Not All Comparisons Are Equal:An Improvement for Input-to-State Correspondence Method

Recently, more and more runtime information such as operands of comparison instructions and parameters of function calls has been used for mining vulnerabilities in real world software, while not paying attention to the difference of those information, which reduces the efficiency of the entire mining process. To make full use of the extracted information, we propose incremental information guided method for binary software vulnerability mining based on the input-to-state correspondence method, which prioritize extract information dynamically by combining static analysis and runtime information, and schedule more computing resource to those related input bytes or execution paths. Finally, we developed a prototype system called FocusFuzz, a grey-box fuzzer for mining more vulnerabilities quickly and efficiently, and we evaluated FocusFuzz on LAVA-M dataset and compared it with REDQUEEN. The experiments show that FocusFuzz find vulnerabilities equally and generate only 3% test cases on average comparing with the original method, which significantly improves the efficiency.