SpeedNeuzz: speed up neural program approximation with neighbor edge knowledge

Yi Li, Xi Xiao, Xiaogang Zhu, Xiao Chen, Sheng Wen, Bin Zhang

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Fuzzing has been a great success in discovering real-world complex programs vulnerabilities. However, fuzzing achieves this effect by blindly generating a large number of test cases, which undoubtedly contains a lot of meaningless mutation inputs. To solve the blindness, machine learning technology is applied to fuzzing in recent work. Some of the machine learning based methods focus on locating and mutating the key bytes in the input, but they do not pay attention to the characteristics in the field of fuzzing when they combine machine learning technology with fuzzing. In this paper, we implement a new fuzzer, called Speed-Neuzz, which uses neural networks to model the branch behaviours of the program based on accurate training data after mitigating the hash collision of AFL. Furthermore, SpeedNeuzz locates and mutates critical bytes in the program input with a gradient-based strategy as well as neighbor edge information. Taking the neighbor edge knowledge into account, we can further reduce the blindness of the mutation based on gradient information so that SpeedNeuzz can generate a large number of quality inputs. Experiments on several real-world programs prove that SpeedNeuzz can achieve higher edge coverage than the state-of-the-art fuzzer NEUZZ under the same time budget.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
EditorsGuojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages450-457
Number of pages8
ISBN (Electronic)9780738143804
ISBN (Print)9781665403931
DOIs
Publication statusPublished - 2020
EventIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020 - Guangzhou, China
Duration: 29 Dec 20201 Jan 2021
Conference number: 19th
http://ieee-trustcom.org/TrustCom2020/home.htm (Proceedings)

Publication series

Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) TrustCom 2020
PublisherThe Institute of Electrical and Electronics Engineers, Inc.
ISSN (Print)2324-898X
ISSN (Electronic)2324-9013

Conference

ConferenceIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2020
Abbreviated titleTrustCom 2020
CountryChina
CityGuangzhou
Period29/12/201/01/21
Internet address

Keywords

  • Coverage-guided Fuzzing
  • Neural Network
  • Program Smoothing

Cite this