Open Access

ARTICLE

FastAFLGo: Toward a Directed Greybox Fuzzing

Chunlai Du¹, Tong Jin¹, Yanhui Guo^2,*, Binghao Jia¹, Bin Li³

1 School of Information Science and Technology, North China University of Technology, Beijing, 100144, China
2 Department of Computer Science, University of Illinois Springfield, Springfield, 62703, IL, USA
3 Civil Aviation Management Institute of China, Beijing, 100102, China

* Corresponding Author: Yanhui Guo. Email:

Computers, Materials & Continua 2021, 69(3), 3845-3855. https://doi.org/10.32604/cmc.2021.017697

Received 07 February 2021; Accepted 26 April 2021; Issue published 24 August 2021

Abstract

While the size and complexity of software are rapidly increasing, not only is the number of vulnerabilities increasing, but their forms are diversifying. Vulnerability has become an important factor in network attack and defense. Therefore, automatic vulnerability discovery has become critical to ensure software security. Fuzzing is one of the most important methods of vulnerability discovery. It is based on the initial input, i.e., a seed, to generate mutated test cases as new inputs of a tested program in the next execution loop. By monitoring the path coverage, fuzzing can choose high-value test cases for inclusion in the new seed set and capture crashes used for triggering vulnerabilities. Although there have been remarkable achievements in terms of the number of discovered vulnerabilities, the reduction of time cost is still inadequate. This paper proposes a fast directed greybox fuzzing model, FastAFLGo. A fast convergence formula of temperature is designed, and the energy scheduling scheme can quickly determine the best seed to make the program execute toward the target basic blocks. Experimental results show that FastAFLGo can discover more vulnerabilities than the traditional fuzzing method in the same execution time.

---

Keywords

---