Abstract
Fuzzing has been a great success in discovering real-world complex programs vulnerabilities. However, fuzzing achieves this effect by blindly generating a large number of test cases, which undoubtedly contains a lot of meaningless mutation inputs. To solve the blindness, machine learning technology is applied to fuzzing in recent work. Some of the machine learning based methods focus on locating and mutating the key bytes in the input, but they do not pay attention to the characteristics in the field of fuzzing when they combine machine learning technology with fuzzing. In this paper, we implement a new fuzzer, called Speed-Neuzz, which uses neural networks to model the branch behaviours of the program based on accurate training data after mitigating the hash collision of AFL. Furthermore, SpeedNeuzz locates and mutates critical bytes in the program input with a gradient-based strategy as well as neighbor edge information. Taking the neighbor edge knowledge into account, we can further reduce the blindness of the mutation based on gradient information so that SpeedNeuzz can generate a large number of quality inputs. Experiments on several real-world programs prove that SpeedNeuzz can achieve higher edge coverage than the state-of-the-art fuzzer NEUZZ under the same time budget.
Original language | English |
---|---|
Title of host publication | Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 |
Editors | Guojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan |
Place of Publication | Piscataway NJ USA |
Publisher | IEEE, Institute of Electrical and Electronics Engineers |
Pages | 450-457 |
Number of pages | 8 |
ISBN (Electronic) | 9780738143804 |
ISBN (Print) | 9781665403931 |
DOIs | |
Publication status | Published - 2020 |
Event | IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020 - Guangzhou, China Duration: 29 Dec 2020 → 1 Jan 2021 Conference number: 19th http://ieee-trustcom.org/TrustCom2020/home.htm (Proceedings) |
Publication series
Name | 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020 |
---|---|
Publisher | The Institute of Electrical and Electronics Engineers, Inc. |
ISSN (Print) | 2324-898X |
ISSN (Electronic) | 2324-9013 |
Conference
Conference | IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020 |
---|---|
Abbreviated title | TrustCom 2020 |
Country/Territory | China |
City | Guangzhou |
Period | 29/12/20 → 1/01/21 |
Internet address |
|
Keywords
- Coverage-guided Fuzzing
- Neural Network
- Program Smoothing