AFLSmart plus plus : Smarter Greybox Fuzzing

Model/grammar-based greybox fuzzing has gained attention from both industry and academia due to its capability of discovering bugs/vulnerabilities in programs taking highly-structured inputs. AFLSmart is a specific example. It is a modelbased fuzzer that focuses on chunk-based file formats like PNG, PDF and WAV. Its effectiveness is enabled by carefully-designed high-level mutation operators-that work at data chunk levels- and other heuristics such as its validity-based power schedule and deferred cracking mechanism. In this work, we present an extension of AFLSmart in which we explore some design options to (i) support structure-aware low-level mutation operators-that work at bit-byte-word-dword levels-and (ii) improve AFLSmart's usability and applicability with the so-called composite input model. The extension is called AFLSmart++ and it was evaluated independently-along with 11 other fuzzers-on the Google FuzzBench in a large-scale competition setup. The results show that AFLSmart++ secures the 3rd place in terms of bug finding but it ranks 11th based on its code coverage achievement.