Skip to content

hiromu/SLOPTAFLpp

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

custom_mutators

custom_mutators

 
 

dictionaries

dictionaries

 
 

docs

docs

 
 

frida_mode

frida_mode

 
 

include

include

 
 

instrumentation

instrumentation

 
 

qemu_mode

qemu_mode

 
 

src

src

 
 

test

test

 
 

testcases

testcases

 
 

unicorn_mode

unicorn_mode

 
 

utils

utils

 
 

Android.bp

Android.bp

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Changelog.md

Changelog.md

 
 

Dockerfile

Dockerfile

 
 

GNUmakefile

GNUmakefile

 
 

GNUmakefile.gcc_plugin

GNUmakefile.gcc_plugin

 
 

GNUmakefile.llvm

GNUmakefile.llvm

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

QuickStartGuide.md

QuickStartGuide.md

 
 

README.md

README.md

 
 

README.md.original

README.md.original

 
 

TODO.md

TODO.md

 
 

afl-cmin

afl-cmin

 
 

afl-cmin.bash

afl-cmin.bash

 
 

afl-plot

afl-plot

 
 

afl-system-config

afl-system-config

 
 

afl-whatsup

afl-whatsup

 
 

afl-wine-trace

afl-wine-trace

 
 

config.h

config.h

 
 

dynamic_list.txt

dynamic_list.txt

 
 

test-instr.c

test-instr.c

 
 

types.h

types.h

 
 

Repository files navigation

SLOPT-AFL++

This repository contains the implementation of SLOPT-AFL++ and the three existing methods Karamcheti-AFL++, CMFuzz-AFL++, and HavocMAB-AFL++, all of which are introduced in our paper "SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing".

SLOPT-AFL++ is implemented in the main branch. The existing methods are implemented in the following branches:

  • karamcheti
  • cmfuzz
  • havoc_mab

How to build

You can pull the prebuilt docker images via docker hub:

Alternatively, you can use Dockerfile in the top directory of each branch to build these images locally. Moreover, of course you can build these fuzzers in almost the same way as the unaltered AFL++ on the host environment because they additionally require only the GNU Scientific Library. In Debian/Ubuntu, it can be installed as the package libgsl-dev.

For SLOPT-AFL++, you can switch bandit algorithms in include/afl-fuzz.h. The unaltered AFL++ and MOpt-AFL++ can be build by checking out the tag baseline in the main branch.

How to use

In all the images, the built fuzzer is registered as the afl-fuzz command. The basic usage of the fuzzers is the same as the unaltered AFL++. To run the fuzzers, you need to give the paths to program, the initial seeds, and the output directory at least (e.g. afl-fuzz -i ./seeds/ -o ./output -- ./program @@). Of course, you can feed the other command line arguments the same way as AFL++.

However, note that you should never use -L because it enables MOpt instead of each online optimization method incorporated.

How to take the benchmarks taken in our paper

In our paper, we used as benchmarks FuzzBench and MAGMA, both of which are very standardized and don't require much of manual effort.

To run these benchmarks, please follow the instructions of FuzzBench and MAGMA:

The results of benchmarks are left in ./benchs of the benchmark branch.

Citation

@inproceedings{SLOPT-ACSAC22,
  author    = {Yuki Koike and
               Hiroyuki Katsura and
               Hiromu Yakura and
               Yuma Kurogome},
  title     = {SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing},
  booktitle = {Proceedings of the 38th Annual Computer Security Applications Conference,
               {ACSAC} 2022, Austin, TX, USA, December 5-9, 2022},
  pages     = {to apper},
  publisher = {{ACM}},
  year      = {2022},
}

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • C 74.3%
  • C++ 14.2%
  • Shell 3.4%
  • Makefile 3.3%
  • Python 3.2%
  • Rust 0.8%
  • Other 0.8%