ISBN: 978-981-18-7950-0 DOI: 10.18178/wcse.2023.06.005
DGFuzz: Dynamically Constructing Control Flow Graph to Guide Greybox Fuzzing
Abstract—In this era of information explosion, software with various functions is emerging and the harm that software vulnerabilities can cause is increasing. Coverage-based greybox fuzzing (CGF) is already known as one of the most effective software vulnerability detection methods available, due to its simple principle and excellent results. However, the mutator is blind to the exploration of undiscovered paths, it cannot know how to search the input space to explore new paths, and can only mutate all input bytes or random bytes in an attempt to search for new paths. In this paper, we propose a method based on the dynamic construction of control flow graph to guide the mutation direction of the fuzzing. Based on the explored control flow information, we can analyze where still unexplored basic blocks remain and combine with input branch dependency analysis to mutate toward unexplored paths. We implemented a prototype DGFuzz and benchmarked it against four other state-of-the-art fuzzers. The evaluation results show that DGFuzz can discover more new branches than other fuzzers.
Index Terms—fuzzing, vulnerability detection, code coverage
Wenjie Lv, Xiaoqi Song
College of Information Science and Engineering, Ocean University of China, CHINA
Cong Wang, Wenbin Zhang
Information and Telecommunications Company, State Grid Shandong Electric Power Company, CHINA
Haipeng Qu
College of Information Science and Engineering, Ocean University of China, CHINA
Cite: Wenjie Lv, Xiaoqi Song, Cong Wang, Wenbin Zhang, Haipeng Qu, "DGFuzz: Dynamically Constructing Control Flow Graph to Guide Greybox Fuzzing" Proceedings of 2023 the 13th International Workshop on Computer Science and Engineering (WCSE 2023), pp. 26-30, June 16-18, 2023.