Go to OpenReview Archive homepageIDFuzz: Intelligent Directed Grey-box Fuzzing
Abstract: Directed grey-box fuzzing aims to test target code in programs
and is widely utilized in various scenarios, including patch
testing, candidate vulnerability confirmation, and known vul-
nerability reproduction. However, we find that existing di-
rected fuzzers generally lack effective input mutation strate-
gies and resort to the randomness and empiricism inherent in
AFL-based strategies, which prove to be inefficient in directed
fuzzing contexts.
This paper presents IDFUZZ, an intelligent input mutation
solution for directed fuzzing. Our key insight is to leverage
a neural network model to learn from historically mutated
inputs and extract useful experience that can guide input mu-
tation towards the target code. We introduce several novel
techniques in model construction and model training, which
help build a model that well captures experience on how to
cover both explored and unexplored code relevant to the target.
We further devise a refined model gradient-guided scheme
that leverages the experience to locate critical input fields
and develop a directed input mutation strategy. We imple-
ment IDFUZZ as an input mutation module that complements
most open-source state-of-the-art directed fuzzers. In our
evaluation, IDFUZZ significantly accelerates existing directed
fuzzers by over 2.48x in reproducing target vulnerabilities
on the Google Fuzzer Test Suite. Moreover, we demonstrate
that IDFUZZ helps existing directed fuzzers reduce ineffective
mutations by 91.86%. Lastly, we detected 6 previously un-
known vulnerabilities with 4 CVE IDs assigned so far and 1
incomplete fix of a high-severity vulnerability in well-tested
real-world software using IDFUZZ.
Loading