Boosting Fuzzer Efficiency: An Information Theoretic Perspective.

This article discusses the concept of fuzzing as a learning process, using Shannon's entropy to quantify the efficiency of a fuzzer in discovering new behaviors of a program. The authors propose an entropy-based power schedule called "Entropic" for greybox fuzzing, assigning more energy to seeds that reveal more information about a program's behaviors. This approach is implemented in the popular greybox fuzzer LibFuzzer and has been integrated into Google and Microsoft's fuzzing platforms. The paper highlights that the efficiency of a fuzzer is determined by the average information each generated input reveals about a program's behaviors. The authors conducted experiments with over 250 open-source programs, demonstrating a substantial improvement in efficiency and confirming their hypothesis that an efficient fuzzer maximizes information.