Jauernig, Patrick ; Jakobovic, Domagoj ; Picek, Stjepan ; Stapf, Emmanuel ; Sadeghi, Ahmad-Reza (2023)
DARWIN: Survival of the Fittest Fuzzing Mutators.
Network and Distributed Systems Security (NDSS) Symposium 2023. San Diego, USA (27.02.-03.03.2023)
doi: 10.14722/ndss.2023.23159
Conference or Workshop Item
Abstract
Fuzzing is an automated software testing technique broadly adopted by the industry. A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice. While the research community has studied mutation-based fuzzing for years now, the algorithms' interactions within the fuzzer are highly complex and can, together with the randomness in every instance of a fuzzer, lead to unpredictable effects. Most efforts to improve this fragile interaction focused on optimizing seed scheduling. However, real-world results like Google's FuzzBench highlight that these approaches do not consistently show improvements in practice. Another approach to improve the fuzzing process algorithmically is optimizing mutation scheduling. Unfortunately, existing mutation scheduling approaches also failed to convince because of missing real-world improvements or too many user-controlled parameters whose configuration requires expert knowledge about the target program. This leaves the challenging problem of cleverly processing test cases and achieving a measurable improvement unsolved. We present DARWIN, a novel mutation scheduler and the first to show fuzzing improvements in a realistic scenario without the need to introduce additional user-configurable parameters, opening this approach to the broad fuzzing community. DARWIN uses an Evolution Strategy to systematically optimize and adapt the probability distribution of the mutation operators during fuzzing. We implemented a prototype based on the popular general-purpose fuzzer AFL. DARWIN significantly outperforms the state-of-the-art mutation scheduler and the AFL baseline in our own coverage experiment, in FuzzBench, and by finding 15 out of 21 bugs the fastest in the MAGMA benchmark. Finally, DARWIN found 20 unique bugs (including one novel bug), 66% more than AFL, in widely-used real-world applications.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2023 |
| Creators: | Jauernig, Patrick ; Jakobovic, Domagoj ; Picek, Stjepan ; Stapf, Emmanuel ; Sadeghi, Ahmad-Reza |
| Type of entry: | Bibliographie |
| Title: | DARWIN: Survival of the Fittest Fuzzing Mutators |
| Language: | English |
| Date: | 27 February 2023 |
| Event Title: | Network and Distributed Systems Security (NDSS) Symposium 2023 |
| Event Location: | San Diego, USA |
| Event Dates: | 27.02.-03.03.2023 |
| DOI: | 10.14722/ndss.2023.23159 |
| URL / URN: | https://www.ndss-symposium.org/wp-content/uploads/2023/02/nd... |
| Abstract: | Fuzzing is an automated software testing technique broadly adopted by the industry. A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice. While the research community has studied mutation-based fuzzing for years now, the algorithms' interactions within the fuzzer are highly complex and can, together with the randomness in every instance of a fuzzer, lead to unpredictable effects. Most efforts to improve this fragile interaction focused on optimizing seed scheduling. However, real-world results like Google's FuzzBench highlight that these approaches do not consistently show improvements in practice. Another approach to improve the fuzzing process algorithmically is optimizing mutation scheduling. Unfortunately, existing mutation scheduling approaches also failed to convince because of missing real-world improvements or too many user-controlled parameters whose configuration requires expert knowledge about the target program. This leaves the challenging problem of cleverly processing test cases and achieving a measurable improvement unsolved. We present DARWIN, a novel mutation scheduler and the first to show fuzzing improvements in a realistic scenario without the need to introduce additional user-configurable parameters, opening this approach to the broad fuzzing community. DARWIN uses an Evolution Strategy to systematically optimize and adapt the probability distribution of the mutation operators during fuzzing. We implemented a prototype based on the popular general-purpose fuzzer AFL. DARWIN significantly outperforms the state-of-the-art mutation scheduler and the AFL baseline in our own coverage experiment, in FuzzBench, and by finding 15 out of 21 bugs the fastest in the MAGMA benchmark. Finally, DARWIN found 20 unique bugs (including one novel bug), 66% more than AFL, in widely-used real-world applications. |
| Divisions: | 20 Department of Computer Science 20 Department of Computer Science > System Security Lab Profile Areas Profile Areas > Cybersecurity (CYSEC) |
| Date Deposited: | 06 Jul 2023 08:50 |
| Last Modified: | 10 Jul 2023 14:03 |
| PPN: | 509471684 |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Send an inquiry |
Options (only for editors)
 |
Show editorial Details |
Drucken
Impressum