Top

Published in:

2018 | OriginalPaper | Chapter

ADFL: An Improved Algorithm for American Fuzzy Lop in Fuzz Testing

Authors : Chenxin Wang, Shunyao Kang

Published in: Cloud Computing and Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Fuzz testing is an effective software testing technology being used to find correctness problems and security issues in software. AFL (American Fuzzy Lop) is one of the most advanced fuzzy testing tools. However, it is difficult for AFL to explore deeper parts of the program. This paper proposes an improved method called ADFL for low hit branch of the tested program to solve this problem. The method first optimizes the selection strategy for seed files, and secondly generates test cases with hits and low hits at higher frequencies during the mutation phase. The experimental results show that compared with the latest version of AFL, the coverage of ADFL is significantly increased in 24 h than AFL. ADFL can cover more branches than AFL in each benchmark program and improve branch coverage of program refactoring by 19.7% and 74.5%. Moreover, ADFL can indeed find more bugs, especially for deep nested test programs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Accurate UHF Tag Authentication Using Near-Field Capabilities

next chapter An Improved Distributed PCA-Based Outlier Detection in Wireless Sensor Network

laf-tintel. https://lafintel.wordpress.com/. Accessed 23 Aug 2017

Fuzzing for Security. https://blog.chromium.org/2012/04/fuzzing-for-security.html. Accessed 21 June 2017

Bohme, M., Pham, V.T., Nszguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: ACM SIGSAC Conference on Computer and Communications Securit, pp. 2329–2344. ACM, Dallas (2017)

Bohme, M., Pham, V.T., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1032–1043. ACM, Vienna (2016)

Fuzzing at Scale. https://security.googleblog.com/2011/08/fuzzing-at-scale.html. Accessed 21 June 2017

Fraser, G., Arcuri, A.: EvoSuite: automatic test suite generation for object-oriented software. In: ACM SIGSOFT Symposium on the Foundations of Software EngineeringSIGSOFT/FSE 2011, pp. 416–419. DBLP, Szeged (2011)

zzuf. http://caca.zoy.org/wiki/zzuf/. Accessed 10 May 2017

Holler, C., Herzig, K., Zeller, A.: Fuzzing with code fragments. In: Proceedings of Usenix Security, pp. 445–458 (2012)

Householder, A.D., Foote, J.M.: Probability-Based Parameter Selection for Black-Box Fuzz Testing (2012)

10.

Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: Joint Meeting on Foundations of Software Engineering, pp. 627–637. ACM, Paderborn (2017)

11.

Guided in-process fuzzing of Chrome components. https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome. Accessed 10 July 2017

12.

Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Network and Distributed System Security Symposium (2016)

13.

American Fuzzy Lop. http://lcamtuf.coredump.cx/afl. Accessed 2 Aug 2017

14.

Unique crashes as a metric. https://groups.google.com/d/msg/afl-users/fOPeb62FZUg/LYxgPYheDwAJ. Accessed 2 June 2017

15.

American Fuzzy Lop Technical Details. http://lcamtuf.coredump.cx/afl/technical_details.txt. Accessed 2 Aug 2017

Title: ADFL: An Improved Algorithm for American Fuzzy Lop in Fuzz Testing
Authors: Chenxin Wang
Shunyao Kang
Publisher: Springer International Publishing
Book: Cloud Computing and Security
Print ISBN: 978-3-030-00017-2

Electronic ISBN: 978-3-030-00018-9

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-030-00018-9_3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner