AV-AFL: A Vulnerability Detection Fuzzing Approach by Proving Non-reachable Vulnerabilities using Sound Static Analyser

Sangharatna Godboley; Kanika Gupta; G. Monika

doi:10.5220/0011032900003176

AV-AFL: A Vulnerability Detection Fuzzing Approach by Proving Non-reachable Vulnerabilities using Sound Static Analyser

Sangharatna Godboley, Kanika Gupta, G. Monika

2022

Abstract

The correctness of software depends on how well the vulnerabilities of the program are detected before the actual release of the software. Fuzzing is an effective method for vulnerability detection but it also comes with its drawback. The traditional fuzzing tools are less efficient in terms of speed and code coverage. In this paper, we demonstrate how a fuzzer works more efficiently when the input to it is given based on static analysis of the source code. We introduce the Alarmed Vulnerabilities-based American Fuzzy Lop (AV-AFL) tool that eliminates the unreachable targets from the program by analyzing the source code using the FRAMA-C tool (a sound static analyzer). The method uses Evolved Value Analysis (EVA) plugged-in with FRAMA-C tool to report alarms of possible run-time errors and gives the improvised program as an input to the AFL fuzzer. Experimental results show that the AV-AFL produces better results in total 71.11% of 45 programs than AFL in terms of vulnerability detection.

Download

Paper Citation

in Harvard Style

Godboley S., Gupta K. and G. Monika. (2022). AV-AFL: A Vulnerability Detection Fuzzing Approach by Proving Non-reachable Vulnerabilities using Sound Static Analyser. In Proceedings of the 17th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-568-5, pages 301-308. DOI: 10.5220/0011032900003176

in Bibtex Style

@conference{enase22,
author={Sangharatna Godboley and Kanika Gupta and G. Monika},
title={AV-AFL: A Vulnerability Detection Fuzzing Approach by Proving Non-reachable Vulnerabilities using Sound Static Analyser},
booktitle={Proceedings of the 17th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2022},
pages={301-308},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011032900003176},
isbn={978-989-758-568-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 17th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - AV-AFL: A Vulnerability Detection Fuzzing Approach by Proving Non-reachable Vulnerabilities using Sound Static Analyser
SN - 978-989-758-568-5
AU - Godboley S.
AU - Gupta K.
AU - G. Monika.
PY - 2022
SP - 301
EP - 308
DO - 10.5220/0011032900003176