IPDF: directed fuzzer for input parsing program

Yubo He; Long Liu

doi:10.1117/12.2682585

26 May 2023 IPDF: directed fuzzer for input parsing program

Yubo He, Long Liu

Proceedings Volume 12700, International Conference on Electronic Information Engineering and Data Processing (EIEDP 2023); 1270015 (2023) https://doi.org/10.1117/12.2682585
Event: International Conference on Electronic Information Engineering and Data Processing (EIEDP 2023), 2023, Nanchang, China

Abstract

Directed greybox fuzzing aims to test specific code and has made many advances in several areas. However, most vulnerabilities of input parsing programs are triggered in the particular state of the program, so existing directed greybox fuzzing works face path explosion problem when they fuzz the input parsing program and need more ability to explore the particular state of the program. To address the above problem, we propose a call-relationship-based fitness function. The main idea is to use the function call relationship to guide directed fuzzing before reaching the target. Call-relationship-based fitness function extracts the function calls and call relationship from the program, uses an intra-procedural reachability analysis to get all concerned edges, and constructs the fitness function based on the edges. Based on the above method, we implemented the directed greybox fuzzing IPDF and evaluated it with the mainstream directed greybox fuzzers Beacon and AFLGo on real-world programs. Evaluation of IPDF showed that IPDF found vulnerabilities faster than the state-of-the-art directed greybox fuzzers. The experimental results showed that the speed of MDGF is 3.01 times faster than that of AFLGo and 1.15 times faster than Beacon.

Citation Download Citation

Yubo He and Long Liu "IPDF: directed fuzzer for input parsing program", Proc. SPIE 12700, International Conference on Electronic Information Engineering and Data Processing (EIEDP 2023), 1270015 (26 May 2023); https://doi.org/10.1117/12.2682585

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
8 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Prototyping

Engineering

Equipment

Visualization

RELATED CONTENT

Traffic sign reflectivity detection method based on driver's visual recognition
Proceedings of SPIE (July 28 2023)

Extending education and outreach in optics with the visually and hearing...
Proceedings of SPIE (June 28 2023)

Design and research on the combination of on line and...
Proceedings of SPIE (May 31 2023)

System performance requirements for a head-tracking autostereoscopic display
Proceedings of SPIE (April 15 1994)

Situational adapting system supporting team situation awareness
Proceedings of SPIE (October 27 2010)

YouDash3D: exploring stereoscopic 3D gaming for 3D movie theaters
Proceedings of SPIE (February 24 2012)

Human image tracking technique applied to remote collaborative environments
Proceedings of SPIE (October 22 1993)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years