Bitmap Fuzzing: A Comparative Analysis of Libfuzzer and AFL Tools

  • Anitha S Department of Computer Science and Engineering (Cyber Security), Sri Shakthi Institute of Engineering And Technology, Tamil Nadu, India
  • Bhadrika M.K Department of Computer Science and Engineering (Cyber Security), Sri Shakthi Institute of Engineering And Technology, Tamil Nadu, India
  • Induja R Department of Computer Science and Engineering (Cyber Security), Sri Shakthi Institute of Engineering And Technology, Tamil Nadu, India
  • Kanishka R Department of Computer Science and Engineering (Cyber Security), Sri Shakthi Institute of Engineering And Technology, Tamil Nadu, India
  • Kowshika M Department of Computer Science and Engineering (Cyber Security), Sri Shakthi Institute of Engineering And Technology, Tamil Nadu, India
  • Mahalakshmi M Department of Computer Science and Engineering (Cyber Security), Sri Shakthi Institute of Engineering And Technology, Tamil Nadu, India
DOI: https://doi.org/10.34256/ijcci2421
Keywords: Bitmap Fuzzing, LibFuzzer, AFL, Fuzz Testing

Abstract

This research work compares the effectiveness of bitmap fuzzing between two prominent algorithms exploited in LibFuzzer and AFL, aimed at identifying vulnerabilities in software handling bitmap images. Bitmap fuzzing generates varied image-based test cases that rigorously test software, revealing potential security flaws. In this analysis, LibFuzzer, an in-process guided fuzzer, and AFL, an external fuzzer driven by coverage feedback, are both utilized to evaluate their accuracy in detecting errors within bitmap-processing applications. The performance is assessed based on the types and frequency of errors found, offering a layered perspective on error-handling strength in image processing contexts. By recording software crashes and categorizing the faults, this proposed research provides important insights into the comparative strengths and limitations of these fuzzing tools. The experimental results aid significant improvements in fuzzing practices, enhancing security frameworks by enabling early identification of vulnerabilities in multimedia-focused applications. The devised comparative research highlights the critical role of fuzzing tools in building robust, resilient software defenses.

Metrics

Metrics Loading ...

References

D. Asprone, J. Metzman, A. Arya, G. Guizzo, F. Sarro, (2022) Comparing fuzzers on a level playing field with fuzzbench, IEEE Conference on Software Testing, Verification and Validation (ICST), IEEE, Spain. https://doi.org/10.1109/ICST53961.2022.00039

X. Zhu, S. Wen, S. Camtepe, Y. Xiang, Fuzzing: a survey for roadmap, ACM Computing Surveys (CSUR), 54(11s), (2022) 1-36. https://doi.org/10.1145/3512345

L. Sun, X. Li, H. Qu, X. Zhang, (2020) AFLTurbo: Speed up path discovery for greybox fuzzing, IEEE 31st International Symposium on Software Reliability Engineering (ISSRE), IEEE, Portugal. https://doi.org/10.1109/ISSRE5003.2020.00017

R. Dutra, R. Gopinath, A. Zeller, Formatfuzzer: Effective fuzzing of binary file formats, ACM Transactions on Software Engineering and Methodology, 33(2), (2023) 1-29. https://doi.org/10.1145/3628157

S. Song, C. Song, Y. Jang, B. Lee, CrFuzz: Fuzzing multi-purpose programs through input validation, Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, (2020) 690 – 700. https://doi.org/10.1145/3368089.3409769

J. Metzman, L. Szekeres, L. Simon, R. Sprabery, A. Arya, Fuzzbench: an open fuzzer benchmarking platform and service, In Proceedings of the 29th ACM joint meeting on European software engineering conference and symposium on the foundations of software engineering, (2021) 1393-1403. https://doi.org/10.1145/3468264.3473932

T. Kim, S. Hong, Y. Cho, AIMFuzz: Automated Function-Level In-Memory Fuzzing on Binaries, In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, (2024) 1510-1522. https://doi.org/10.1145/3634737.3644996

Y.C. Liang, H.C. Hsiao, icLibFuzzer: Isolated-context libFuzzer for Improving Fuzzer Comparability, In Workshop on Binary Analysis Research (BAR), 2021, (2021) 1-11.

X. Zhu, (2021). Detect Vulnerabilities Utilizing Fuzzing, Doctoral dissertation, Swinburne.

D.C. Maier, (2023) Automated security testing of unexplored targets through feedback-guided fuzzing, Technische Universitaet Berlin, Germany.

M. Strässle, (2024) Systematic Identification of Vulnerabilities in C and C++ Source Code through Fuzzing, OST Ostschweizer Fachhochschule

A. Frighetto, (2019) Coverage-guided binary fuzzing with REVNG and LLVM libfuzzer, Biblioteche e Archivi.

A. Fioraldi, A. Mantovani, D. Maier, D. Balzarotti, Dissecting american fuzzy lop: a fuzzbench evaluation, ACM transactions on software engineering and methodology, 32(2), (2023) 1-26. https://doi.org/10.1145/3580596

S.B. Chafjiri, P. Legg, J. Hong, M.A. Tsompanas, Vulnerability detection through machine learning-based fuzzing: A systematic review, Computers & Security, 143, (2024) 103903. https://doi.org/10.1016/j.cose.2024.103903

F.J.G.C. de Almeida, (2019) Generating Software Tests to Check for Flaws and Functionalities, Master's thesis, Universidade de Lisboa Portugal.

Published
2024-12-13
How to Cite
S, A., M.K, B., R, I., R, K., M, K., & M, M. (2024). Bitmap Fuzzing: A Comparative Analysis of Libfuzzer and AFL Tools. International Journal of Computer Communication and Informatics, 6(2), 1-18. https://doi.org/10.34256/ijcci2421
Issue
Vol. 6 No. 2 (2024): Volume 6, Issue 2, Year 2024
Section
Articles

Copyright (c) 2024 Anitha S, Bhadrika M.K, Induja R, Kanishka R, Kowshika M, Mahalakshmi M

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.




Views: Abstract : 27 | PDF : 19

Plum Analytics