No-Fuzz: Efficient Anti-fuzzing Techniques

Zhengxiang Zhou; Cong Wang; Qingchuan Zhao

doi:10.1007/978-3-031-25538-0_38

Author(s)

Related Research Unit(s)

Department of Computer Science

Detail(s)

Original language	English
Title of host publication	Security and Privacy in Communication Networks
Subtitle of host publication	18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings
Editors	Fengjun Li, Kaitai Liang, Zhiqiang Lin, Sokratis K. Katsikas
Place of Publication	Cham
Publisher	Springer
Pages	731-751
ISBN (Electronic)	978-3-031-25538-0
ISBN (Print)	9783031255373
Publication status	Published - 2023

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Volume	462
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Title	18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022)
Location	Virtual
Place	United States
City	Kansas City
Period	17 - 19 October 2022

Link(s)

DOI	DOI https://doi.org/10.1007/978-3-031-25538-0_38 Final Published version
	Check@CityULib
Link to Scopus	https://www.scopus.com/record/display.uri?eid=2-s2.0-85148000670&origin=recordpage
Permanent Link	https://scholars.cityu.edu.hk/en/publications/publication(1a6c9977-349b-4896-a920-52a6f0521e9c).html

Abstract

Fuzzing is an automated software testing technique that has achieved great success in recent years. While this technique allows developers to uncover vulnerabilities avoiding consequent issues (e.g., financial loss), it can also be leveraged by attackers to find zero-day vulnerabilities. To mitigate, anti-fuzzing techniques were proposed to impede the fuzzing process by slowing down its rate, misinforming the feedback, and complicating the data flow. Unfortunately, the state-of-the-art of anti-fuzzing entirely focuses on enhancing its defensive capability but underestimates the nontrivial performance overhead and overlooks the requirement of extra manual efforts. In this paper, to advance the state-of-the-art, we propose an efficient and automatic anti-fuzzing technique and implement a prototype, called No-Fuzz. Comparing to prior works, our evaluations illustrate that No-Fuzz introduces less performance overhead, i.e., less than 15% of the storage cost for one fake block. In addition, in respect of the binary-only fuzzing, No-Fuzz can precisely determine the corresponding running environments and eliminate unnecessary storage overheads with high effectiveness. Specifically, it reduces 95% of the total storage cost compared with the prior works for the same number of branch reductions. Moreover, our study sheds light on approaches to improve the practicality of anti-fuzzing techniques. © 2023, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

Research Area(s)

Anti-fuzzing, Fuzzing, Software testing

Bibliographic Note

Full text of this publication does not contain sufficient affiliation information. With consent from the author(s) concerned, the Research Unit(s) information for this record is based on the existing academic department affiliation of the author(s).

Citation Format(s)

[ RIS ] [ BibTeX ]

No-Fuzz : Efficient Anti-fuzzing Techniques. / Zhou, Zhengxiang ; Wang, Cong ; Zhao, Qingchuan.

Security and Privacy in Communication Networks: 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings. ed. / Fengjun Li; Kaitai Liang; Zhiqiang Lin; Sokratis K. Katsikas. Cham : Springer , 2023. p. 731-751 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 462).

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45) › 32_Refereed conference paper (with ISBN/ISSN) › peer-review

Zhou, Z , Wang, C & Zhao, Q 2023, No-Fuzz: Efficient Anti-fuzzing Techniques. in F Li, K Liang, Z Lin & SK Katsikas (eds), Security and Privacy in Communication Networks: 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 462, Springer , Cham, pp. 731-751, 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022), Kansas City, United States, 17/10/22. https://doi.org/10.1007/978-3-031-25538-0_38

Zhou, Z., Wang, C., & Zhao, Q. (2023). No-Fuzz: Efficient Anti-fuzzing Techniques. In F. Li, K. Liang, Z. Lin, & S. K. Katsikas (Eds.), Security and Privacy in Communication Networks: 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings (pp. 731-751). (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 462). Springer . https://doi.org/10.1007/978-3-031-25538-0_38

Zhou Z , Wang C , Zhao Q. No-Fuzz: Efficient Anti-fuzzing Techniques. In Li F, Liang K, Lin Z, Katsikas SK, editors, Security and Privacy in Communication Networks: 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings. Cham: Springer . 2023. p. 731-751. (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering). Epub 2023 Feb 4. doi: 10.1007/978-3-031-25538-0_38

Zhou, Zhengxiang ; Wang, Cong ; Zhao, Qingchuan. / No-Fuzz : Efficient Anti-fuzzing Techniques. Security and Privacy in Communication Networks: 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings. editor / Fengjun Li ; Kaitai Liang ; Zhiqiang Lin ; Sokratis K. Katsikas. Cham : Springer , 2023. pp. 731-751 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering).

No-Fuzz : Efficient Anti-fuzzing Techniques