Optimization And Improvement Of Grey-box Fuzzing Techniques

Fuzzing is an important technique in the field of vulnerability discovery.Since it is both light-weight and effective,many high-impact vulnerabilities are exposed by fuzzing.Fuzzing can be divided into white-box,black-box and grey-box fuzzing respectively,in which grey-box fuzzing is widely studied with intensive focus by researchers,e.g.American Fuzzy Lop(AFL).Though grey-box fuzzing is widely adopted,there are some common drawbacks.First,most fuzzers don't take the priority of seed files into consideration.Consequently,those seeds that can crash the target program are not executed in a testing cycle,leading to dramatically performance weakening of fuzzing testing.Moreover,ordinary grey-box fuzzing techniques leverage poor seed mutation strategy,thus some program paths will be covered frequently and some are not,which are called highfrequency and low-frequency path.Additionally,program feedback mechanisms which fuzzers adopt need to be improved.For example,compile-time instrumentation relies on source code,dynamic binary instrumentation suffers from huge overhead and so on.We need an optimized feedback mechanism to improve current grey-box fuzzing techniques.In this thesis,in order to solve the above three drawbacks of grey-box fuzzing,we propose three optimization approaches respectively and construct the corresponding models.For seed selection,we combine test case prioritization techniques with grey-box fuzzing,which can prioritize and execute more useful seeds and considerably improve the efficiency of fuzzing testing.Furthermore,we optimize current seed mutation strategy and avoid the problem of high-frequency or low-frequency path,leading to symmetrical distribution of path coverage and improved completeness of grey-box fuzzing.As for program feedback mechanism,we leverage Intel Processor Trace technology to capture execution feedback information in a fast way independent of source code.Moreover,we implement prototypes based on the above approaches and conduct experiments.The results demonstrate that our optimization methods of grey-box fuzzing gain considerable improvement over former fuzzing techniques.