Go to DBLP homepageHigh-Efficiency Fuzzing Technique Using Hooked I/O System Calls for Targeted Input Analysis
Abstract: Fuzzing is a widely used software testing technique that inputs random data to uncover bugs. Coverage-guided fuzzing (CGF) is one of the most successful approaches, which uses code coverage feedback to guide testing. It randomly mutates bytes of the entire input file to find interesting inputs, which often results in a large search space. Existing fuzzers need to analyze the entire input file for mutation, leading to inefficiencies. To overcome this limitation, we propose Hook-Based Fuzz (HBFuzz), a heuristic fuzzing method that focuses only on the data that the program actually reads. By tracking data flow through hooking mechanisms, HBFuzz narrows the search space and significantly improves fuzzing efficiency. We evaluate HBFuzz on 16 real-world programs and the MAGMA benchmark, which includes various common software vulnerabilities. Experimental results demonstrate that HBFuzz achieves 2.17%–23.52% higher code coverage compared to other fuzzers and uncovers the highest number of unique vulnerabilities. Additionally, it outperforms competitors in bug discovery speed, emerging as the fastest in uncovering 23 of the evaluated vulnerabilities.
External IDs:dblp:conf/esorics/SunXYHLC25
Loading