# Mix Schedule
#以下为AFLFast原公告(中文为添加)
<a href="https://mboehme.github.io/paper/CCS16.pdf"><img src="https://mboehme.github.io/paper/CCS16.png" align="right" width="250"></a>
Power schedules implemented by Marcel Böhme \<[email protected]\>.
AFLFast is an extension of AFL which is written and maintained by
Michal Zalewski \<[email protected]\>.
**Update**: Checkout [AFL++](https://github.com/vanhauser-thc/AFLplusplus) which is actively maintained and implements AFLFast power schedules!
AFLFast is a fork of AFL that has been shown to outperform AFL 1.96b by an **order of magnitude**! It helped in the success of Team Codejitsu at the finals of the DARPA Cyber Grand Challenge where their bot Galactica took **2nd place** in terms of #POVs proven (see red bar at https://www.cybergrandchallenge.com/event#results). AFLFast exposed several previously unreported CVEs that could not be exposed by AFL in 24 hours and otherwise exposed vulnerabilities significantly faster than AFL while generating orders of magnitude more unique crashes.
Essentially, we observed that most generated inputs exercise the same few "high-frequency" paths and developed strategies to gravitate towards low-frequency paths, to stress significantly more program behavior in the same amount of time. We devised several **search strategies** that decide in which order the seeds should be fuzzed and **power schedules** that smartly regulate the number of inputs generated from a seed (i.e., the time spent fuzzing a seed). We call the number of inputs generated from a seed, the seed's **energy**.
We find that AFL's exploitation-based constant schedule assigns **too much energy to seeds exercising high-frequency paths** (e.g., paths that reject invalid inputs) and not enough energy to seeds exercising low-frequency paths (e.g., paths that stress interesting behaviors). Technically, we modified the computation of a seed's performance score (`calculate_score`), which seed is marked as favourite (`update_bitmap_score`), and which seed is chosen next from the circular queue (`main`). We implemented the following schedules (in the order of their effectiveness, best first 其中mix为fast,explore,quad三种策略的结合,是本人实验结果,且默认为mix能量分配策略(Mix Schedule)):
| AFL flag | Power Schedule |
| ------------- | -------------------------- |
| `-p fast` (default)| ![FAST](http://latex.codecogs.com/gif.latex?p(i)=\\min\\left(\\frac{\\alpha(i)}{\\beta}\\cdot\\frac{2^{s(i)}}{f(i)},M\\right)) |
| `-p coe` | ![COE](http://latex.codecogs.com/gif.latex?p%28i%29%3D%5Cbegin%7Bcases%7D%200%20%26%20%5Ctext%7B%20if%20%7D%20f%28i%29%20%3E%20%5Cmu%5C%5C%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%202%5E%7Bs%28i%29%7D%2C%20M%5Cright%29%20%26%20%5Ctext%7B%20otherwise.%7D%20%5Cend%7Bcases%7D) |
| `-p explore` | ![EXPLORE](http://latex.codecogs.com/gif.latex?p%28i%29%3D%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D) |
| `-p quad` | ![QUAD](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%5Cfrac%7Bs%28i%29%5E2%7D%7Bf%28i%29%7D%2CM%5Cright%29) |
| `-p lin` | ![LIN](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%5Cfrac%7Bs%28i%29%7D%7Bf%28i%29%7D%2CM%5Cright%29) |
| `-p exploit` (AFL) | ![LIN](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Calpha%28i%29) |
where *α(i)* is the performance score that AFL uses to compute for the seed input *i*, *β(i)>1* is a constant, *s(i)* is the number of times that seed *i* has been chosen from the queue, *f(i)* is the number of generated inputs that exercise the same path as seed *i*, and *μ* is the average number of generated inputs exercising a path.
More details can be found in our paper that was recently accepted at the [23rd ACM Conference on Computer and Communications Security (CCS'16)](https://www.sigsac.org/ccs/CCS2016/accepted-papers/).
PS: The most recent version of AFL (2.33b) implements the explore schedule which yielded a significance performance boost. We are currently conducting experiments with a hybrid version between AFLFast and 2.33b and report back soon.
PPS: In parallel mode (several instances with shared queue), we suggest to run the master using the exploit schedule (-p exploit) and the slaves with a combination of cut-off-exponential (-p coe), exponential (-p fast; default), and explore (-p explore) schedules. In single mode, the default settings will do. **EDIT:** In parallel mode, AFLFast seems to perform poorly because the path probability estimates are incorrect for the imported seeds. Pull requests to fix this issue by syncing the estimates accross instances are appreciated :)
Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.
Released under terms and conditions of Apache License, Version 2.0.
# mix策略(Mix Schedule)要述
## 背景:
经本人测试各个算法(EXPLOIT/AFL、EXPLORE、COE、LINEAR、QUAD、FAST)的结果进行分析发现各个策略有各个的优势,根据之前的实验,以及结合各能量分配策略的能量分配方式,产生了一些想法,或许不同的策略适合不同的被测试对象?那么是否可以让每个能量分配策略都有机会进行实践呢?于是设计了一款能量分配方式:设计一个转换器,根据一定的策略改变能量分配策略,我将这样的策略称之为Mix Schedule,混合策略。
## Mix Schedule中的核心策略选择:
根据测试,在我的测试结果中前三位的是FAST、COE、QUAD,我试过将每个策略都轮转的方式,反而降低了效率,所以仅采用这三个策略。
## 现有策略分析:
1. Exponential Schedule (FAST)
`p(i)=min((α(i)/β)*(2^s(i) /f(i) ),M)`
其中α(i)是算法中assignEnergy的实现。s(i)表示种子ti之前从队列T中选到的次数。f(i)表示执行状态为i的生成的输入的数量。M则是能量的上限值。其中β>1。这其实是对COE的扩展,即当f(i)>μ时不再完全不对ti进行Fuzz处理。s (i)放在指数部分:期望的种子队列T本质上需要一个维护一个探索低密度区的输入序列,所以如果s(i)越大,直接含义上表示从输入队列中选择ti输入的次数越多,也就是说状态i达到的路径数越少,状态i处于低密度区,所以放在指数上,ti选取越多,就给它高能量值。
2. Cut-Off Exponential (COE)
当 f(i)>μ `P(i)=0`
其他情况 `p(i)=min((α(i)/β)*2^s(i) ,M)`
其中μ=∑i∈S+f(i)/∣S+∣,也就是说说μ是探索到的所有路径后生成数目数量的均值。其中α(i)是算法中assignEnergy的实现。s(i)表示种子ti之前从队列T中选到的次数。M则是能量的上限值。其中β>1。
3. Quadratic Schedule (QUAD)
`p(i)=min((α(i)/β)*((s(i)^2)/f(i) ),M)`
其中α(i)是算法中assignEnergy的实现。s(i)表示种子ti之前从队列T中选到的次数。f(i)表示执行状态为i的生成的输入的数量。M则是能量的上限值。其中β>1。以二次方式增加状态i的能量,其中ti已从T中选择ti的次数s(i),与路径的模糊能量f(i)成正比。
## mix策略(Mix Schedule)
经过一系列的实验探索,mix策略最终定稿:
先运行4个小时的EXPLORE策略,一旦转换器监测到4个小时过去了,这立即切换到FAST策略,同时转换器实时监测,一旦发现FAST策略期间新路径的寻找效率低于0.05 paths/min 则切换能量分配策略为QUAD,当转换器实时监测到在QUAD策略期间新路径的寻找效率低于0.066 paths/min 则切换能量分配策略为FAST,如此反复。
## 结果
经测试,效率有提升:
FAST策略在运行1400分钟后新路径探索数大概在1572左右,Mix Schedule策略在运行1400分钟后新路径探索数大概在1750左右,Mix Schedule策略的新路径寻找比例比FAST策略�
没有合适的资源?快使用搜索试试~ 我知道了~
毕业设计 基于AFLFast对能量分配策略改进源码+详细文档+全部数据资料 高分项目.zip
共185个文件
sql:29个
c:15个
dict:11个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 172 浏览量
2024-05-08
08:22:51
上传
评论
收藏 891KB ZIP 举报
温馨提示
【资源说明】 毕业设计 基于AFLFast对能量分配策略改进的源码+详细文档+全部数据资料 高分项目.zip毕业设计 基于AFLFast对能量分配策略改进的源码+详细文档+全部数据资料 高分项目.zip 【备注】 1、该项目是高分毕业设计项目源码,已获导师指导认可通过,答辩评审分达到95分 2、该资源内项目代码都经过mac/window10/11/linux测试运行成功,功能ok的情况下才上传的,请放心下载使用! 3、本项目适合计算机相关专业(如软件工程、计科、人工智能、通信工程、自动化、电子信息等)的在校学生、老师或者企业员工下载使用,也可作为毕业设计、课程设计、作业、项目初期立项演示等,当然也适合小白学习进阶。 4、如果基础还行,可以在此代码基础上进行修改,以实现其他功能,也可直接用于毕设、课设、作业等。 欢迎下载,沟通交流,互相学习,共同进步!
资源推荐
资源详情
资源评论
收起资源包目录
毕业设计 基于AFLFast对能量分配策略改进源码+详细文档+全部数据资料 高分项目.zip (185个子文件)
small_archive.a 260B
afl-cmin 11KB
afl-plot 5KB
afl-whatsup 4KB
small_archive.arj 269B
as 2KB
firefox-bmp-leak.bmp 892B
not_kitty.bmp 630B
small_archive.bz2 176B
afl-fuzz.c 216KB
afl-tmin.c 25KB
afl-analyze.c 23KB
afl-showmap.c 16KB
afl-as.c 15KB
afl-clang-fast.c 9KB
afl-gcc.c 8KB
afl-llvm-rt.o.c 7KB
libdislocator.so.c 6KB
libtokencap.so.c 6KB
afl-gotcpu.c 5KB
post_library.so.c 4KB
post_library_png.so.c 3KB
persistent_demo.c 3KB
test-instr.c 789B
small_archive.cab 220B
afl-llvm-pass.so.cc 5KB
ChangeLog 73KB
COPYING 11KB
small_archive.cpio 512B
lesspipe-cpio-bad-write.cpio 512B
openssl-null-ptr2.der 398B
openssl-null-ptr.der 15B
pdf.dict 16KB
sql.dict 8KB
html_tags.dict 3KB
js.dict 2KB
xml.dict 2KB
tiff.dict 1KB
png.dict 768B
jpeg.dict 458B
json.dict 416B
webp.dict 360B
gif.dict 298B
README.dictionaries 2KB
shellshock-fuzz.diff 2KB
elfload.diff 1KB
cpu-exec.diff 981B
syscall.diff 896B
translate-all.diff 814B
README.dislocator 3KB
file-fpu-exception.elf 3KB
small_exec.elf 324B
strings-bfd-badptr2.elf 324B
strings-bfd-badptr.elf 324B
strings-unchecked-ctr.elf 141B
README.experiments 2KB
not_kitty.gif 198B
firefox-gif-leak2.gif 179B
firefox-gif-leak.gif 38B
.gitignore 101B
small_archive.gz 159B
afl-as.h 21KB
alloc-inl.h 12KB
config.h 11KB
afl-qemu-cpu-inl.h 7KB
debug.h 6KB
types.h 2KB
hash.h 2KB
argv-fuzz-inl.h 2KB
canvas_harness.html 3KB
not_kitty.ico 367B
INSTALL 7KB
not_kitty.jp2 293B
firefox-chrome-leak.jpg 2KB
photoshop-mem-leak.jpg 996B
msie-dht-leak.jpg 876B
libjpeg-sos-leak.jpg 642B
libjpeg-turbo-dht-leak.jpg 595B
not_kitty.jpg 413B
small_script.js 20B
msie-jxr-mem-leak.jxr 882B
jxrlib-crash4.jxr 526B
jxrlib-crash.jxr 512B
not_kitty.jxr 498B
jxrlib-crash3.jxr 492B
jxrlib-crash2.jxr 472B
small_archive.lha 182B
README.llvm 8KB
small_archive.lrz 260B
small_archive.lz 195B
small_archive.lzma 182B
small_archive.lzo 217B
Makefile 7KB
Makefile 4KB
Makefile 1003B
Makefile 987B
Readme.md 9KB
ffmpeg-h264-bad-ptr-800m.mp4 10KB
ffmpeg-h264-bad-read.mp4 4KB
small_movie.mp4 1KB
共 185 条
- 1
- 2
资源评论
不走小道
- 粉丝: 3203
- 资源: 5123
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功