Abstract:To solve the problem of low efficiency caused by random mutation, a more effective mutation strategy is proposed in this study. The proposed approach synthesizes different kinds of information to help the Fuzzer mutate seed file, i.e., the CFG of program, the characteristics of input seed file, the information of abnormal input detection, and the branch courage of the Fuzzer. Based on this strategy, we design a new Fuzzer which continuously monitors the execution path of each seed file used as input of target program. Meanwhile, as most path constraints depend on only a few bytes in the input, periodical byte-level taint tracking will be necessary in the whole fuzzing process. After all this, we can infer a one-to-many mapping relation between the new execution path and key bytes in seed files, which can highlight the target start-end tuples of the seed file with more possibility to explore new branches in the target program to mutate. The result shows our design can improve the branch coverage of target program and the efficient of Fuzzing.