SmartSeed: Smart Seed Generation for Efficient Fuzzing

TL;DR

SmartSeed employs machine learning to generate high-value seed files rapidly, significantly enhancing fuzzing efficiency and vulnerability discovery across multiple applications and input formats.

Contribution

It introduces a novel machine learning-based seed generation system that outperforms existing strategies in fuzzing efficiency and vulnerability detection.

Findings

Generates high-value seeds within tens of seconds

Significantly improves fuzzing performance and crash discovery

Discovers 16 new vulnerabilities with assigned CVE IDs

Abstract

Fuzzing is an automated application vulnerability detection method. For genetic algorithm-based fuzzing, it can mutate the seed files provided by users to obtain a number of inputs, which are then used to test the objective application in order to trigger potential crashes. As shown in existing literature, the seed file selection is crucial for the efficiency of fuzzing. However, current seed selection strategies do not seem to be better than randomly picking seed files. Therefore, in this paper, we propose a novel and generic system, named SmartSeed, to generate seed files towards efficient fuzzing. Specifically, SmartSeed is designed based on a machine learning model to learn and generate high-value binary seeds. We evaluate SmartSeed along with American Fuzzy Lop (AFL) on 12 open-source applications with the input formats of mp3, bmp or flv. We also combine SmartSeed with different fuzzing tools to examine its compatibility. From extensive experiments, we find that SmartSeed has the following advantages: First, it only requires tens of seconds to generate sufficient high-value seeds. Second, it can generate seeds with multiple kinds of input formats and significantly improves the fuzzing performance for most applications with the same input format. Third, SmartSeed is compatible to different fuzzing tools. In total, our system discovers more than twice unique crashes and 5,040 extra unique paths than the existing best seed selection strategy for the evaluated 12 applications. From the crashes found by SmartSeed, we discover 16 new vulnerabilities and have received their CVE IDs.