CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 12714 > Article
Paper
26 June 2023 Fine-grained mutation strategy based on critical bytes
Chaochao Kong, Fan Zhang
Author Affiliations +
Proceedings Volume 12714, International Conference on Computer Network Security and Software Engineering (CNSSE 2023); 127141O (2023) https://doi.org/10.1117/12.2683403
Event: Third International Conference on Computer Network Security and Software Engineering (CNSSE 2023), 2023, Sanya, China
Abstract
Fuzzing is a vulnerability mining approach with high execution speed, but lacks data flow and program state information, resulting in it being difficult to pass complex branching conditions. The FTI (Fuzzing-based taint inference) method proposed by Greyone is lightweight and has faster execution speed and lower execution environment requirements than the traditional taint analysis based on contamination propagation. FTI can obtain critical bytes in the input corresponding to branching conditions and perform mutation for the critical bytes, which can effectively pass complex branching conditions and improve the mutation of fuzz testing. efficiency. In this paper, we propose a fine-grained mutation strategy based on critical bytes. We identify the critical bytes in the input by FTI (Fuzzing taint inference) and execute a fine-grained mutation strategy on these critical bytes, including input corresponding states based on critical bytes, linear search, and random mutation, so that we can pass more branching constraints and eventually improve the coverage rate. Experimental results show that the method in this paper increases the edge coverage by 9% compared to AFL++, effectively improving the ability of fuzzing to pass complex branching conditions.
© (2023) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Chaochao Kong and Fan Zhang "Fine-grained mutation strategy based on critical bytes", Proc. SPIE 12714, International Conference on Computer Network Security and Software Engineering (CNSSE 2023), 127141O (26 June 2023); https://doi.org/10.1117/12.2683403
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 4 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Analytical research
Contamination
Mining
Computer science
Error control coding
Fluctuations and noise
RELATED CONTENT
Study on optimization regulation algorithm and application of mine ventilation...
Proceedings of SPIE (June 01 2023)
Filtering decision rules using generators and closed itemsets
Proceedings of SPIE (September 11 2015)
A topological-based spatial data clustering
Proceedings of SPIE (April 20 2016)
The interestingness of association rules
Proceedings of SPIE (March 21 2003)
Gas monitoring and control for upper corner of longwall based...
Proceedings of SPIE (October 28 2006)
Measuring engagement effectiveness in social media
Proceedings of SPIE (February 21 2012)
Using KDD to analyze the impact of curriculum revisions in...
Proceedings of SPIE (April 06 2000)
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top