Improving Fuzzing Using Software Complexity Metrics

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and researchers use different approaches of dynamic and static software analysis; one of these approaches is called fuzzing. Fuzzing is performed by generating and sending potentially malformed data to an application under test. Since first appearance in 1988, fuzzing has evolved a lot, but issues which addressed to effectiveness evaluation have not fully investigated until now. In our research, we propose a novel approach of fuzzing effectiveness evaluation, taking into account semantics of executed code along with a quantitative assessment. For this purpose, we use specific metrics of source code complexity assessment adapted to perform analysis of machine code. We conducted effectiveness evaluation of these metrics on 104 widespread applications with known vulnerabilities. As a result of these experiments, we were able to identify a set of metrics that are more suitable to find bugs. In addition, we conducted separate experiments on 7 applications without known vulnerabilities by using the set of metrics. The experimental results confirmed that proposed approach can be applied to increase performance of the fuzzing. Moreover, the tools helped detect two critical zero day (previously unknown) vulnerabilities in the wide-spread applications.