一般化之合作型模糊測試框架

蔡奇夆; Chi-Feng Tsai

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/98700

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君	zh_TW
dc.contributor.advisor	Hsu-Chun Hsiao	en
dc.contributor.author	蔡奇夆	zh_TW
dc.contributor.author	Chi-Feng Tsai	en
dc.date.accessioned	2025-08-18T16:09:14Z	-
dc.date.available	2025-08-19	-
dc.date.copyright	2025-08-18	-
dc.date.issued	2025	-
dc.date.submitted	2025-08-11	-
dc.identifier.citation	[1] C. Aschermann, S. Schumilo, T. Blazytko, R. Gawlik, and T. Holz. Redqueen: Fuzzing with input-to-state correspondence. In NDSS, volume 19, pages 1–15, 2019. [2] M. Böhme, V.-T. Pham, and A. Roychoudhury. Coverage-based greybox fuzzing as markov chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, page 1032–1043, New York, NY, USA, 2016. Association for Computing Machinery. [3] Y. Chang, C.-C. Huang, T. Mori, and H.-C. Hsiao. Poster: Yfuzz: Data-driven fuzzing. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, pages 4958–4960, 2024. [4] Y. Chen, Y. Jiang, F. Ma, J. Liang, M. Wang, C. Zhou, X. Jiao, and Z. Su. EnFuzz: Ensemble fuzzing with seed synchronization among diverse fuzzers. In 28th USENIX Security Symposium (USENIX Security 19), pages 1967–1983, Santa Clara, CA, Aug. 2019. USENIX Association. [5] Y. Chen, R. Zhong, Y. Yang, H. Hu, D. Wu, and W. Lee. μFUZZ: Redesign of parallel fuzzing using microservice architecture. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1325–1342, Anaheim, CA, Aug. 2023. USENIX Association. [6] Docker Inc. Docker: Enterprise container platform. https://www.docker.com, 2013. Accessed: 2025-06-10. [7] A. Fioraldi, D. Maier, H. Eißfeldt, and M. Heuse. AFL++: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies (WOOT 20). USENIX Association, Aug. 2020. [8] Y.-F. Fu, J. Lee, and T. Kim. autofz: Automated Fuzzer Composition at Runtime. In Proceedings of the 32st USENIX Security Symposium (Security), Anaheim, CA, Aug. 2023. [9] Google. Fuzzer test suite. https://github.com/google/fuzzer-test-suite, 2017. Accessed: 2025-06-10. [10] E. Güler, P. Görz, E. Geretto, A. Jemmett, S. Österlund, H. Bos, C. Giuffrida, and T. Holz. Cupid: Automatic fuzzer selection for collaborative fuzzing. 2020. [11] A. Hazimeh, A. Herrera, and M. Payer. Magma: A ground-truth fuzzing benchmark. Proc. ACM Meas. Anal. Comput. Syst., 4(3), Nov. 2020. [12] D. Jang, A. Askar, I. Yun, S. Tong, Y. Cai, and T. Kim. Fuzzing@home: Distributed fuzzing on untrusted heterogeneous clients. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID ’22, page 1–16, New York, NY, USA, 2022. Association for Computing Machinery. [13] C. Lemieux and K. Sen. Fairfuzz: a targeted mutation strategy for increasing grey-box fuzz testing coverage. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE ’18, page 475–485, New York, NY, USA, 2018. Association for Computing Machinery. [14] Y. Li, S. Ji, Y. Chen, S. Liang, W.-H. Lee, Y. Chen, C. Lyu, C. Wu, R. Beyah, P. Cheng, K. Lu, and T. Wang. UNIFUZZ: A holistic and pragmatic metrics-driven platform for evaluating fuzzers. In Proceedings of the 30th USENIX Security Symposium, 2021. [15] LLVM Project. Libfuzzer – a library for coverage-guided fuzz testing. https://llvm.org/docs/LibFuzzer.html, 2025. Accessed: 2025-07-17. [16] C. Lyu, S. Ji, C. Zhang, Y. Li, W.-H. Lee, Y. Song, and R. Beyah. MOPT: Optimized mutation scheduling for fuzzers. In 28th USENIX Security Symposium (USENIX Security 19), pages 1949–1966, Santa Clara, CA, Aug. 2019. USENIX Association. [17] J. Metzman, L. Szekeres, L. Simon, R. Sprabery, and A. Arya. Fuzzbench: an open fuzzer benchmarking platform and service. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2021, page 1393–1403, New York, NY, USA, 2021. Association for Computing Machinery. [18] H. Mo, J. Yang, and Y. Kim. Rcfuzzer: Reinforcement learning-based collaborative fuzzer. https://ssrn.com/abstract=4980328, 2024. Available at SSRN: http://dx.doi.org/10.2139/ssrn.4980328, Accessed: 2025-06-09. [19] V.-T. Pham, M.-D. Nguyen, Q.-T. Ta, T. Murray, and B. I. P. Rubinstein. Towards systematic and dynamic task allocation for collaborative parallel fuzzing. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, ASE ’21, page 1337–1341. IEEE Press, 2022. [20] T. Preston-Werner. Toml: Tom’s obvious, minimal language. https://toml.io, 2021. Version 1.0.0. [21] W. Shi, H. Li, J. Yu, W. Guo, and X. Xing. Bandfuzz: A practical framework for collaborative fuzzing with reinforcement learning. In Proceedings of the 17th ACM/IEEE International Workshop on Search-Based and Fuzz Testing, SBFT ’24, page 55–56, New York, NY, USA, 2024. Association for Computing Machinery. [22] Y. Wang, Y. Zhang, C. Pang, P. Li, N. Triandopoulos, and J. Xu. Facilitating parallel fuzzing with mutually-exclusive task distribution. In Security and Privacy in Communication Networks: 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part II 17, pages 185–206. Springer, 2021. [23] C. Wen, H. Wang, Y. Li, S. Qin, Y. Liu, Z. Xu, H. Chen, X. Xie, G. Pu, and T. Liu. Memlock: memory usage guided fuzzing. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE ’20, page 765–777, New York, NY, USA, 2020. Association for Computing Machinery. [24] I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim. QSYM : A practical concolic execution engine tailored for hybrid fuzzing. In 27th USENIX Security Symposium (USENIX Security 18), pages 745–761, Baltimore, MD, Aug. 2018. USENIX Association. [25] M. Zalewski. American fuzzy lop. https://lcamtuf.coredump.cx/afl/, 2014. Accessed: 2025-06-09. [26] X. Zhou, P. Wang, C. Liu, T. Yue, Y. Liu, C. Song, K. Lu, Q. Yin, and X. Han. Ultrafuzz: Towards resource-saving in distributed fuzzing. IEEE Transactions on Software Engineering, 49(4):2394–2412, 2023. [27] S. Österlund, E. Geretto, A. Jemmett, E. Güler, P. Görz, T. Holz, C. Giuffrida, and H. Bos. CollabFuzz: A Framework for Collaborative Fuzzing. In EuroSec, Apr. 2021.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/98700	-
dc.description.abstract	隨著近年來模糊測試技術的快速發展，目前已出現眾多針對不同問題所設計的模糊測試工具。每種工具皆有其優勢與限制，而對於一個特定目標程式而言，在未進行實驗並分析結果之前，往往難以判斷最適合的工具是何者。即使找出有效的工具，如何分配各自的資源亦是一項不易解決的問題。合作型模糊測試（Collaborative Fuzzing）旨在讓多個模護測試工具彼此合作以提升效率。然而，現有的合作方案多僅著重於特定面向，例如運算資源分配或種子同步，且往往建立在固定策略之上。儘管這些方法有效，卻缺乏足夠的彈性來支援多樣化或未來新興的合作策略。本研究提出一個通用的協同合作型模糊測試架構，並實作一套工具以驗證此架構。該架構抽象出合作機制中的核心元件，並提供模組化與可擴充的設計，方便整合不同策略與工具。我們從通用性、可維護性、可擴充性與犧牲的效能等面向，對該工具進行評估。實驗結果顯示，我們的工具能簡化合作型模糊測試的實作流程，並降低整合新元件的開發負擔。我們期望此研究能促進合作型模糊測試領域的未來發展，加速新策略的原型設計與評估。	zh_TW
dc.description.abstract	As fuzzing techniques have advanced significantly in recent years, a wide range of fuzzers has been developed to address different challenges in fuzzing. Each fuzzer has its own strengths and limitations. Given a target program, it is often difficult to determine the optimal fuzzer without running experiments and analyzing the results. Even when effective fuzzers are identified, determining how to allocate resources among them remains a non-trivial problem. Collaborative fuzzing addresses this by enabling multiple fuzzers to work together. However, most existing approaches focus on specific aspects---such as resource allocation or seed synchronization---and are often designed around fixed strategies. While effective, these tools lack the flexibility to accommodate alternative or evolving collaboration strategies. In this work, we propose a general framework for collaborative fuzzing and implement a tool based on it. Our framework abstracts the core components of collaboration and provides a modular, extensible structure for integrating diverse strategies. We evaluate our tool in terms of generality, maintainability, extensibility, and performance overhead. Our results show that it simplifies the implementation of collaborative fuzzing and reduces the effort required to integrate new components. We hope this work will facilitate future research in collaborative fuzzing by making it easier to prototype and evaluate new strategies.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2025-08-18T16:09:14Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2025-08-18T16:09:14Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Contents Page Verification Letter from the Oral Examination Committee i Acknowledgements iii 摘要 v Abstract vii Contents ix List of Figures xiii List of Tables xv Chapter 1 Introduction 1 Chapter 2 Background and Related Work 5 2.1 The Process of Fuzzing . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.1 Different Types of Fuzzers . . . . . . . . . . . . . . . . . . . . . . 6 2.2.2 Fuzzer Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.3 Collaborative Fuzzing . . . . . . . . . . . . . . . . . . . . . . . . . 8 Chapter 3 Design 11 3.1 Motivation: Why Another New Collaborative Fuzzing Tool? . . . . . 11 3.2 Why Is Collaborative Fuzzing Difficult? . . . . . . . . . . . . . . . . 12 3.3 Research Question . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.4 The Unified Framework for Collaborative Fuzzing . . . . . . . . . . 13 Chapter 4 Implementation 17 4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.2 Microkernel: The Core Module . . . . . . . . . . . . . . . . . . . . 18 4.3 The Highly Extensible Plugin Module . . . . . . . . . . . . . . . . . 22 Chapter 5 Evaluation 23 5.1 RQ1: Can existing collaboration strategies be effectively modeled within our proposed framework? . . . . . . . . . . . . . . . . . . . . 23 5.1.1 Case Study: ENFUZZ . . . . . . . . . . . . . . . . . . . . . . . . . 23 5.1.2 Case Study: COLLABFUZZ . . . . . . . . . . . . . . . . . . . . . . . 24 5.1.3 Case Study: CUPID . . . . . . . . . . . . . . . . . . . . . . . . . . 25 5.1.4 Case Study: AUTOFZ . . . . . . . . . . . . . . . . . . . . . . . . . 26 5.1.5 Case Study: ULTRAFUZZ . . . . . . . . . . . . . . . . . . . . . . . 28 5.1.6 Case Study: μFUZZ . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.1.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.2 RQ2: Using our implementation, is it difficult to integrate new fuzzers or realize collaboration strategies? . . . . . . . . . . . . . . . . . . . 31 5.2.1 Case Study: AFL-based Fuzzers . . . . . . . . . . . . . . . . . . . 31 5.2.2 Case Study: ANGORA . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.2.3 Case Study: The Unimplemented LIBFUZZER . . . . . . . . . . . . . 35 5.2.4 Case Study: Fuzzer Method ensure_alive . . . . . . . . . . . . . 36 5.2.5 Case Study: Component docker_stats . . . . . . . . . . . . . . . 37 5.2.6 Case Study: AUTOFZ and RCFUZZER . . . . . . . . . . . . . . . . . 38 5.2.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.3 RQ3: Using our implementation, is it difficult to integrate new target program for fuzzing? . . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.3.1 Case Study: jq-1.5 and objdump-2.28 . . . . . . . . . . . . . . . 40 5.3.2 Case Study: exiv2-0.27 . . . . . . . . . . . . . . . . . . . . . . . 42 5.3.3 Case Study: ffmpeg-4.0.1 . . . . . . . . . . . . . . . . . . . . . 42 5.3.4 Case Study: Integration of Target Programs in Other Collaborative Fuzzing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 5.3.5 Comparison With FUZZBENCH . . . . . . . . . . . . . . . . . . . . 45 5.3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.4 RQ4: What is the performance overhead introduced by our frame- work implementation compared to running base fuzzers natively? . . 46 5.4.1 Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.4.2 Experiment: Run Base Fuzzers Natively . . . . . . . . . . . . . . . 47 5.4.3 Experiment: Run Base Fuzzers By Our Tool . . . . . . . . . . . . . 48 5.4.4 Result & Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.4.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Chapter 6 Conclusion and Future Work 51 References 53 Appendix A — Tables of Implemented Components 59 Appendix B — The Configuration File of RQ4 Experiment 63	-
dc.language.iso	en	-
dc.subject	模糊測試	zh_TW
dc.subject	合作型模糊測試	zh_TW
dc.subject	軟體測試	zh_TW
dc.subject	平行化模糊測試	zh_TW
dc.subject	分散式模糊測試	zh_TW
dc.subject	資訊安全	zh_TW
dc.subject	software testing	en
dc.subject	fuzzing	en
dc.subject	information security	en
dc.subject	distributed fuzzing	en
dc.subject	parallel fuzzing	en
dc.subject	collaborative fuzzing	en
dc.title	一般化之合作型模糊測試框架	zh_TW
dc.title	A Unified Framework For Collaborative Fuzzing	en
dc.type	Thesis	-
dc.date.schoolyear	113-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	黃俊穎;黃世昆;黎士瑋	zh_TW
dc.contributor.oralexamcommittee	Chun-Ying Huang;Shih-Kun Huang;Shih-Wei Li	en
dc.subject.keyword	模糊測試,合作型模糊測試,軟體測試,平行化模糊測試,分散式模糊測試,資訊安全,	zh_TW
dc.subject.keyword	fuzzing,collaborative fuzzing,software testing,parallel fuzzing,distributed fuzzing,information security,	en
dc.relation.page	66	-
dc.identifier.doi	10.6342/NTU202503807	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2025-08-13	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
dc.date.embargo-lift	2025-08-19	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-113-2.pdf	2.41 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。