V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing

TL;DR

V-Fuzz is a vulnerability-oriented evolutionary fuzzing tool that uses neural network predictions to focus on likely vulnerable code areas, improving bug detection efficiency and discovering new CVEs.

Contribution

The paper introduces V-Fuzz, combining neural network vulnerability prediction with evolutionary fuzzing to target vulnerable code more effectively.

Findings

V-Fuzz outperforms state-of-the-art fuzzers in bug detection efficiency.

V-Fuzz discovered 10 CVEs, including 3 new ones.

Reported CVEs have been confirmed and fixed.

Abstract

Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code coverage. It is inefficient as the vulnerable code only takes a tiny fraction of the entire code. In this paper, we design and implement a vulnerability-oriented evolutionary fuzzing prototype named V-Fuzz, which aims to find bugs efficiently and quickly in a limited time. V-Fuzz consists of two main components: a neural network-based vulnerability prediction model and a vulnerability-oriented evolutionary fuzzer. Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of the software are more likely to be vulnerable. Then, the fuzzer leverages an evolutionary algorithm to generate inputs which tend to arrive at the vulnerable locations, guided by the vulnerability prediction result. Experimental results demonstrate that V-Fuzz can find bugs more efficiently than state-of-the-art fuzzers. Moreover, V-Fuzz has discovered 10 CVEs, and 3 of them are newly discovered. We reported the new CVEs, and they have been confirmed and fixed.