Casr-Cluster: Crash Clustering for Linux Applications

TL;DR

This paper introduces Casr-Cluster, a tool for clustering crash reports in Linux applications to streamline crash analysis and reduce developer effort, especially useful in fuzzing workflows.

Contribution

The paper presents a novel crash clustering approach implemented as Casr-Cluster, specifically designed for Linux application crash reports, improving analysis efficiency.

Findings

Effective clustering of Linux crash reports demonstrated

Reduced analysis time for crash reports

Applicable to fuzzing-generated crash data

Abstract

Crash report analysis is a necessary step before developers begin fixing errors. Fuzzing or hybrid (with dynamic symbolic execution) fuzzing is often used in the secure development lifecycle. Modern fuzzers could produce many crashes and developers do not have enough time to fix them till release date. There are two approaches that could reduce developers' effort on crash analysis: crash clustering and crash severity estimation. Crash severity estimation could help developers to prioritize crashes and close security issues first. Crash clustering puts similar crash reports in one cluster what could speed up the analyzing time for all crash reports. In this paper, we focus on crash clustering. We propose an approach for clustering and deduplicating of crashes that occurred in Linux applications. We implement this approach as a tool that could cluster Casr~\cite{fedotov2020casr} crash reports. We evaluated our tool on a set of crash reports that was collected from fuzzing results.