An Improvement of AFL Based on the Function Call Depth

Tiankai Li,Jianping Li,Xi He
DOI: https://doi.org/10.1109/iccwamtip53232.2021.9674138
2021-01-01
Abstract:Fuzzing is a technology that can automatically discover the vulnerabilities of the target program. It generates test cases from the seeds and runs the target program, monitors the abnormal behavior of the target program, and then discovers test samples that can trigger the vulnerabilities. As one of the cornerstones of the fuzzing field, American Fuzzy Lop (AFL) has been widely studied by industry and academia because of its high efficiency and strong practicability. After an in-depth study of AFL and its improved version AFLFast, it is found that gray-box fuzzing tools represented by AFL are more concerned with edge coverage and do not use function call depth as one of the indicators. This paper introduces the function call depth as one of the coverage indicators, optimizes the non-deterministic mutation stage of AFL, and developed a demo deepAFL. Experiments are carried out on the LAVA-M test set. The results show that the effectiveness of seeds and the efficiency of fuzzing are improved.
What problem does this paper attempt to address?