Next Article in Journal
A Novel Rail-Network Hardware Simulator for Embedded System Programming
Next Article in Special Issue
PF-TL: Payload Feature-Based Transfer Learning for Dealing with the Lack of Training Data
Previous Article in Journal
A Public Platform for Virtual IoT-Based Monitoring and Tracking of COVID-19
Article

MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique

School of Cyber Security, Korea University, Seoul 02841, Korea
*
Author to whom correspondence should be addressed.
Electronics 2021, 10(1), 11; https://doi.org/10.3390/electronics10010011
Received: 12 November 2020 / Revised: 10 December 2020 / Accepted: 18 December 2020 / Published: 24 December 2020
(This article belongs to the Special Issue Data-Driven Security)
Evolutionary fuzzers generally work well with typical software programs because of their simple algorithm. However, there is a limitation that some paths with complex constraints cannot be tested even after long execution. Fuzzers based on concolic execution have emerged to address this issue. The concolic execution fuzzers also have limitations in scalability. Recently, the gradient-based fuzzers that use a gradient to mutate inputs have been introduced. Gradient-based fuzzers can be applied to real-world programs and achieve high code coverage. However, there is a problem that the existing gradient-based fuzzers require heavyweight analysis or sufficient learning time. In this paper, we propose a new type of gradient-based fuzzer, MaxAFL, to overcome the limitations of existing gradient-based fuzzers. Our approach constructs an objective function through fine-grained static analysis. After constructing a well-made objective function, we can apply the gradient-based optimization algorithm. We use a modified gradient-descent algorithm to minimize our objective function and propose some probabilistic techniques to escape local optimum. We introduce an adaptive objective function which aims to explore various paths in the program. We implemented MaxAFL based on the original AFL. MaxAFL achieved increase of code coverage per time compared with three other fuzzers in six open-source Linux binaries. We also measured cumulative code coverage per total execution, and MaxAFL outperformed the other fuzzers in this metric. Finally, MaxAFL can also find more bugs than the other fuzzers. View Full-Text
Keywords: fuzzing; optimization; gradient descent; test automation fuzzing; optimization; gradient descent; test automation
Show Figures

Figure 1

MDPI and ACS Style

Kim, Y.; Yoon, J. MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique. Electronics 2021, 10, 11. https://doi.org/10.3390/electronics10010011

AMA Style

Kim Y, Yoon J. MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique. Electronics. 2021; 10(1):11. https://doi.org/10.3390/electronics10010011

Chicago/Turabian Style

Kim, Youngjoon, and Jiwon Yoon. 2021. "MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique" Electronics 10, no. 1: 11. https://doi.org/10.3390/electronics10010011

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop