SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge

Yi Li; Xi Xiao; Xiaogang Zhu; Xiao Chen; Sheng Wen; Bin Zhang

doi:10.1109/TrustCom50675.2020.00068

SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge

Yi Li, Xi Xiao, Xiaogang Zhu, Xiao Chen, Sheng Wen, Bin Zhang

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

Abstract

Fuzzing has been a great success in discovering real-world complex programs vulnerabilities. However, fuzzing achieves this effect by blindly generating a large number of test cases, which undoubtedly contains a lot of meaningless mutation inputs. To solve the blindness, machine learning technology is applied to fuzzing in recent work. Some of the machine learning based methods focus on locating and mutating the key bytes in the input, but they do not pay attention to the characteristics in the field of fuzzing when they combine machine learning technology with fuzzing. In this paper, we implement a new fuzzer, called Speed-Neuzz, which uses neural networks to model the branch behaviours of the program based on accurate training data after mitigating the hash collision of AFL. Furthermore, SpeedNeuzz locates and mutates critical bytes in the program input with a gradient-based strategy as well as neighbor edge information. Taking the neighbor edge knowledge into account, we can further reduce the blindness of the mutation based on gradient information so that SpeedNeuzz can generate a large number of quality inputs. Experiments on several real-world programs prove that SpeedNeuzz can achieve higher edge coverage than the state-of-the-art fuzzer NEUZZ under the same time budget.

Original language	English
Title of host publication	Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
Editors	Guojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	450-457
Number of pages	8
ISBN (Electronic)	9780738143804
ISBN (Print)	9781665403931
DOIs	https://doi.org/10.1109/TrustCom50675.2020.00068
Publication status	Published - 2020
Event	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020 - Guangzhou, China Duration: 29 Dec 2020 → 1 Jan 2021 Conference number: 19th http://ieee-trustcom.org/TrustCom2020/home.htm (Proceedings)

Publication series

Name	2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020
Publisher	The Institute of Electrical and Electronics Engineers, Inc.
ISSN (Print)	2324-898X
ISSN (Electronic)	2324-9013

Conference

Conference	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020
Abbreviated title	TrustCom 2020
Country	China
City	Guangzhou
Period	29/12/20 → 1/01/21
Internet address	http://ieee-trustcom.org/TrustCom2020/home.htm (Proceedings)

Keywords

Coverage-guided Fuzzing
Neural Network
Program Smoothing

Access to Document

10.1109/TrustCom50675.2020.00068

Link to publication in Scopus

Cite this

Li, Y., Xiao, X., Zhu, X., Chen, X., Wen, S., & Zhang, B. (2020). SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge. In G. Wang, R. Ko, M. Z. A. Bhuiyan, & Y. Pan (Eds.), Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 (pp. 450-457). (2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TrustCom50675.2020.00068

Li, Yi ; Xiao, Xi ; Zhu, Xiaogang ; Chen, Xiao ; Wen, Sheng ; Zhang, Bin. / SpeedNeuzz : speed up neural program approximation with neighbor edge knowledge. Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. editor / Guojun Wang ; Ryan Ko ; Md Zakirul Alam Bhuiyan ; Yi Pan. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2020. pp. 450-457 (2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020).

@inproceedings{1ea8837612e44f6daffa14e1becc9ce9,

title = "SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge",

abstract = "Fuzzing has been a great success in discovering real-world complex programs vulnerabilities. However, fuzzing achieves this effect by blindly generating a large number of test cases, which undoubtedly contains a lot of meaningless mutation inputs. To solve the blindness, machine learning technology is applied to fuzzing in recent work. Some of the machine learning based methods focus on locating and mutating the key bytes in the input, but they do not pay attention to the characteristics in the field of fuzzing when they combine machine learning technology with fuzzing. In this paper, we implement a new fuzzer, called Speed-Neuzz, which uses neural networks to model the branch behaviours of the program based on accurate training data after mitigating the hash collision of AFL. Furthermore, SpeedNeuzz locates and mutates critical bytes in the program input with a gradient-based strategy as well as neighbor edge information. Taking the neighbor edge knowledge into account, we can further reduce the blindness of the mutation based on gradient information so that SpeedNeuzz can generate a large number of quality inputs. Experiments on several real-world programs prove that SpeedNeuzz can achieve higher edge coverage than the state-of-the-art fuzzer NEUZZ under the same time budget.",

keywords = "Coverage-guided Fuzzing, Neural Network, Program Smoothing",

author = "Yi Li and Xi Xiao and Xiaogang Zhu and Xiao Chen and Sheng Wen and Bin Zhang",

year = "2020",

doi = "10.1109/TrustCom50675.2020.00068",

language = "English",

isbn = "9781665403931",

series = "2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

pages = "450--457",

editor = "Guojun Wang and Ryan Ko and Bhuiyan, {Md Zakirul Alam} and Yi Pan",

booktitle = "Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020",

address = "United States of America",

note = "IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020, TrustCom 2020 ; Conference date: 29-12-2020 Through 01-01-2021",

url = "http://ieee-trustcom.org/TrustCom2020/home.htm",

}

Li, Y, Xiao, X, Zhu, X, Chen, X, Wen, S & Zhang, B 2020, SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge. in G Wang, R Ko, MZA Bhuiyan & Y Pan (eds), Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 450-457, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020, Guangzhou, China, 29/12/20. https://doi.org/10.1109/TrustCom50675.2020.00068

SpeedNeuzz : speed up neural program approximation with neighbor edge knowledge. / Li, Yi; Xiao, Xi; Zhu, Xiaogang; Chen, Xiao; Wen, Sheng; Zhang, Bin.

Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. ed. / Guojun Wang; Ryan Ko; Md Zakirul Alam Bhuiyan; Yi Pan. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2020. p. 450-457 (2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - SpeedNeuzz

T2 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020

AU - Li, Yi

AU - Xiao, Xi

AU - Zhu, Xiaogang

AU - Chen, Xiao

AU - Wen, Sheng

AU - Zhang, Bin

N1 - Conference code: 19th

PY - 2020

Y1 - 2020

N2 - Fuzzing has been a great success in discovering real-world complex programs vulnerabilities. However, fuzzing achieves this effect by blindly generating a large number of test cases, which undoubtedly contains a lot of meaningless mutation inputs. To solve the blindness, machine learning technology is applied to fuzzing in recent work. Some of the machine learning based methods focus on locating and mutating the key bytes in the input, but they do not pay attention to the characteristics in the field of fuzzing when they combine machine learning technology with fuzzing. In this paper, we implement a new fuzzer, called Speed-Neuzz, which uses neural networks to model the branch behaviours of the program based on accurate training data after mitigating the hash collision of AFL. Furthermore, SpeedNeuzz locates and mutates critical bytes in the program input with a gradient-based strategy as well as neighbor edge information. Taking the neighbor edge knowledge into account, we can further reduce the blindness of the mutation based on gradient information so that SpeedNeuzz can generate a large number of quality inputs. Experiments on several real-world programs prove that SpeedNeuzz can achieve higher edge coverage than the state-of-the-art fuzzer NEUZZ under the same time budget.

AB - Fuzzing has been a great success in discovering real-world complex programs vulnerabilities. However, fuzzing achieves this effect by blindly generating a large number of test cases, which undoubtedly contains a lot of meaningless mutation inputs. To solve the blindness, machine learning technology is applied to fuzzing in recent work. Some of the machine learning based methods focus on locating and mutating the key bytes in the input, but they do not pay attention to the characteristics in the field of fuzzing when they combine machine learning technology with fuzzing. In this paper, we implement a new fuzzer, called Speed-Neuzz, which uses neural networks to model the branch behaviours of the program based on accurate training data after mitigating the hash collision of AFL. Furthermore, SpeedNeuzz locates and mutates critical bytes in the program input with a gradient-based strategy as well as neighbor edge information. Taking the neighbor edge knowledge into account, we can further reduce the blindness of the mutation based on gradient information so that SpeedNeuzz can generate a large number of quality inputs. Experiments on several real-world programs prove that SpeedNeuzz can achieve higher edge coverage than the state-of-the-art fuzzer NEUZZ under the same time budget.

KW - Coverage-guided Fuzzing

KW - Neural Network

KW - Program Smoothing

UR - http://www.scopus.com/inward/record.url?scp=85101210630&partnerID=8YFLogxK

U2 - 10.1109/TrustCom50675.2020.00068

DO - 10.1109/TrustCom50675.2020.00068

M3 - Conference Paper

AN - SCOPUS:85101210630

SN - 9781665403931

T3 - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020

SP - 450

EP - 457

BT - Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

A2 - Wang, Guojun

A2 - Ko, Ryan

A2 - Bhuiyan, Md Zakirul Alam

A2 - Pan, Yi

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

Y2 - 29 December 2020 through 1 January 2021

ER -

Li Y, Xiao X, Zhu X, Chen X, Wen S, Zhang B. SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge. In Wang G, Ko R, Bhuiyan MZA, Pan Y, editors, Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2020. p. 450-457. (2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020). https://doi.org/10.1109/TrustCom50675.2020.00068