Guan-fuzz: Argument Selection With Mean Shift Clustering for Multi-argument Fuzzing

Recently, fuzzers have become more important in software security. Various fuzzer strategies have been proposed continuously in order to improve the efficiency of fuzzer exploration. In order to find more program vulnerabilities, multi-parameter fuzzing has been proposed in recent years. For example, SQ-Fuzz and CRFuzz use multi-argument fuzzing to find many program vulnerabilities that were not found by single-argument fuzzer. However, there is no relevant research on optimizing parameter-based fuzzing at present. To make multi-argument fuzzer more efficient, selecting suitable combinations of command arguments is necessary. Therefore, in this paper, we propose Guan-fuzz, which uses the MeanShift algorithm to group the execution coverage of different program parameters. It can reduce the number of execution of similar parameters. The experimental results show that Guan-fuzz has 84% and 14% higher program coverage than AFL and SQ-Fuzzer. Guan-fuzz's improvement in multi-argument fuzzing is significant. Guan-fuzz can find more vulnerabilities that SQ-Fuzzu did not find, and in the real world programs, Guan-fuzz found 41 new bugs, of which 32 have been fixed, and eight have been assigned CVE IDs.