Fuzzing is a simple and popular technique that has been widely used to detect vulnerabilities in software. However, due to its blind mutation, fuzzing brings many limitations. First, it is difficult for fuzzing to pass the sanity checks, which makes fuzzing unable to target vulnerability or crash locations effectively. Secondly, blind mutation limits the diversity of seed generation and makes it difficult for the fuzzing process to achieve convergence.

In this paper, we propose a direction sensitive fuzzing solution AFLPro. On the one hand, it focuses on seed selection, using a new fuzzing scheme based on Basic Block Aggregation (BBA), which reduces the possibility of seed selection in the wrong direction. By applying a multi-dimensional oriented seed selection strategy, it achieves fine-grained seed selection. On the other hand, based on biological evolution, AFLPro optimizes genetic variation to ensure the diversity of seed varieties and the convergence of fuzzing tests. Besides, AFLPro also incorporates lightweight static analysis to obtain information about the target program (this paper only studies closed source programs), providing complete semantic guidance for fuzzing through resource integration.

We implemented a prototype of AFLPro based on the popular fuzzer AFL. We evaluated it on three datasets: DARPA Grand Challenges (CGC), LAVA-M dataset, and a set of real-world applications. The results show that in 92% of all three datasets, AFLPro exhibits better vulnerability detection capabilities than all of the state-of-the-art fuzzers mentioned in this paper.

模糊测试是一种简单且流行的技术，已广泛用于检测软件中的漏洞。然而，由于其盲目突变，模糊带来了许多限制。首先，模糊测试很难通过健全性检查，这使得模糊测试无法有效地定位漏洞或崩溃位置。其次，盲目突变限制了种子产生的多样性，并使模糊处理难以实现收敛。

在本文中，我们提出了一种方向敏感的模糊解决方案AFLPro。一方面，它使用基于基本块聚合（BBA）的新的模糊测试方案专注于种子选择，从而减少了错误选择种子的可能性。通过应用面向多维的种子选择策略，可以实现细粒度的种子选择。另一方面，基于生物进化，AFLPro优化了遗传变异，以确保种子品种的多样性和模糊测试的收敛性。此外，AFLPro还结合了轻量级静态分析来获取有关目标程序的信息（本文仅研究封闭源程序），从而为通过资源集成进行模糊测试提供了完整的语义指导。

我们基于流行的模糊器AFL实现了AFLPro的原型。我们在三个数据集上进行了评估：DARPA大挑战（CGC），LAVA-M数据集和一组实际应用程序。结果表明，在所有三个数据集中的92％中，AFLPro具有比本文中提到的所有最新的模糊测试器更好的漏洞检测功能。