SYNTONY: Potential-Aware Fuzzing with Particle Swarm Optimization

Xiajing Wang,Rui Ma,Wei Huo,Zheng Zhang,Jinyuan He,Chaonan Zhang,Donghai Tian
DOI: https://doi.org/10.1016/j.jss.2023.111880
IF: 3.5
2023-10-17
Journal of Systems and Software
Abstract:Fuzzing has gained significant traction in academic research as well as industry thanks to its effectiveness for discovering software vulnerabilities. However, even the state-of-the-art fuzzers are not very efficient at identifying promising seeds. Coverage-guided fuzzers, while fast and scalable, usually employ single criterion to evaluate the quality of seeds, which may incur bias and pass up optimal seeds. In this paper, we devise a novel potential-aware fuzzing scheme, namely SYNTONY, which seeks to measure seed potential utilizing multiple objectives and prioritize promising seeds that are more likely to generate interesting seeds via mutation. More specifically, SYNTONY leverages efficient swarm intelligence techniques like Particle Swarm Optimization (PSO) to explore multi-criteria seed selection, which allows SYNTONY to choose effectively promising seeds. Furthermore, we introduce decent power scheduling strategy to discover significantly more paths or crashes by gravitating towards more potential seeds. We implement this scheme on top of several state-of-the-art fuzzers, i.e., AFL, AFL++, FairFuzz, and PTFuzz. Our evaluations on 11 popular real-world programs demonstrate that SYNTONY significantly increases the number of unique crashes triggered and edge coverage discovered by 132.06% and 28.69% over AFL++. Further comparison also shows that SYNTONY outperforms other state-of-the-art fuzzers, e.g., AFL, FairFuzz, and PTFuzz. Also, extensive evaluations illustrate that SYNTONY provides a great compatibility and expansibility, while introducing negligible overhead.
computer science, theory & methods, software engineering
What problem does this paper attempt to address?