P-Fuzz: A Parallel Grey-Box Fuzzing Framework

P-Fuzz: A Parallel Grey-Box Fuzzing Framework

Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algor...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Applied sciences 2019-12, Vol.9 (23), p.5100
Hauptverfasser: Song, Congxi, Zhou, Xu, Yin, Qidi, He, Xinglu, Zhang, Hangwei, Lu, Kai
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Distributed processing
Efficiency
Feedback
Mutation
Nodes
Security
Seeds
Software
Software reliability
Software testing
Workloads
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 23
container_start_page 5100
container_title Applied sciences
container_volume 9
creator Song, Congxi
Zhou, Xu
Yin, Qidi
He, Xinglu
Zhang, Hangwei
Lu, Kai
description Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, we propose another direction of improvement in this field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz. P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. All fuzzing nodes get tasks from the database and update their fuzzing status to the database. Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment. The result shows that P-fuzz can easily speed up AFL about 2.59× and Roving about 1.66× on average by using 4 nodes.
doi_str_mv 10.3390/app9235100
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2533732880</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2533732880</sourcerecordid><originalsourceid>FETCH-LOGICAL-c295t-9a5f21a0c4028c55e98a69b861d980c87e4f915980bdaeb25b9bd2e7ff6b16883</originalsourceid><addsrcrecordid>eNpNUFFLwzAYDKLg2PbiLwj4JkS_JE2a-DaHncLAPehzSNpENru1Jiu6_fp1THD3cgd33MEhdEPhnnMND7ZtNeOCAlygAYNcEp7R_PJMX6NxSivooSlXFAaILEjR7fePeIIXNtq69jWeRb8jT80vPjrLzScuol37nyZ-jdBVsHXy4z8eoo_i-X36QuZvs9fpZE5KpsWWaCsCoxbKDJgqhfBaWamdkrTSCkqV-yxoKnrtKusdE067ivk8BOmoVIoP0e2pt43Nd-fT1qyaLm76ScME5zlnSkGfujulytikFH0wbVyubdwZCub4iPl_hB8AubtQvQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2533732880</pqid></control><display><type>article</type><title>P-Fuzz: A Parallel Grey-Box Fuzzing Framework</title><source>DOAJ Directory of Open Access Journals</source><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Song, Congxi ; Zhou, Xu ; Yin, Qidi ; He, Xinglu ; Zhang, Hangwei ; Lu, Kai</creator><creatorcontrib>Song, Congxi ; Zhou, Xu ; Yin, Qidi ; He, Xinglu ; Zhang, Hangwei ; Lu, Kai</creatorcontrib><description>Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, we propose another direction of improvement in this field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz. P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. All fuzzing nodes get tasks from the database and update their fuzzing status to the database. Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment. The result shows that P-fuzz can easily speed up AFL about 2.59× and Roving about 1.66× on average by using 4 nodes.</description><identifier>ISSN: 2076-3417</identifier><identifier>EISSN: 2076-3417</identifier><identifier>DOI: 10.3390/app9235100</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Algorithms ; Distributed processing ; Efficiency ; Feedback ; Mutation ; Nodes ; Security ; Seeds ; Software ; Software reliability ; Software testing ; Workloads</subject><ispartof>Applied sciences, 2019-12, Vol.9 (23), p.5100</ispartof><rights>2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c295t-9a5f21a0c4028c55e98a69b861d980c87e4f915980bdaeb25b9bd2e7ff6b16883</citedby><cites>FETCH-LOGICAL-c295t-9a5f21a0c4028c55e98a69b861d980c87e4f915980bdaeb25b9bd2e7ff6b16883</cites><orcidid>0000-0002-7672-0915</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,864,27924,27925</link.rule.ids></links><search><creatorcontrib>Song, Congxi</creatorcontrib><creatorcontrib>Zhou, Xu</creatorcontrib><creatorcontrib>Yin, Qidi</creatorcontrib><creatorcontrib>He, Xinglu</creatorcontrib><creatorcontrib>Zhang, Hangwei</creatorcontrib><creatorcontrib>Lu, Kai</creatorcontrib><title>P-Fuzz: A Parallel Grey-Box Fuzzing Framework</title><title>Applied sciences</title><description>Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, we propose another direction of improvement in this field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz. P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. All fuzzing nodes get tasks from the database and update their fuzzing status to the database. Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment. The result shows that P-fuzz can easily speed up AFL about 2.59× and Roving about 1.66× on average by using 4 nodes.</description><subject>Algorithms</subject><subject>Distributed processing</subject><subject>Efficiency</subject><subject>Feedback</subject><subject>Mutation</subject><subject>Nodes</subject><subject>Security</subject><subject>Seeds</subject><subject>Software</subject><subject>Software reliability</subject><subject>Software testing</subject><subject>Workloads</subject><issn>2076-3417</issn><issn>2076-3417</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNpNUFFLwzAYDKLg2PbiLwj4JkS_JE2a-DaHncLAPehzSNpENru1Jiu6_fp1THD3cgd33MEhdEPhnnMND7ZtNeOCAlygAYNcEp7R_PJMX6NxSivooSlXFAaILEjR7fePeIIXNtq69jWeRb8jT80vPjrLzScuol37nyZ-jdBVsHXy4z8eoo_i-X36QuZvs9fpZE5KpsWWaCsCoxbKDJgqhfBaWamdkrTSCkqV-yxoKnrtKusdE067ivk8BOmoVIoP0e2pt43Nd-fT1qyaLm76ScME5zlnSkGfujulytikFH0wbVyubdwZCub4iPl_hB8AubtQvQ</recordid><startdate>20191201</startdate><enddate>20191201</enddate><creator>Song, Congxi</creator><creator>Zhou, Xu</creator><creator>Yin, Qidi</creator><creator>He, Xinglu</creator><creator>Zhang, Hangwei</creator><creator>Lu, Kai</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-7672-0915</orcidid></search><sort><creationdate>20191201</creationdate><title>P-Fuzz: A Parallel Grey-Box Fuzzing Framework</title><author>Song, Congxi ; Zhou, Xu ; Yin, Qidi ; He, Xinglu ; Zhang, Hangwei ; Lu, Kai</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c295t-9a5f21a0c4028c55e98a69b861d980c87e4f915980bdaeb25b9bd2e7ff6b16883</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Algorithms</topic><topic>Distributed processing</topic><topic>Efficiency</topic><topic>Feedback</topic><topic>Mutation</topic><topic>Nodes</topic><topic>Security</topic><topic>Seeds</topic><topic>Software</topic><topic>Software reliability</topic><topic>Software testing</topic><topic>Workloads</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Song, Congxi</creatorcontrib><creatorcontrib>Zhou, Xu</creatorcontrib><creatorcontrib>Yin, Qidi</creatorcontrib><creatorcontrib>He, Xinglu</creatorcontrib><creatorcontrib>Zhang, Hangwei</creatorcontrib><creatorcontrib>Lu, Kai</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Applied sciences</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Song, Congxi</au><au>Zhou, Xu</au><au>Yin, Qidi</au><au>He, Xinglu</au><au>Zhang, Hangwei</au><au>Lu, Kai</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>P-Fuzz: A Parallel Grey-Box Fuzzing Framework</atitle><jtitle>Applied sciences</jtitle><date>2019-12-01</date><risdate>2019</risdate><volume>9</volume><issue>23</issue><spage>5100</spage><pages>5100-</pages><issn>2076-3417</issn><eissn>2076-3417</eissn><abstract>Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, we propose another direction of improvement in this field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz. P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. All fuzzing nodes get tasks from the database and update their fuzzing status to the database. Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment. The result shows that P-fuzz can easily speed up AFL about 2.59× and Roving about 1.66× on average by using 4 nodes.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/app9235100</doi><orcidid>https://orcid.org/0000-0002-7672-0915</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2076-3417
ispartof Applied sciences, 2019-12, Vol.9 (23), p.5100
issn 2076-3417
2076-3417
language eng
recordid cdi_proquest_journals_2533732880
source DOAJ Directory of Open Access Journals; MDPI - Multidisciplinary Digital Publishing Institute; EZB-FREE-00999 freely available EZB journals
subjects Algorithms
Distributed processing
Efficiency
Feedback
Mutation
Nodes
Security
Seeds
Software
Software reliability
Software testing
Workloads
title P-Fuzz: A Parallel Grey-Box Fuzzing Framework
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T15%3A11%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=P-Fuzz:%20A%20Parallel%20Grey-Box%20Fuzzing%20Framework&rft.jtitle=Applied%20sciences&rft.au=Song,%20Congxi&rft.date=2019-12-01&rft.volume=9&rft.issue=23&rft.spage=5100&rft.pages=5100-&rft.issn=2076-3417&rft.eissn=2076-3417&rft_id=info:doi/10.3390/app9235100&rft_dat=%3Cproquest_cross%3E2533732880%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2533732880&rft_id=info:pmid/&rfr_iscdi=true