AFLGo_D: A Novel Power Schedule Scheme Considering Multiple Factors Dynamically for Directed Fuzzing (Poster)
Directed fuzzing is a method to automatically detect software vulnerabilities. This method focuses on the target location, which can save test time and resource consumption, and improve the efficiency of vulnerability detection. As the most classical and effective directed fuzzing framework, however, AFLGo has some problems to be solved. In AFLGo, simulated annealing algorithm is used for power schedule, and AFLGo simulated annealing algorithm depends on the parameter of “exploration” phase time, this parameter needs to be set manually and depends on the experience of testers, which affects the power schedule effect of AFLGo. Therefore, to solve this problem, this paper proposes a new simulated annealing algorithm considering other factors related to fuzzing in AFLGo power schedule. At the same time, aiming at other problems in AFLGo power schedule, this paper also proposes the AFLGo power schedule algorithm based on the number of uncovered branches, and the AFLGo power schedule algorithm based on the goal reachability. These power schedule algorithms all consider these factors, which have different change rules in each fuzzing test, so they are dynamic. In this paper, these power schedule algorithms are integrated into AFLGo_D, and through experimental comparison, it is verified that AFLGo_D has improved the path coverage rate, the shortest distance of the seed, and the number of crashes found.