Vulnerabilities present complexity and diversity, which pose a great threat to the computer systems. Fuzzing is a effective method for vulnerability detection. The exposure of vulnerabilities mainly depends on the quality of the test samples. The traditional fuzzing method has the defect of low code coverage. In order to make up for the shortcomings of traditional fuzzing, this paper proposes a new fuzzer called MCMSFuzzer based on multi-dimensional control of mutation strategy. We model coverage-based graybox fuzzing as a Markov Decision Process, and guide the mutation process by reinforcement learning. MCMSFuzzer optimizes the selection of mutation location, mutation intensity and mutation algorithm to improve quality and efficiency of fuzzing. Experimental results shows that in 5 real-world programs and LAVA-M dataset, MCMSFuzzer has higher code coverage and stronger vulnerability detection capabilities.
CITATION STYLE
Xu, H., Cui, B., & Chen, C. (2022). Fuzzing with Multi-dimensional Control of Mutation Strategy. In Lecture Notes in Networks and Systems (Vol. 279, pp. 276–284). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-79728-7_27
Mendeley helps you to discover research relevant for your work.