[Review] autofz: Automated Fuzzer Composition at Runtime

Link here

This paper proposes a new fuzzing mechanism which integrates several fuzzers to perform a unique fuzzing process. For every workload, one or several optimal mixture of fuzzers are employed for fuzzing. Unlike the early work, autofz:

1. Do not need presetting and human efforts.
2. Allocate fuzzers for every workload, rather than every program.

Background:

• A large amount of fuzzers have been created, which makes it difficult to choose a proper fuzzer for a specific fuzzing.
• No universal fuzzer perpetually outperforms others, so choosing a optimal fuzzer will be difficult.
• The efficiency of a fuzzer may not last for the whole fuzzing process.
• Fuzzing is a random process, a optimal fuzzer may not always be that case.

Implementation:

• Divide fuzzing process into two phases, preparation phase and focus phase.
• In preparation phase, autofz tests every fuzzers and finds one or several well-performed fuzzers.
• In focus phase, autofz allocates different resources for fuzzers chosen from preparation phase to perform fuzzing.
• A workload is composed of a preparation phase and a focus phase, and a fuzzing process is composed of several workloads.

​

Evaluation:

• Setup: Ubuntu 20.04 equipped with AMD Ryzen 9 3900 having 24 cores and 32 GB memory.
• Baseline fuzzers: AFL, AFLFast, MOpt, FairFuzz, LearnAFL, QSYM, Angora, Redqueen, Radamsa, LAF-I NTEL, and libFuzzer.
• Evaluate coverage, bugs found, elasticity, and compare with collaborative fuzzing.

Future work:

• A better approach to choose the optimal fuzzers in the preparation phase.
• How to automatically choose the fuzzer set used.