AIMFuzz: Automated Function-Level In-Memory Fuzzing on Binaries
- Authors
- Kim, TaeWook; Hong, Sukhyun; Cho, Yeongpil
- Issue Date
- Jul-2024
- Publisher
- Association for Computing Machinery, Inc
- Keywords
- automation; binary; fuzzing; in-memory fuzzing
- Citation
- ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pp 1510 - 1522
- Pages
- 13
- Indexed
- SCOPUS
- Journal Title
- ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
- Start Page
- 1510
- End Page
- 1522
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/195386
- DOI
- 10.1145/3634737.3644996
- ISSN
- 0000-0000
- Abstract
- In-memory fuzzing, designed to perform direct mutation on memory contents, has gained attention as a technique that enables intensive, efficient testing. To facilitate this fuzzing technique, identifications of mutable buffers, which will be subject to mutation, and fuzzing target functions should be preceded. So far, these identifications have been relied on manual efforts with source code available. Unfortunately, such manual identifications are challenging on binary-only programs due mainly to loss of source-level information during compilation. To address this difficulty, this paper proposes AIMFuzz that supports in-memory fuzzing on binary programs at function level. AIMFuzz largely consists of two stages: the analysis stage that identifies mutable buffers and prioritizes fuzzing target functions based on dynamic taint tracking, and the fuzzing stage that tests the designated target functions by injecting mutated inputs through the identified mutable buffers. Noteworthily, these two stages are carried out automatically, eliminating daunting manual efforts for the binary. Our evaluation results demonstrate that AIMFuzz successfully detects bugs on real applications. AIMFuzz shows great effectiveness in testing selected target functions efficiently and thoroughly, and also comparable performance to the state-of-the-art implementation of in-memory fuzzing with better usability thanks to its automated analysis and testing.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.