Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing

Emre Güler, Philipp Görz, Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida, Thorsten Holz

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

547 Downloads (Pure)

Abstract

Combining the strengths of individual fuzzing methods is an appealing idea to find software faults more efficiently, especially when the computing budget is limited. In prior work, EnFuzz introduced the idea of ensemble fuzzing and devised three heuristics to classify properties of fuzzers in terms of diversity. Based on these heuristics, the authors manually picked a combination of different fuzzers that collaborate. In this paper, we generalize this idea by collecting and applying empirical data from single, isolated fuzzer runs to automatically identify a set of fuzzers that complement each other when executed collaboratively. To this end, we present Cupid, a collaborative fuzzing framework allowing automated, data-driven selection of multiple complementary fuzzers for parallelized and distributed fuzzing. We evaluate the automatically selected target-independent combination of fuzzers by Cupid on Google's fuzzer-test-suite, a collection of real-world binaries, as well as on the synthetic Lava-M dataset. We find that Cupid outperforms two expert-guided, target-specific and hand-picked combinations on Google's fuzzer-test-suite in terms of branch coverage, and improves bug finding on Lava-M by 10%. Most importantly, we improve the latency for obtaining 95% and 99% of the coverage by 90% and 64%, respectively. Furthermore, Cupid reduces the amount of CPU hours needed to find a high-performing combination of fuzzers by multiple orders of magnitude compared to an exhaustive evaluation.

Original languageEnglish
Title of host publicationACSAC 2020
Subtitle of host publicationAnnual Computer Security Applications Conference
PublisherAssociation for Computing Machinery
Pages360-372
Number of pages13
ISBN (Electronic)9781450388580
DOIs
Publication statusPublished - Dec 2020
Event36th Annual Computer Security Applications Conference, ACSAC 2020 - Virtual, Online, United States
Duration: 7 Dec 202011 Dec 2020

Publication series

NameACM International Conference Proceeding Series

Conference

Conference36th Annual Computer Security Applications Conference, ACSAC 2020
Country/TerritoryUnited States
CityVirtual, Online
Period7/12/2011/12/20

Funding

We would like to thank our shepherd Hayawardh Vijayakumar and the anonynous reviewers for their constructive feedback. This work was supported by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy – EXC-2092 CaSa – 390781972. In addition, this project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 786669 (ReAct). This paper reflects only the authors’ view. The Research Executive Agency is not responsible for any use that may be made of the information it contains.

FundersFunder number
Horizon 2020 Framework Programme786669
Deutsche ForschungsgemeinschaftEXC-2092 CaSa – 390781972

    Keywords

    • automated bug finding
    • collaborative fuzzing
    • ensemble fuzzing
    • fuzzing
    • parallel fuzzing

    Fingerprint

    Dive into the research topics of 'Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing'. Together they form a unique fingerprint.

    Cite this