| 题名 | Evaluating and Improving Neural Program-Smoothing-based Fuzzing |
| 作者 | |
| 通讯作者 | Yuqun Zhang |
| DOI | |
| 发表日期 | 2022
|
| 会议名称 | ACM/IEEE 44th International Conference on Software Engineering (ICSE)
|
| ISSN | 0270-5257
|
| ISBN | 978-1-6654-9589-9
|
| 会议录名称 | |
| 卷号 | 2022-May
|
| 页码 | 847-858
|
| 会议日期 | 25-27 May 2022
|
| 会议地点 | Pittsburgh, PA, USA
|
| 出版地 | 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
|
| 出版者 | |
| 摘要 | Fuzzing nowadays has been commonly modeled as an optimization problem, e.g., maximizing code coverage under a given time budget via typical search-based solutions such as evolutionary algorithms. However, such solutions are widely argued to cause inefficient computing resource usage, i.e., inefficient mutations. To address this issue, two neural program-smoothing-based fuzzers, Neuzz and MTFuzz, have been recently proposed to approximate program branching behaviors via neural network models, which input byte sequences of a seed and output vectors representing program branching behaviors. Moreover, assuming that mutating the bytes with larger gradients can better explore branching behaviors, they develop strategies to mutate such bytes for generating new seeds as test cases. Meanwhile, although they have been shown to be effective in the original papers, they were only evaluated upon a limited dataset. In addition, it is still unclear how their key technical components and whether other factors can impact fuzzing performance. To further investigate neural program-smoothingbased fuzzing, we first construct a large-scale benchmark suite with a total of 28 popular open-source projects. Then, we extensively evaluate Neuzz and MTFuzz on such benchmarks. The evaluation results suggest that their edge coverage performance can be unstable. Moreover, neither neural network models nor mutation strategies can be consistently effective, and the power of their gradient-guidance mechanisms have been compromised. Inspired by such findings, we propose a simplistic technique, PreFuzz, which improves neural program-smoothing-based fuzzers with a resource-efficient edge selection mechanism to enhance their gradient guidance and a probabilistic byte selection mechanism to further boost mutation effectiveness. Our evaluation results indicate that PreFuzz can significantly increase the edge coverage of Neuzz/MTFuzz, and also reveal multiple practical guidelines to advance future research on neural program-smoothing-based fuzzing. |
| 关键词 | |
| 学校署名 | 第一
; 通讯
|
| 语种 | 英语
|
| 相关链接 | [IEEE记录] |
| 收录类别 | |
| 资助项目 | National Natural Science Foundation of China[61902169]
|
| WOS研究方向 | Computer Science
|
| WOS类目 | Computer Science, Software Engineering
; Computer Science, Theory & Methods
|
| WOS记录号 | WOS:000832185400069
|
| EI入藏号 | 20222812334229
|
| EI主题词 | Budget Control
; Evolutionary Algorithms
; Open Source Software
|
| EI分类号 | Computer Software, Data HAndling And Applications:723
; Artificial Intelligence:723.4
|
| 来源库 | Web of Science
|
| 全文链接 | https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9794082 |
| 引用统计 |
被引频次[WOS]:14
|
| 成果类型 | 会议论文 |
| 条目标识符 | http://sustech.caswiz.com/handle/2SGJ60CL/347981 |
| 专题 | 南方科技大学 |
| 作者单位 | 1.Southern University of Science and Technology,Shenzhen,China 2.The University of Queensland,Brisbane,Australia 3.Tencent Security Keen Lab,Shanghai,China 4.The University of Hong Kong,Hong Kong,China 5.University of Illinois,Urbana-Champaign,USA |
| 第一作者单位 | 南方科技大学 |
| 通讯作者单位 | 南方科技大学 |
| 第一作者的第一单位 | 南方科技大学 |
| 推荐引用方式 GB/T 7714 |
Mingyuan Wu,Ling Jiang,Jiahong Xiang,et al. Evaluating and Improving Neural Program-Smoothing-based Fuzzing[C]. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA:IEEE COMPUTER SOC,2022:847-858.
|
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
;
修改评论