Fuzzing is a widely used software testing technique that inputs random data to uncover bugs. Coverage-guided fuzzing (CGF) is one of the most successful approaches, which uses code coverage feedback to guide testing. It randomly mutates bytes of the entire input file to find interesting inputs, which often results in a large search space. Existing fuzzers need to analyze the entire input file for mutation, leading to inefficiencies. To overcome this limitation, we propose Hook-Based Fuzz (HBFuzz), a heuristic fuzzing method that focuses only on the data that the program actually reads. By tracking data flow through hooking mechanisms, HBFuzz narrows the search space and significantly improves fuzzing efficiency. We evaluate HBFuzz on 16 real-world programs and the MAGMA benchmark, which includes various common software vulnerabilities. Experimental results demonstrate that HBFuzz achieves 2.17%–23.52% higher code coverage compared to other fuzzers and uncovers the highest number of unique vulnerabilities. Additionally, it outperforms competitors in bug discovery speed, emerging as the fastest in uncovering 23 of the evaluated vulnerabilities.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

High-Efficiency Fuzzing Technique Using Hooked I/O System Calls for Targeted Input Analysis

  • Wenju Sun,
  • Xi Xiao,
  • Qiben Yan,
  • Guangwu Hu,
  • Qing Li,
  • Chuan Chen

摘要

Fuzzing is a widely used software testing technique that inputs random data to uncover bugs. Coverage-guided fuzzing (CGF) is one of the most successful approaches, which uses code coverage feedback to guide testing. It randomly mutates bytes of the entire input file to find interesting inputs, which often results in a large search space. Existing fuzzers need to analyze the entire input file for mutation, leading to inefficiencies. To overcome this limitation, we propose Hook-Based Fuzz (HBFuzz), a heuristic fuzzing method that focuses only on the data that the program actually reads. By tracking data flow through hooking mechanisms, HBFuzz narrows the search space and significantly improves fuzzing efficiency. We evaluate HBFuzz on 16 real-world programs and the MAGMA benchmark, which includes various common software vulnerabilities. Experimental results demonstrate that HBFuzz achieves 2.17%–23.52% higher code coverage compared to other fuzzers and uncovers the highest number of unique vulnerabilities. Additionally, it outperforms competitors in bug discovery speed, emerging as the fastest in uncovering 23 of the evaluated vulnerabilities.