BandFuzz: An ML-powered Collaborative Fuzzing Framework

TL;DR

BANDFUZZ is an ML-driven collaborative fuzzing framework that optimizes resource allocation using a multi-armed bandits model, outperforming existing methods in bug detection and efficiency without extra computational costs.

Contribution

The paper introduces BANDFUZZ, a novel resource allocation algorithm based on multi-armed bandits, enhancing collaborative fuzzing effectiveness and efficiency.

Findings

BANDFUZZ outperforms state-of-the-art frameworks and individual fuzzers.

It effectively detects more bugs in Fuzzbench and Fuzzer Test Suite.

BANDFUZZ wins first place in a worldwide fuzzing competition.

Abstract

Collaborative fuzzing combines multiple individual fuzzers and dynamically chooses appropriate combinations for different programs. Unlike individual fuzzers that rely on specific assumptions, collaborative fuzzing relaxes assumptions on target programs, providing robust performance across various programs. However, existing collaborative fuzzing frameworks face challenges including additional computational resource requirements and inefficient resource allocation among fuzzers. To tackle these challenges, we present BANDFUZZ, an ML-powered collaborative fuzzing framework that outperforms individual fuzzers without requiring additional computational resources. The key contribution of BANDFUZZ lies in its novel resource allocation algorithm driven by our proposed multi-armed bandits model. Different from greedy methods in existing frameworks, BANDFUZZ models the long-term impact of individual fuzzers, enabling discovery of globally optimal collaborative strategies. We propose a novel fuzzer evaluation method that assesses not only code coverage but also the fuzzer's capability of solving difficult branches. Finally, we integrate a real-time seed synchronization mechanism and implementation-wise optimizations to improve fuzzing efficiency and stability. Through extensive experiments on Fuzzbench and Fuzzer Test Suite, we show that BANDFUZZ outperforms state-of-the-art collaborative fuzzing framework autofz and widely used individual fuzzers. We verify BANDFUZZ's key designs through comprehensive ablation study. Notably, we demonstrate BANDFUZZ's effectiveness in real-world bug detection by analyzing results of a worldwide fuzzing competition, where BANDFUZZ won first place.