DocFuzz: A Directed Fuzzing Method Based on a Feedback Mechanism Mutator

IF 5 2区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE International Journal of Intelligent Systems Pub Date : 2024-12-11 DOI:10.1155/int/7931792

Lixia Xie, Yuheng Zhao, Hongyu Yang, Ziwen Zhao, Ze Hu, Liang Zhang, Xiang Cheng

{"title":"DocFuzz: A Directed Fuzzing Method Based on a Feedback Mechanism Mutator","authors":"Lixia Xie, Yuheng Zhao, Hongyu Yang, Ziwen Zhao, Ze Hu, Liang Zhang, Xiang Cheng","doi":"10.1155/int/7931792","DOIUrl":null,"url":null,"abstract":"<div>\n <p>In response to the limitations of traditional fuzzing approaches that rely on static mutators and fail to dynamically adjust their test case mutations for deeper testing, resulting in the inability to generate targeted inputs to trigger vulnerabilities, this paper proposes a directed fuzzing methodology termed DocFuzz, which is predicated on a feedback mechanism mutator. Initially, a sanitizer is used to target the source code of the tested program and stake in code blocks that may have vulnerabilities. After this, a taint tracking module is used to associate the target code block with the bytes in the test case, forming a high-value byte set. Then, the reinforcement learning mutator of DocFuzz is used to mutate the high-value byte set, generating well-structured inputs that can cover the target code blocks. Finally, utilizing the feedback mechanism of DocFuzz, when the reinforcement learning mutator converges and ceases to optimize, the fuzzer is rebooted to continue mutating toward directions that are more likely to trigger vulnerabilities. Comparative experiments are conducted on multiple test sets, including LAVA-M, and the experimental results demonstrate that the proposed DocFuzz methodology surpasses other fuzzing techniques, offering a more precise, rapid, and effective means of detecting vulnerabilities in source code.</p>\n </div>","PeriodicalId":14089,"journal":{"name":"International Journal of Intelligent Systems","volume":"2024 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1155/int/7931792","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1155/int/7931792","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

In response to the limitations of traditional fuzzing approaches that rely on static mutators and fail to dynamically adjust their test case mutations for deeper testing, resulting in the inability to generate targeted inputs to trigger vulnerabilities, this paper proposes a directed fuzzing methodology termed DocFuzz, which is predicated on a feedback mechanism mutator. Initially, a sanitizer is used to target the source code of the tested program and stake in code blocks that may have vulnerabilities. After this, a taint tracking module is used to associate the target code block with the bytes in the test case, forming a high-value byte set. Then, the reinforcement learning mutator of DocFuzz is used to mutate the high-value byte set, generating well-structured inputs that can cover the target code blocks. Finally, utilizing the feedback mechanism of DocFuzz, when the reinforcement learning mutator converges and ceases to optimize, the fuzzer is rebooted to continue mutating toward directions that are more likely to trigger vulnerabilities. Comparative experiments are conducted on multiple test sets, including LAVA-M, and the experimental results demonstrate that the proposed DocFuzz methodology surpasses other fuzzing techniques, offering a more precise, rapid, and effective means of detecting vulnerabilities in source code.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

DocFuzz：一种基于反馈机制的定向模糊方法

传统模糊测试方法依赖于静态突变，无法动态调整其测试用例突变以进行更深入的测试，导致无法生成触发漏洞的目标输入，针对这一局限性，本文提出了一种基于反馈机制突变的定向模糊测试方法，称为DocFuzz。最初，杀毒程序用于针对被测试程序的源代码，并锁定可能存在漏洞的代码块。在此之后，使用一个污点跟踪模块将目标代码块与测试用例中的字节关联起来，形成一个高值字节集。然后，使用DocFuzz的强化学习变异体对高值字节集进行变异体，生成结构良好的可以覆盖目标代码块的输入。最后，利用DocFuzz的反馈机制，当强化学习变异体收敛并停止优化时，重新启动模糊器，继续向更有可能触发漏洞的方向突变。在包括LAVA-M在内的多个测试集上进行了对比实验，实验结果表明，DocFuzz方法优于其他模糊测试技术，提供了一种更精确、快速、有效的源代码漏洞检测手段。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Intelligent Systems 工程技术-计算机：人工智能

CiteScore

11.30

自引率

14.30%

发文量

304

审稿时长

9 months

期刊介绍： The International Journal of Intelligent Systems serves as a forum for individuals interested in tapping into the vast theories based on intelligent systems construction. With its peer-reviewed format, the journal explores several fascinating editorials written by today''s experts in the field. Because new developments are being introduced each day, there''s much to be learned — examination, analysis creation, information retrieval, man–computer interactions, and more. The International Journal of Intelligent Systems uses charts and illustrations to demonstrate these ground-breaking issues, and encourages readers to share their thoughts and experiences.