No-Fuzz : Efficient Anti-fuzzing Techniques
Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45) › 32_Refereed conference paper (with ISBN/ISSN) › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Title of host publication | Security and Privacy in Communication Networks |
Subtitle of host publication | 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings |
Editors | Fengjun Li, Kaitai Liang, Zhiqiang Lin, Sokratis K. Katsikas |
Place of Publication | Cham |
Publisher | Springer |
Pages | 731-751 |
ISBN (Electronic) | 978-3-031-25538-0 |
ISBN (Print) | 9783031255373 |
Publication status | Published - 2023 |
Publication series
Name | Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering |
---|---|
Volume | 462 |
ISSN (Print) | 1867-8211 |
ISSN (Electronic) | 1867-822X |
Conference
Title | 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022) |
---|---|
Location | Virtual |
Place | United States |
City | Kansas City |
Period | 17 - 19 October 2022 |
Link(s)
Abstract
Fuzzing is an automated software testing technique that has achieved great success in recent years. While this technique allows developers to uncover vulnerabilities avoiding consequent issues (e.g., financial loss), it can also be leveraged by attackers to find zero-day vulnerabilities. To mitigate, anti-fuzzing techniques were proposed to impede the fuzzing process by slowing down its rate, misinforming the feedback, and complicating the data flow. Unfortunately, the state-of-the-art of anti-fuzzing entirely focuses on enhancing its defensive capability but underestimates the nontrivial performance overhead and overlooks the requirement of extra manual efforts. In this paper, to advance the state-of-the-art, we propose an efficient and automatic anti-fuzzing technique and implement a prototype, called No-Fuzz. Comparing to prior works, our evaluations illustrate that No-Fuzz introduces less performance overhead, i.e., less than 15% of the storage cost for one fake block. In addition, in respect of the binary-only fuzzing, No-Fuzz can precisely determine the corresponding running environments and eliminate unnecessary storage overheads with high effectiveness. Specifically, it reduces 95% of the total storage cost compared with the prior works for the same number of branch reductions. Moreover, our study sheds light on approaches to improve the practicality of anti-fuzzing techniques. © 2023, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
Research Area(s)
- Anti-fuzzing, Fuzzing, Software testing
Bibliographic Note
Full text of this publication does not contain sufficient affiliation information. With consent from the author(s) concerned, the Research Unit(s) information for this record is based on the existing academic department affiliation of the author(s).
Citation Format(s)
No-Fuzz : Efficient Anti-fuzzing Techniques. / Zhou, Zhengxiang; Wang, Cong; Zhao, Qingchuan.
Security and Privacy in Communication Networks: 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings. ed. / Fengjun Li; Kaitai Liang; Zhiqiang Lin; Sokratis K. Katsikas. Cham : Springer , 2023. p. 731-751 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 462).Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45) › 32_Refereed conference paper (with ISBN/ISSN) › peer-review