Abstract:
Recent research has sought to improve fuzzing performance via parallel computing. However, researchers focus on improving efficiency while ignoring the increasing cost of...Show MoreMetadata
Abstract:
Recent research has sought to improve fuzzing performance via parallel computing. However, researchers focus on improving efficiency while ignoring the increasing cost of testing resources. Parallel fuzzing in the distributed environment amplifies the resource-wasting problem caused by the random nature of fuzzing. In the parallel mode, owing to the lack of an appropriate task dispatching scheme and timely fuzzing status synchronization among different fuzzing instances, task conflicts and workload imbalance occur, making the resource-wasting problem severe. In this paper, we design UltraFuzz, a fuzzer for resource-saving in distributed fuzzing. Based on centralized dynamic scheduling, UltraFuzz can dispatch tasks and schedule power globally and reasonably to avoid resource-wasting. Besides, UltraFuzz can elastically allocate computing power for fuzzing and seed evaluation, thereby avoiding the potential bottleneck of seed evaluation that blocks the fuzzing process. UltraFuzz was evaluated using real-world programs, and the results show that with the same testing resource, UltraFuzz outperforms state-of-the-art tools, such as AFL, AFL-P, PAFL, and EnFuzz. Most importantly, the experiment reveals certain results that seem counter-intuitive, namely that parallel fuzzing can achieve “super-linear acceleration” when compared with single-core fuzzing. We conduct additional experiments to reveal the deep reasons behind this phenomenon and dig deep into the inherent advantages of parallel fuzzing over serial fuzzing, including the global optimization of seed energy scheduling and the escape of local optimal seed. Additionally, 24 real-world vulnerabilities were discovered using UltraFuzz.
Published in: IEEE Transactions on Software Engineering ( Volume: 49, Issue: 4, 01 April 2023)
Funding Agency:
National University of Defense Technology, Changsha, China
Xu Zhou received the BS, MS, and PhD degrees from the School of Computer Science, National University of Defense Technology, China, in 2007, 2009, and 2013, respectively. He is now an assistant professor with the School of Computer Science, National University of Defense Technology. His research interests include operating system and security.
Xu Zhou received the BS, MS, and PhD degrees from the School of Computer Science, National University of Defense Technology, China, in 2007, 2009, and 2013, respectively. He is now an assistant professor with the School of Computer Science, National University of Defense Technology. His research interests include operating system and security.View more
National University of Defense Technology, Changsha, China
Pengfei Wang received the BS, MS, and PhD degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2011, 2013, and 2018 respectively. He is now an assistant professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software testing.
Pengfei Wang received the BS, MS, and PhD degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2011, 2013, and 2018 respectively. He is now an assistant professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software testing.View more
National University of Defense Technology, Changsha, China
Chenyifan Liu received the BS degree in water supply and drainage engineering from the Qingdao University of Technology, in 2018. He is now a cyberspace security engineer with the College of Computer, National University of Defense Technology. His research interests include software vulnerability analysis and software testing.
Chenyifan Liu received the BS degree in water supply and drainage engineering from the Qingdao University of Technology, in 2018. He is now a cyberspace security engineer with the College of Computer, National University of Defense Technology. His research interests include software vulnerability analysis and software testing.View more
National University of Defense Technology, Changsha, China
Tai Yue received the BS degree from the Department of Mathematics, Nanjing University, Nanjing, in 2017, and the MS degree from the College of Computer, National University of Defense Technology, Changsha, in 2019. He is currently working toward the PhD degree with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software security.
Tai Yue received the BS degree from the Department of Mathematics, Nanjing University, Nanjing, in 2017, and the MS degree from the College of Computer, National University of Defense Technology, Changsha, in 2019. He is currently working toward the PhD degree with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software security.View more
National University of Defense Technology, Changsha, China
Yingying Liu received the BS degree in Internet of Things from Central South University, Changsha, China, in 2018. She is now a software engineer with the College of Computer Science, National University of Defense Technology. Her research interests include software system and data analysis.
Yingying Liu received the BS degree in Internet of Things from Central South University, Changsha, China, in 2018. She is now a software engineer with the College of Computer Science, National University of Defense Technology. Her research interests include software system and data analysis.View more
National University of Defense Technology, Changsha, China
Congxi Song received the BS degree in computer science and technology from Beihang University, Beijing, China, in 2017, and the MS degree in computer science and technology from the National University of Defense Technology, Changsha, China, in 2019. She is currently working toward the PhD degree in cybersecurity with the National University of Defense Technology. Her research interests include software testing and networ...Show More
Congxi Song received the BS degree in computer science and technology from Beihang University, Beijing, China, in 2017, and the MS degree in computer science and technology from the National University of Defense Technology, Changsha, China, in 2019. She is currently working toward the PhD degree in cybersecurity with the National University of Defense Technology. Her research interests include software testing and networ...View more
National University of Defense Technology, Changsha, China
Kai Lu received the BS and PhD degrees both in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 1995 and 1999, respectively. He is now a professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems, parallel computing, and security.
Kai Lu received the BS and PhD degrees both in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 1995 and 1999, respectively. He is now a professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems, parallel computing, and security.View more
National University of Defense Technology, Changsha, China
Qidi Yin received the BS and MS degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2019 and 2022, respectively. He is now an assistant engineer with the College of Computer, National University of Defense Technology, Changsha. His research interests include information security and software testing.
Qidi Yin received the BS and MS degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2019 and 2022, respectively. He is now an assistant engineer with the College of Computer, National University of Defense Technology, Changsha. His research interests include information security and software testing.View more
National University of Defense Technology, Changsha, China
Xu Han received the BS degree in software engineering from the College of Information Technology, Guilin University of Electronic Technology, China, in 2017. His research interests include operating systems and software testing.
Xu Han received the BS degree in software engineering from the College of Information Technology, Guilin University of Electronic Technology, China, in 2017. His research interests include operating systems and software testing.View more
Contents National University of Defense Technology, Changsha, China
Xu Zhou received the BS, MS, and PhD degrees from the School of Computer Science, National University of Defense Technology, China, in 2007, 2009, and 2013, respectively. He is now an assistant professor with the School of Computer Science, National University of Defense Technology. His research interests include operating system and security.
Xu Zhou received the BS, MS, and PhD degrees from the School of Computer Science, National University of Defense Technology, China, in 2007, 2009, and 2013, respectively. He is now an assistant professor with the School of Computer Science, National University of Defense Technology. His research interests include operating system and security.View more
National University of Defense Technology, Changsha, China
Pengfei Wang received the BS, MS, and PhD degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2011, 2013, and 2018 respectively. He is now an assistant professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software testing.
Pengfei Wang received the BS, MS, and PhD degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2011, 2013, and 2018 respectively. He is now an assistant professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software testing.View more
National University of Defense Technology, Changsha, China
Chenyifan Liu received the BS degree in water supply and drainage engineering from the Qingdao University of Technology, in 2018. He is now a cyberspace security engineer with the College of Computer, National University of Defense Technology. His research interests include software vulnerability analysis and software testing.
Chenyifan Liu received the BS degree in water supply and drainage engineering from the Qingdao University of Technology, in 2018. He is now a cyberspace security engineer with the College of Computer, National University of Defense Technology. His research interests include software vulnerability analysis and software testing.View more
National University of Defense Technology, Changsha, China
Tai Yue received the BS degree from the Department of Mathematics, Nanjing University, Nanjing, in 2017, and the MS degree from the College of Computer, National University of Defense Technology, Changsha, in 2019. He is currently working toward the PhD degree with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software security.
Tai Yue received the BS degree from the Department of Mathematics, Nanjing University, Nanjing, in 2017, and the MS degree from the College of Computer, National University of Defense Technology, Changsha, in 2019. He is currently working toward the PhD degree with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems and software security.View more
National University of Defense Technology, Changsha, China
Yingying Liu received the BS degree in Internet of Things from Central South University, Changsha, China, in 2018. She is now a software engineer with the College of Computer Science, National University of Defense Technology. Her research interests include software system and data analysis.
Yingying Liu received the BS degree in Internet of Things from Central South University, Changsha, China, in 2018. She is now a software engineer with the College of Computer Science, National University of Defense Technology. Her research interests include software system and data analysis.View more
National University of Defense Technology, Changsha, China
Congxi Song received the BS degree in computer science and technology from Beihang University, Beijing, China, in 2017, and the MS degree in computer science and technology from the National University of Defense Technology, Changsha, China, in 2019. She is currently working toward the PhD degree in cybersecurity with the National University of Defense Technology. Her research interests include software testing and network protocol.
Congxi Song received the BS degree in computer science and technology from Beihang University, Beijing, China, in 2017, and the MS degree in computer science and technology from the National University of Defense Technology, Changsha, China, in 2019. She is currently working toward the PhD degree in cybersecurity with the National University of Defense Technology. Her research interests include software testing and network protocol.View more
National University of Defense Technology, Changsha, China
Kai Lu received the BS and PhD degrees both in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 1995 and 1999, respectively. He is now a professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems, parallel computing, and security.
Kai Lu received the BS and PhD degrees both in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 1995 and 1999, respectively. He is now a professor with the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems, parallel computing, and security.View more
National University of Defense Technology, Changsha, China
Qidi Yin received the BS and MS degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2019 and 2022, respectively. He is now an assistant engineer with the College of Computer, National University of Defense Technology, Changsha. His research interests include information security and software testing.
Qidi Yin received the BS and MS degrees in computer science and technology from the College of Computer, National University of Defense Technology, Changsha, in 2019 and 2022, respectively. He is now an assistant engineer with the College of Computer, National University of Defense Technology, Changsha. His research interests include information security and software testing.View more
National University of Defense Technology, Changsha, China
Xu Han received the BS degree in software engineering from the College of Information Technology, Guilin University of Electronic Technology, China, in 2017. His research interests include operating systems and software testing.
Xu Han received the BS degree in software engineering from the College of Information Technology, Guilin University of Electronic Technology, China, in 2017. His research interests include operating systems and software testing.View more