Sun, Y.; Xu, X. TAEF: A Task Allocation-Based Ensemble Fuzzing Framework for Optimizing the Advantages of Heterogeneous Fuzzers. Appl. Sci.2023, 13, 13042.
Sun, Y.; Xu, X. TAEF: A Task Allocation-Based Ensemble Fuzzing Framework for Optimizing the Advantages of Heterogeneous Fuzzers. Appl. Sci. 2023, 13, 13042.
Sun, Y.; Xu, X. TAEF: A Task Allocation-Based Ensemble Fuzzing Framework for Optimizing the Advantages of Heterogeneous Fuzzers. Appl. Sci.2023, 13, 13042.
Sun, Y.; Xu, X. TAEF: A Task Allocation-Based Ensemble Fuzzing Framework for Optimizing the Advantages of Heterogeneous Fuzzers. Appl. Sci. 2023, 13, 13042.
Abstract
Ensemble fuzzing in parallel with heterogeneous fuzzers has been proposed to leverage the advantages of diverse fuzzers and improve testing efficiency. However, in current ensemble fuzzing methods, the collaboration among different fuzzers is achieved solely by synchronizing the seeds discovered by each fuzzer. This results in a high likelihood of different fuzzers choosing the same seeds and creating a large number of equivalent testcases, thus reducing overall fuzzing efficiency. Meanwhile, the existing task division method proposed by AFLTeam is highly coupled with the fuzzer specially designed for it, making it challenging to apply to ensemble fuzzing directly. So, in this paper, we proposed a callgraph-based task division method suitable for ensemble fuzzing. Firstly, we divided the target program’s callgraph into subgraphs (subtasks) balancing expected workloads. Then, we divided the global seed corpus into sub-corpora, each corresponding to a subtask, making fuzzers easily accept the subtasks. Finally, we designed synchronization mechanisms for coverage bitmaps and seeds to realize the collaborative fuzzing among different fuzzers, and a cyclic subtask scheduling strategy to fully leverage the benefits of ensemble fuzzing. We have implemented a prototype called TAEF. The evaluation results show that in the best-case scenario, our method has up to 24% more branch coverage than previous work.
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.