This paper investigates distribution-robust approaches to multi-target coverage-based greybox fuzzing, proposing a minimax optimization framework with entropy regularization. Through controlled experiments, it demonstrates significant improvements over baseline methods in crash discovery and vulnerability detection.
Key findings
Proposes a minimax optimization framework with entropy regularization for worst-case target coverage.
Conducted controlled experiments with 210 independent runs across seven treatment conditions.
Distribution-robust approaches showed large effect sizes for crash discovery, with 200-265% relative improvement over the naive multi-target baseline.
Limitations & open questions
Further research is needed to explore the scalability of the proposed approach to larger software systems.
The study's findings may not be generalizable to all types of software components and vulnerabilities.