Fannv He (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China, and School of Cyberspace Security, Hainan University, China), Yuan Liu (School of Cyber Engineering, Xidian University, China), Jice Wang (School of Cyberspace Security, Hainan University, China), Baiquan Wang (School of Cyberspace Security, Hainan University, China), Zezhong Ren (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China), Yuqing Zhang (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China; School of Cyberspace Security, Hainan University, China, and School of Cyber Engineering, Xidian University, China)
Fuzzing fundamentally relies on crash observability to guide its search. This paper breaks this premise by introducing MES, a novel anti-fuzzing system designed to make crashes unobservable. MES employs a compile-time address masking technique that instruments all memory accesses, ensuring they always refer to valid regions, thereby systematically suppressing memory-error crashes at their root. Our design stems from a validated foundational premise: invalid data accesses constitute the vast majority of crashes. Thus, a data-flow-centric suppression strategy offers the most effective defense. We evaluate MES through a three-pillar methodology: validating the premise via precise analysis of Binutils 2.13; assessing real-world efficacy against state-of-the-art fuzzers using the UNIFUZZ benchmark; and quantifying overhead/deployment scope with SPEC CPU 2017. MES is implemented as an LLVM compiler pass and a custom loader. Based on the experimental data obtained to date, MES demonstrates a strong capability to suppress memory-error crashes, with current results indicating a suppression rate exceeding 97% in our tests, which significantly impedes fuzzing progress. Preliminary performance measurements show that its overhead remains manageable within a well-defined operational envelope, supporting its promising potential as a practical defense in scenarios where crash suppression is critical. The full evaluation is ongoing to solidify these findings.