Greybox fuzzing as a contextual bandits problem
作者: Aditya Kanade , Ketan Patil
DOI:
关键词: Fuzzy logic 、 Instrumentation (computer programming) 、 Theoretical computer science 、 Computer science 、 Test case 、 Fuzz testing
摘要: Greybox fuzzing is one of the most useful and effective techniques for bug detection in large scale application programs. It uses minimal amount instrumentation. American Fuzzy Lop (AFL) a popular coverage based evolutionary greybox tool. AFL performs extremely well fuzz testing applications finding critical vulnerabilities, but involves lot heuristics while deciding favored test case(s), skipping cases during fuzzing, assigning iterations to case(s). In this work, we aim at replacing case random fuzzing. We formalize problem as `contextual bandit problem' propose an algorithm solve problem. have implemented our approach on top AFL. modify AFL's with learned model through policy gradient method. Our learning selects multiplier number be assigned given fixed length substring fuzzed. new energy value continuously updates upon interesting it produces
arxiv.org
harvard.edu参考文章(15)
Gerald Tesauro, TD-Gammon: A Self-Teaching Backgammon Program Springer, Boston, MA. pp. 267- 285 ,(1995) , 10.1007/978-1-4757-2379-3_11
David A. Molnar, Michael Y. Levin, Patrice Godefroid, Automated Whitebox Fuzz Testing. network and distributed system security symposium. ,(2008)
Alexandre Rebert, David Brumley, Thanassis Avgerinos, Gustavo Grieco, Sang Kil Cha, Jonathan Foote, David Warren, Optimizing seed selection for fuzzing usenix security symposium. pp. 861- 875 ,(2014)
Lihong Li, Wei Chu, John Langford, Robert E. Schapire, A contextual-bandit approach to personalized news article recommendation the web conference. pp. 661- 670 ,(2010) , 10.1145/1772690.1772758
Maverick Woo, Sang Kil Cha, Samantha Gottlieb, David Brumley, Scheduling black-box mutational fuzzing computer and communications security. pp. 511- 522 ,(2013) , 10.1145/2508859.2516736
Vijay Ganesh, Tim Leek, Martin Rinard, Taint-based directed whitebox fuzzing international conference on software engineering. pp. 474- 484 ,(2009) , 10.1109/ICSE.2009.5070546
Clay B. Holroyd, Michael G. H. Coles, The neural basis of human error processing: Reinforcement learning, dopamine, and the error-related negativity. Psychological Review. ,vol. 109, pp. 679- 709 ,(2002) , 10.1037/0033-295X.109.4.679
Volodymyr Mnih, Koray Kavukcuoglu, David Silver, Andrei A Rusu, Joel Veness, Marc G Bellemare, Alex Graves, Martin Riedmiller, Andreas K Fidjeland, Georg Ostrovski, Stig Petersen, Charles Beattie, Amir Sadik, Ioannis Antonoglou, Helen King, Dharshan Kumaran, Daan Wierstra, Shane Legg, Demis Hassabis, None, Human-level control through deep reinforcement learning Nature. ,vol. 518, pp. 529- 533 ,(2015) , 10.1038/NATURE14236
Marcel Böhme, Van-Thuan Pham, Abhik Roychoudhury, Coverage-based Greybox Fuzzing as Markov Chain computer and communications security. pp. 1032- 1043 ,(2016) , 10.1145/2976749.2978428
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, None, Driller: Augmenting Fuzzing Through Selective Symbolic Execution. network and distributed system security symposium. ,(2016) , 10.14722/NDSS.2016.23368