Journal article

Smart Greybox Fuzzing

VT Pham, M Boehme, AE Santosa, AR Caciulescu, A Roychoudhury

IEEE Transactions on Software Engineering | Institute of Electrical and Electronics Engineers (IEEE) | Published : 2019

Abstract

Coverage-based greybox fuzzing (CGF) is one of the most successful approaches for automated vulnerability detection. Given a seed file (as a sequence of bits), a CGF randomly flips, deletes or copies some bits to generate new files. CGF iteratively constructs (and fuzzes) a seed corpus by retaining those generated files which enhance coverage. However, random bitflips are unlikely to produce valid files (or valid chunks in files), for applications processing complex file formats. In this work, we introduce smart greybox fuzzing (SGF) which leverages a high-level structural representation of the seed file to generate new files. We define innovative mutation operators that work on the virtual ..

View full abstract

Grants

Citation metrics