WenxuanShi
DeadlinesBlog ↗

BandFuzz

🥇
SBFT24 Fuzzing Competetion
Ranked #1

BandFuzz is a novel collaborative fuzzer designed to optimize performance. BandFuzz employs reinforcement learning algorithms to schedule fuzzing strategies in real-time.

framework of BandFuzz

Benchmark Results

SBFT24 Fuzzing Competetion (mutation test)

🏆 BandFuzz is the winner in the SBFT24 Fuzzing Competition, which use mutation test as the ranking metric. BandFuzz achieved the highest number of mutant kills in total, as well as the highest average mutation score. BandFuzz also achieved the highest coverage of mutants.

Mutation Testing Result (final ranking) ↗Fuzzbench report ↗

AIxCC Semifinal Competition

Team 42-b3yond-6ug advanced to the AIxCC final competition as one of the top 7 teams from a field of 42 participants. BandFuzz serves as an integral component of the team's cyber reasoning system, delivering rapid bug discovery capabilities.

Scoreboards ↗Team 42-b3yond-6ug ↗

BandFuzz versus individual fuzzers

BandFuzz matched the effectiveness of the best-performing individual fuzzer for each program in the benchmark. Furthermore, BandFuzz demonstrated superior performance over all the individual fuzzers in several of the programs within the benchmark.

Fuzzbench report ↗

BandFuzz versus autofz*

When using the same set of eight common open-source fuzzers, BandFuzz-8 outperformed autofz-8 by an average of 15% in branch coverage. Moreover, despite utilizing fewer fuzzers than autofz-11, BandFuzz-8 achieved an average of 5% higher branch coverage.

*autofz is a SOTA fuzzer-ensemble tool.

Get BandFuzz

Run BandFuzz++

A enhanced version of BandFuzz, optimized for real-world competition. BandFuzz++ contributed to team 42-b3yond-6ug's achievement of multiple "fist bug discovery" badges during the AIxCC semi-final competition.

Github ↗

Read our Paper

Read the preprint paper about how we design BandFuzz and the detailed evaluations over real-world programs.

arXiv ↗

FAQ

(1) What are the benefits of collaborative fuzzing compared to using individual fuzzers?

By combining different fuzzing techniques and tools, we can create a more robust and comprehensive fuzzer. Each fuzzer contributes its unique strengths, such as different mutation algorithms, coverage-guided strategies, or execution environments. The synergy achieved by amalgamating these distinct approaches significantly increases the likelihood of discovering previously elusive software vulnerabilities.

(2) Why does BandFuzz outperform other fuzzer-ensemble tools?

BandFuzz utilizes reinforcement learning algorithms to dynamically choose the most efficient fuzzer for each iteration, based on real-time performance data. This approach minimizes redundant exploration in the search space.

List of Supported Fuzzers

AFL based fuzzers

  • AFL
  • AFLFast
  • FairFuzz
  • Darwin

AFL++ based fuzzers

  • RedQueen
  • MOpt
  • LAF-Intel
  • Radamsa

Others

  • libAFL
  • Angora
  • honggfuzz
  • symsan

Award

SBFT24