xFUZZ: A Flexible Framework for Fine-Grained, Runtime-Adaptive Fuzzing Strategy Composition
Fuzzing is one of the most efficient techniques for detecting vulnerabilities in software. Existing approaches struggle with performance inconsistencies across different targets and rely on rigid, coarse-grained fuzzing strategy composition, limiting the flexibility to adaptively combine the strengths of different fuzzing strategies at runtime. To address these challenges, we present xFUZZ, a flexible and extensible fuzzing framework supporting fine-grained, runtime-adaptive strategy composition. xFUZZ integrates popular input scheduling and mutation scheduling strategies as fine-grained, independently switchable plugins, allowing users to adaptively replace any plugins throughout the fuzzing campaign. Furthermore, we introduce an adaptive algorithm based on Sliding-Window Thompson Sampling, which dynamically selects the optimal composition of the fuzzing strategy during the fuzzing campaign. Experimental results show that xFUZZ outperforms state-of-the-art fuzzers by achieving a 10.07% increase in unique vulnerability discovery and a 4.94% improvement in code coverage. Notably, xFUZZ is the first to detect 21 out of 37 vulnerabilities in the test suite, establishing its effectiveness across varied targets.
Wed 25 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 17:15 | |||
16:00 25mTalk | xFUZZ: A Flexible Framework for Fine-Grained, Runtime-Adaptive Fuzzing Strategy Composition Research Papers DongSong Yu Zhongguancun Laboratory, Yiyi Wang Tsinghua University, Huazhong University of Science and Technology, Chao Zhang Tsinghua University, Yang Lan , Zhiyuan Jiang National University of Defense Technology, Shuitao Gan Labortory for Advanced Computing and Intelligence Engineering, Zheyu Ma Tsinghua University, Wende Tan Tsinghua University DOI | ||
16:25 25mTalk | KRAKEN: Program-Adaptive Parallel Fuzzing Research Papers Anshunkang Zhou Hong Kong University of Science and Technology, Heqing Huang City University of Hong Kong, Charles Zhang Hong Kong University of Science and Technology DOI Pre-print | ||
16:50 25mTalk | Quantum Concolic Testing Research Papers Shangzhou Xia Kyushu University, Jianjun Zhao Kyushu University, Fuyuan Zhang Kyushu University, Xiaoyu Guo Kyushu University DOI |
Cosmos 3A is the first room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.