ShapFuzz: Efficient Fuzzing via Shapley-Guided Byte Selection
Kunpeng Zhang
Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Fuzzing
Mutation-based fuzzing stands as a critical technique in the arsenal of vulnerability researchers, instrumental in uncovering software bugs and exploring uncharted code paths. Despite its widespread adoption and proven efficacy, a fundamental inefficiency persists: the indiscriminate mutation of input bytes. Traditional fuzzers often lack a nuanced understanding of which specific bytes within an input exert the most influence over program execution and, consequently, new code discovery. This leads to a significant waste of computational resources, as a vast majority of mutations fail to yield meaningful progress. Kunpeng Zhang's talk on SHAPFUZZ at the NDSS Symposium directly addresses this inefficiency by introducing a novel, principled approach to quantify and leverage the importance of individual input bytes.