Tongxin xuebao (Nov 2019)
Method to improve edge coverage in fuzzing
Abstract
Aiming at the problems of incomplete edge coverage,insufficient uses of edge coverage information and valid bytes information in AFL (American fuzz lop),a novel method was proposed.Firstly,a new seed selection algorithm was introduced,which could completely cover all edges discovered in one cycle.Secondly,the paths were scored according to the frequency of edges,to adjust the number of tests for each seed.Finally,more mutations were crafted on the valid bytes of AFL.Based on the method above,a new fuzzing tool named efuzz was implemented.Experiment results demonstrate that efuzz outperforms AFL and AFLFast in the edge coverage,with the increases of 5% and 9% respectively.In the LAVA-M dataset,efuzz found more vulnerabilities than AFL.Moreever,in real world applications efuzz has found three new security bugs with CVEs assigned.The method can effectively improve the edge coverage and vulnerability detection ability of fuzzer.
