State Selection Algorithms and Their Impact on The Performance of
Stateful Network Protocol Fuzzing
- URL: http://arxiv.org/abs/2112.15498v1
- Date: Fri, 24 Dec 2021 21:33:06 GMT
- Title: State Selection Algorithms and Their Impact on The Performance of
Stateful Network Protocol Fuzzing
- Authors: Dongge Liu, Van-Thuan Pham, Gidon Ernst, Toby Murray, and Benjamin
I.P. Rubinstein
- Abstract summary: Stateful fuzzers use state models to partition the state space and assist the test generation process.
We evaluate an extensive set of state selection algorithms on the same fuzzing platform that is AFLNet.
- Score: 10.96645260573865
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The statefulness property of network protocol implementations poses a unique
challenge for testing and verification techniques, including Fuzzing. Stateful
fuzzers tackle this challenge by leveraging state models to partition the state
space and assist the test generation process. Since not all states are equally
important and fuzzing campaigns have time limits, fuzzers need effective state
selection algorithms to prioritize progressive states over others. Several
state selection algorithms have been proposed but they were implemented and
evaluated separately on different platforms, making it hard to achieve
conclusive findings. In this work, we evaluate an extensive set of state
selection algorithms on the same fuzzing platform that is AFLNet, a
state-of-the-art fuzzer for network servers. The algorithm set includes
existing ones supported by AFLNet and our novel and principled algorithm called
AFLNetLegion. The experimental results on the ProFuzzBench benchmark show that
(i) the existing state selection algorithms of AFLNet achieve very similar code
coverage, (ii) AFLNetLegion clearly outperforms these algorithms in selected
case studies, but (iii) the overall improvement appears insignificant. These
are unexpected yet interesting findings. We identify problems and share
insights that could open opportunities for future research on this topic.
Related papers
- OGBench: Benchmarking Offline Goal-Conditioned RL [72.00291801676684]
offline goal-conditioned reinforcement learning (GCRL) is a major problem in reinforcement learning.
We propose OGBench, a new, high-quality benchmark for algorithms research in offline goal-conditioned RL.
arXiv Detail & Related papers (2024-10-26T06:06:08Z) - Stateful protocol fuzzing with statemap-based reverse state selection [3.7687375904925484]
Stateful Coverage-Based Greybox Fuzzing (SCGF) is considered the state-of-the-art method for network protocol greybox fuzzing.
This paper proposes a statemap-based reverse state selection method for SCGF.
arXiv Detail & Related papers (2024-08-13T12:11:41Z) - Faster Optimal Coalition Structure Generation via Offline Coalition Selection and Graph-Based Search [61.08720171136229]
We present a novel algorithm, SMART, for the problem based on a hybridization of three innovative techniques.
Two of these techniques are based on dynamic programming, where we show a powerful connection between the coalitions selected for evaluation and the performance of the algorithms.
Our techniques bring a new way of approaching the problem and a new level of precision to the field.
arXiv Detail & Related papers (2024-07-22T23:24:03Z) - Efficient Weighting Schemes for Auditing Instant-Runoff Voting Elections [57.67176250198289]
AWAIRE involves adaptively weighted averages of test statistics, essentially "learning" an effective set of hypotheses to test.
We explore schemes and settings more extensively, to identify and recommend efficient choices for practice.
A limitation of the current AWAIRE implementation is its restriction to a small number of candidates.
arXiv Detail & Related papers (2024-02-18T10:13:01Z) - Fuzzing with Quantitative and Adaptive Hot-Bytes Identification [6.442499249981947]
American fuzzy lop, a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of reported CVEs.
We propose an approach called toolwhich is designed based on the following principles.
Our evaluation results on 10 real-world programs and LAVA-M dataset show that toolachieves sustained increases in branch coverage and discovers more bugs than other fuzzers.
arXiv Detail & Related papers (2023-07-05T13:41:35Z) - Improving and Benchmarking Offline Reinforcement Learning Algorithms [87.67996706673674]
This work aims to bridge the gaps caused by low-level choices and datasets.
We empirically investigate 20 implementation choices using three representative algorithms.
We find two variants CRR+ and CQL+ achieving new state-of-the-art on D4RL.
arXiv Detail & Related papers (2023-06-01T17:58:46Z) - SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing [17.491858164568672]
Mutation-based fuzzing has become one of the most common vulnerability discovery solutions over the last decade.
We propose an optimization framework called SLOPT that encompasses both a bandit-friendly mutation scheme and mutation-scheme-friendly bandit algorithms.
arXiv Detail & Related papers (2022-11-07T03:39:00Z) - HARRIS: Hybrid Ranking and Regression Forests for Algorithm Selection [75.84584400866254]
We propose a new algorithm selector leveraging special forests, combining the strengths of both approaches while alleviating their weaknesses.
HARRIS' decisions are based on a forest model, whose trees are created based on optimized on a hybrid ranking and regression loss function.
arXiv Detail & Related papers (2022-10-31T14:06:11Z) - Machine Learning for Online Algorithm Selection under Censored Feedback [71.6879432974126]
In online algorithm selection (OAS), instances of an algorithmic problem class are presented to an agent one after another, and the agent has to quickly select a presumably best algorithm from a fixed set of candidate algorithms.
For decision problems such as satisfiability (SAT), quality typically refers to the algorithm's runtime.
In this work, we revisit multi-armed bandit algorithms for OAS and discuss their capability of dealing with the problem.
We adapt them towards runtime-oriented losses, allowing for partially censored data while keeping a space- and time-complexity independent of the time horizon.
arXiv Detail & Related papers (2021-09-13T18:10:52Z) - Algorithm Selection Framework for Cyber Attack Detection [2.320417845168326]
algorithm selection framework is employed on the NSL-KDD data set.
Performance is compared between a rule-of-thumb strategy and a meta-learning strategy.
The framework recommends five algorithms from the taxonomy.
arXiv Detail & Related papers (2020-05-28T18:49:29Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.