Existing integrated fuzzing frameworks suffer from coarse-grained resource scheduling and seed evaluation, leading to inefficient resource utilization and suboptimal vulnerability detection. This paper proposes Legion, a dynamic fuzzing framework enabling coordinated execution of multiple fuzzers. Its core innovations are: (1) an online resource allocation mechanism based on Upper Confidence Bound (UCB) to dynamically balance exploration and exploitation across fuzzers; and (2) a multi-dimensional seed evaluation and prioritization strategy incorporating code coverage, path depth, and crash diversity. Evaluated on ten mainstream open-source projects, Legion achieves an average 12.7% improvement in branch coverage over state-of-the-art baselines—including AFL++ and QSYM—and discovers 20 vulnerabilities, among which five are previously unknown (including three assigned CVE identifiers). These results demonstrate Legion’s superior efficiency, scalability, and effectiveness in automated vulnerability discovery.

Fuzzing is widely used for detecting bugs and vulnerabilities, with various techniques proposed to enhance its effectiveness. To combine the advantages of multiple technologies, researchers proposed ensemble fuzzing, which integrates multiple base fuzzers. Despite promising results, state-of-the-art ensemble fuzzing techniques face limitations in resource scheduling and performance evaluation, leading to unnecessary resource waste. In this paper, we propose Legion, a novel ensemble fuzzing framework that dynamically schedules resources during the ensemble fuzzing campaign. We designed a novel resource scheduling algorithm based on the upper confidence bound algorithm to reduce the resource consumption of ineffective base fuzzers. Additionally, we introduce a multidimensional seed evaluation strategy, which considers multiple metrics to achieve more comprehensive fine-grained performance evaluation. We implemented Legion as a prototype tool and evaluated its effectiveness on Google's fuzzer-test-suite as well as real-world open-source projects. Results show that Legion outperforms existing state-of-the-art base fuzzers and ensemble fuzzing techniques, detecting 20 vulnerabilities in real-world open-source projects-five previously unknown and three classified as CVEs.