*Article* **MooFuzz: Many-Objective Optimization Seed Schedule for Fuzzer**

**Xiaoqi Zhao, Haipeng Qu \*, Wenjie Lv, Shuo Li and Jianliang Xu**

> College of Information Science and Engineering, Ocean University of China, Qingdao 266100, China; zhaoxiaoqi@stu.ouc.edu.cn (X.Z.); lwj3656@stu.ouc.edu.cn (W.L.); li\_shuo@stu.ouc.edu.cn (S.L.); xjl9898@ouc.edu.cn (J.X.)

**\*** Correspondence: quhaipeng@ouc.edu.cn

**Abstract:** Coverage-based Greybox Fuzzing (CGF) is a practical and effective solution for finding bugs and vulnerabilities in software. A key challenge of CGF is how to select conducive seeds and allocate accurate energy. To address this problem, we propose a novel many-objective optimization solution, MooFuzz, which can identify different states of the seed pool and continuously gather different information about seeds to guide seed schedule and energy allocation. First, MooFuzz conducts risk marking in dangerous positions of the source code. Second, it can automatically update the collected information, including the path risk, the path frequency, and the mutation information. Next, MooFuzz classifies seed pool into three states and adopts different objectives to select seeds. Finally, we design an energy recovery mechanism to monitor energy usage in the fuzzing process and reduce energy consumption. We implement our fuzzing framework and evaluate it on seven real-world programs. The experimental results show that MooFuzz outperforms other state-of-the-art fuzzers, including AFL, AFLFast, FairFuzz, and PerfFuzz, in terms of path discovery and bug detection.

**Keywords:** seed schedule; many-objective optimization; fuzzing; bug detection; path discovery

**Citation:** Zhao, X.; Qu, H.; Lv, W.; Li, S.; Xu, J. MooFuzz: Many-Objective Optimization Seed Schedule for Fuzzer. *Mathematics* **2021**, *9*, 205. https://doi.org/ 10.3390/math9030205

Academic Editors: Amir H. Alavi and Gai-Ge Wang Received: 22 December 2020 Accepted: 16 January 2021 Published: 20 January 2021

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).
