Abstract:In recent years, fuzz testing has become one of the most popular and efficient methods to detect program bugs and vulnerabilities. By mutating seed files, fuzzing tools generate a large volume of test inputs, and feed them to the program under test in order to expose security weakness. Current researches mostly focus on improving the mutation algorithm to make newly generated files cover more target program codes. However, little attention had been paid to elaborately optimizing the policies to sort seed files to be fuzzed, which prioritizes the seed files with higher probability to cover new program spaces in the fuzzing process, and consequently improves the efficiency of fuzzing. Therefore, we proposed a coverage frequency based selection approach to guide the fuzzer to execute promising seed files first. To do so, we first kept tracking how many times each edge between two basic blocks has been executed by the target program in the fuzz testing. Based on the number that each edge has been executed, we then categorized them into high-frequency edges and low-frequency edges. Only seeds containing more low-frequency edges, as well as being executed very fast by the target program, were assigned with high priority. We implemented our method on American Fuzzy Lop (AFL), one of the most popular fuzzers and applied the modified AFL version to 5 real world programs. The result shows that our approach can improve both the efficiency of AFL and the code coverage explored in the target program.