Fuzzing is a technique of finding bugs by executing a target program recurrently with a large number of abnormal inputs. Most of the coverage-based fuzzers consider all parts of a program equally and pay too much attention to how to improve the code coverage. It is inefficient as the vulnerable code only takes a tiny fraction of the entire code. In this article, we design and implement an evolutionary fuzzing framework called V-Fuzz, which aims to find bugs efficiently and quickly in limited time for binary programs. V-Fuzz consists of two main components: 1) a vulnerability prediction model and 2) a vulnerability-oriented evolutionary fuzzer . Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of a program are more likely to be vulnerable. Then, the fuzzer leverages an evolutionary algorithm to generate inputs which are more likely to arrive at the vulnerable locations, guided by the vulnerability prediction result. The experimental results demonstrate that V-Fuzz can find bugs efficiently with the assistance of vulnerability prediction. Moreover, V-Fuzz has discovered ten common vulnerabilities and exposures (CVEs), and three of them are newly discovered.

中文翻译：

---

V-Fuzz：针对二进制程序的漏洞预测辅助进化模糊测试

Fuzzing 是一种通过反复执行具有大量异常输入的目标程序来发现错误的技术。大多数基于覆盖的模糊器都平等地考虑程序的所有部分，并且过多地关注如何提高代码覆盖率。这是低效的，因为易受攻击的代码只占用了整个代码的一小部分。在本文中，我们设计并实现了一个名为 V-Fuzz 的进化模糊测试框架，旨在在有限的时间内为二进制程序高效快速地发现错误。V-Fuzz 由两个主要部分组成：1）a脆弱性预测模型和 2) a面向漏洞的进化模糊器。给定 V-Fuzz 的二进制程序，漏洞预测模型将给出程序的哪些部分更容易受到攻击的先验估计。然后，模糊器利用进化算法在漏洞预测结果的指导下生成更有可能到达易受攻击位置的输入。实验结果表明，V-Fuzz 可以在漏洞预测的帮助下有效地发现漏洞。此外，V-Fuzz 还发现了十个常见的漏洞和暴露（CVE），其中三个是新发现的。