Better Pay Attention Whilst Fuzzing

12/14/2021
by   Shunkai Zhu, et al.
0

Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to focus the attention of fuzzing on covering the hard-to-trigger program paths. In other words, they cannot generate inputs that can break the bottleneck due to the fundamental difficulty in capturing the complex relations between the test inputs and program coverage. In particular, existing fuzzers suffer from the following main limitations: 1) lacking an overall analysis of the program to identify the most "rewarding" seeds, and 2) lacking an effective mutation strategy which could continuously select and mutates the more relevant "bytes" of the seeds. In this work, we propose an approach called ATTuzz to address these two issues systematically. First, we propose a lightweight dynamic analysis technique which estimates the "reward" of covering each basic block and selects the most rewarding seeds accordingly. Second, we mutate the selected seeds according to a neural network model which predicts whether a certain "rewarding" block will be covered given certain mutation on certain bytes of a seed. The model is a deep learning model equipped with attention mechanism which is learned and updated periodically whilst fuzzing. Our evaluation shows that ATTuzz significantly outperforms 5 state-of-the-art grey-box fuzzers on 13 popular real-world programs at achieving higher edge coverage and finding new bugs. In particular, ATTuzz achieved 2X edge coverage and 4X bugs detected than AFL over 24-hour runs. Moreover, ATTuzz persistently improves the edge coverage in the long run, i.e., achieving 50

READ FULL TEXT

page 10

page 14

research
09/20/2017

FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage

In recent years, fuzz testing has proven itself to be one of the most ef...
research
07/15/2018

NEUZZ: Efficient Fuzzing with Neural Program Learning

Fuzzing has become the de facto standard technique for finding software ...
research
03/04/2018

Angora: Efficient Fuzzing by Principled Search

Fuzzing is a popular technique for finding software bugs. However, the p...
research
05/25/2020

MTFuzz: Fuzzing with a Multi-Task Neural Network

Fuzzing is a widely used technique for detecting software bugs and vulne...
research
07/05/2023

Fuzzing with Quantitative and Adaptive Hot-Bytes Identification

Fuzzing has emerged as a powerful technique for finding security bugs in...
research
10/21/2022

DARWIN: Survival of the Fittest Fuzzing Mutators

Fuzzing is an automated software testing technique broadly adopted by th...
research
08/24/2018

Adaptive Grey-Box Fuzz-Testing with Thompson Sampling

Fuzz testing, or "fuzzing," refers to a widely deployed class of techniq...

Please sign up or login with your details

Forgot password? Click here to reset