 10.3837/tiis.2020.09.018.

[ACM Style]
Yunchao Wang, Zehui Wu, Qiang Wei, and Qingxian Wang. 2020. EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization. KSII Transactions on Internet and Information Systems, 14, 9, (2020), 3885-3906. DOI: 10.3837/tiis.2020.09.018.

[BibTeX Style]
@article{tiis:23867, title="EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization", author="Yunchao Wang and Zehui Wu and Qiang Wei and Qingxian Wang and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2020.09.018}, volume={14}, number={9}, year="2020", month={September}, pages={3885-3906}}