Skip to main content

2018 | OriginalPaper | Buchkapitel

ADFL: An Improved Algorithm for American Fuzzy Lop in Fuzz Testing

verfasst von : Chenxin Wang, Shunyao Kang

Erschienen in: Cloud Computing and Security

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Fuzz testing is an effective software testing technology being used to find correctness problems and security issues in software. AFL (American Fuzzy Lop) is one of the most advanced fuzzy testing tools. However, it is difficult for AFL to explore deeper parts of the program. This paper proposes an improved method called ADFL for low hit branch of the tested program to solve this problem. The method first optimizes the selection strategy for seed files, and secondly generates test cases with hits and low hits at higher frequencies during the mutation phase. The experimental results show that compared with the latest version of AFL, the coverage of ADFL is significantly increased in 24 h than AFL. ADFL can cover more branches than AFL in each benchmark program and improve branch coverage of program refactoring by 19.7% and 74.5%. Moreover, ADFL can indeed find more bugs, especially for deep nested test programs.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
3.
Zurück zum Zitat Bohme, M., Pham, V.T., Nszguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: ACM SIGSAC Conference on Computer and Communications Securit, pp. 2329–2344. ACM, Dallas (2017) Bohme, M., Pham, V.T., Nszguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: ACM SIGSAC Conference on Computer and Communications Securit, pp. 2329–2344. ACM, Dallas (2017)
4.
Zurück zum Zitat Bohme, M., Pham, V.T., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1032–1043. ACM, Vienna (2016) Bohme, M., Pham, V.T., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1032–1043. ACM, Vienna (2016)
6.
Zurück zum Zitat Fraser, G., Arcuri, A.: EvoSuite: automatic test suite generation for object-oriented software. In: ACM SIGSOFT Symposium on the Foundations of Software EngineeringSIGSOFT/FSE 2011, pp. 416–419. DBLP, Szeged (2011) Fraser, G., Arcuri, A.: EvoSuite: automatic test suite generation for object-oriented software. In: ACM SIGSOFT Symposium on the Foundations of Software EngineeringSIGSOFT/FSE 2011, pp. 416–419. DBLP, Szeged (2011)
8.
Zurück zum Zitat Holler, C., Herzig, K., Zeller, A.: Fuzzing with code fragments. In: Proceedings of Usenix Security, pp. 445–458 (2012) Holler, C., Herzig, K., Zeller, A.: Fuzzing with code fragments. In: Proceedings of Usenix Security, pp. 445–458 (2012)
9.
Zurück zum Zitat Householder, A.D., Foote, J.M.: Probability-Based Parameter Selection for Black-Box Fuzz Testing (2012) Householder, A.D., Foote, J.M.: Probability-Based Parameter Selection for Black-Box Fuzz Testing (2012)
10.
Zurück zum Zitat Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: Joint Meeting on Foundations of Software Engineering, pp. 627–637. ACM, Paderborn (2017) Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: Joint Meeting on Foundations of Software Engineering, pp. 627–637. ACM, Paderborn (2017)
12.
Zurück zum Zitat Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Network and Distributed System Security Symposium (2016) Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Network and Distributed System Security Symposium (2016)
Metadaten
Titel
ADFL: An Improved Algorithm for American Fuzzy Lop in Fuzz Testing
verfasst von
Chenxin Wang
Shunyao Kang
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-030-00018-9_3