SSG-AFL: Vulnerability detection for Reactive Systems using Static Seed Generator based AFL

Abstract

Fuzzing is a popular and highly effective technique for software testing especially vulnerability detection. Fuzzing includes the random mutation of well-formed program inputs using dynamic program analysis. Though fuzzing is an active area of research, less systematic efforts have investigated to understand as well as to generate powerful input seeds for a fuzzer. Reactive systems are used in different applications such as web services, decision support systems, and logical controllers. These systems are quite complex and bigger, hence the validation process becomes tedious. In this work, we propose a static seed generator that helps to accelerate the performance of existing fuzzers. In this paper, we validate the reactive systems using our approach by detecting vulnerability. To evaluate the performance of our developed seeder, we experimented with 100 Rigorous Examination of Reactive Systems (RERS) C- programs. Experimental results show that our approach SSG- AFL is superior as compared to the AFL with random seeds. SSG-AFL shows 59.75% winning programs after running all four phases as compared to Random-AFL