Journal ArticleFuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and ExperimentsBotacin, MarcusBotacin; TAMU<p>In real life, distinct runs of the same artifact lead to the exploration of different paths, due to either system’s natural randomness or malicious constructions. These variations might completely change execution outcomes (extreme case). Thus, to analyze malware beyond theoretical models, we must consider the execution of multiple paths. The academic literature presents many approaches for multipath analysis (e.g., fuzzing, symbolic, and concolic executions), but it still fails to answer<italic>What’s the current state of multipath malware tracing?</italic>This work aims to answer this question and also to point out<italic>What developments are still required to make them practical?</italic>Thus, we present a literature survey and perform experiments to bridge theory and practice. Our results show that (i) natural variation is frequent; (ii) fuzzing helps to discover more paths; (iii) fuzzing can be guided to increase coverage; (iv) forced execution maximizes path discovery rates; (v) pure symbolic execution is impractical, and (vi) concolic execution is promising but still requires further developments.</p>ACM2024-12-3110611833Digital Threats: Research and Practice541 to 332576-5337https://doi.org/10.1145/37001472327427malwaretracingfuzzersymbolic execution1.0National Science Foundation