On Understanding and Forecasting Fuzzers Performance with Static Analysis

On Understanding and Forecasting Fuzzers Performance with Static Analysis

연구 분야: Analysis

학회: CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

Fuzz testing, a technique for detecting critical software vulnerabilities, combines various methodologies from previous research to improve its effectiveness. For fuzzing practitioners, it is imperative to comprehend the effects of distinct techniques and select the ideal configuration customized to the program they need to test. However, evaluating the individual contributions of these techniques is often very difficult. Prior research compared assembled fuzzers and studied their affinity with different programs. Nevertheless, assembled fuzzers cannot be easily broken down into independent components, and therefore, the evaluation does not clarify which technique explains the performance of the fuzzer. Without understanding the potential impact of integrating different fuzzing techniques, it becomes even more challenging to adjust the fuzzer configuration for different programs under test. Our research tackles this challenge by introducing a novel approach that correlates static analysis features extracted at compile time with the performance results of various fuzzing techniques. Our method uses diverse metrics to uncover the relationship between the static attributes of a program and the dynamic runtime performance of fuzzers. The correlation analysis performed on 23 target applications reveals interesting relationships, such as power schedulers performing better with larger programs and context-sensitive feedback, struggling with a large number of inputs. This approach not only enhances our analytical understanding of fuzzing techniques, but also enables predictive capabilities. We show how a simple machine learning model can propose a fuzzer configuration customized for a particular program using information collected through static analysis. In 11 of our benchmark programs, fuzzers using the suggested configuration achieved the best improvement over the baseline compared to AFLplusplus, LibFuzzer and Honggfuzz.