ParaFuzz: Grey-Box Fuzzing Based on Distributed Parallelization

Abstract

In recent years, fuzzing has become the most popular and effective vulnerability mining technique due to high degree of automation and versatility. In order to improve the characteristics of fuzz testing such as blindness and inefficiency, a large number of studies have been conducted to optimize the design of each step. Since fuzzing is typically a computationally intensive process, and the performance improved by algorithm optimization is always limited on a single machine, parallel computing to improve the performance of fuzzing is of great research value. However, parallelization of fuzzing must face and overcome challenges such as task conflicts, scalability in distributed environments, data synchronization overhead and workload imbalance. In this paper, we set out to solve each challenge in parallelized fuzzing and propose ParaFuzz, a new parallelized fuzzing tool. ParaFuzz manage and distribute seeds centrally in a client/server architecture to avoid task conflicts, solve workload balancing problems through a request/response model. A unique global sharing mechanism is designed for different information characteristics, and a variant strategy selection mechanism is proposed to improve the efficiency of fuzzing at the task scheduling level. Results from ParaFuzz tests on the LAVA-M test set and two real-world applications show up to 66% improvement in code path discovery compared to AFL native parallel mode at 8-node parallel scale.