Abstract:The operating system kernel is the most fundamental software component in a computer system. It controls and manages computer hardware resources and provides interfaces and services necessary for accessing and managing other applications. The security of the operating system kernel directly affects the stability and reliability of the entire computer system. Kernel fuzzing is an efficient and accurate security vulnerability detection method. However, in current kernel fuzzing work, the overhead of calculating the relationship between system calls is too high, or it is easy to misjudge the relationship between system calls. In addition, the existing method for constructing system call sequences lacks reasonable energy allocation, making it difficult to explore problems of low-frequency system calls. This study proposes to learn the relationship between system calls by using an N-gram model and prioritize the expansion of system calls with low frequency or high TF-IDF values based on the frequency and TF-IDF information of system call occurrences. With minimal overhead, this study achieves a coverage increase of 15.8% and 14.7% in 24-hour experiments on Linux versions 4.19 and 5.19, respectively. Besides, one known CVE (CVE-2022-3524) and eight new crashes are discovered, one of which is numbered CNNVD (CNNVD-2023-84723975).