Rare-Seed Generation for Fuzzing
Seemanta Saha, Laboni Sarker, Md Shafiuzzaman, Chaofan Shou, Albert, Li, Ganesh Sankaran, Tevfik Bultan
TL;DR
This paper introduces methods to identify and generate inputs for rare program paths, enhancing fuzzing coverage by combining symbolic analysis and concolic execution to improve bug detection.
Contribution
It presents novel techniques for detecting rare paths and generating seeds to explore them, boosting fuzzing effectiveness over random seed initialization.
Findings
Enhanced code coverage with rare-path seeds
Improved bug detection in restrictive branch conditions
Fuzzers outperform with targeted seed sets
Abstract
Starting with a random initial seed, fuzzers search for inputs that trigger bugs or vulnerabilities. However, fuzzers often fail to generate inputs for program paths guarded by restrictive branch conditions. In this paper, we show that by first identifying rare-paths in programs (i.e., program paths with path constraints that are unlikely to be satisfied by random input generation), and then, generating inputs/seeds that trigger rare-paths, one can improve the coverage of fuzzing tools. In particular, we present techniques 1) that identify rare paths using quantitative symbolic analysis, and 2) generate inputs that can explore these rare paths using path-guided concolic execution. We provide these inputs as initial seed sets to three state of the art fuzzers. Our experimental evaluation on a set of programs (that contain a lot of restrictive branch conditions) shows that the fuzzers…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Testing and Debugging Techniques · Software Engineering Research · Advanced Malware Detection Techniques