SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing
- URL: http://arxiv.org/abs/2211.03285v1
- Date: Mon, 7 Nov 2022 03:39:00 GMT
- Title: SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing
- Authors: Yuki Koike, Hiroyuki Katsura, Hiromu Yakura, Yuma Kurogome
- Abstract summary: Mutation-based fuzzing has become one of the most common vulnerability discovery solutions over the last decade.
We propose an optimization framework called SLOPT that encompasses both a bandit-friendly mutation scheme and mutation-scheme-friendly bandit algorithms.
- Score: 17.491858164568672
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Mutation-based fuzzing has become one of the most common vulnerability
discovery solutions over the last decade. Fuzzing can be optimized when
targeting specific programs, and given that, some studies have employed online
optimization methods to do it automatically, i.e., tuning fuzzers for any given
program in a program-agnostic manner. However, previous studies have neither
fully explored mutation schemes suitable for online optimization methods, nor
online optimization methods suitable for mutation schemes. In this study, we
propose an optimization framework called SLOPT that encompasses both a
bandit-friendly mutation scheme and mutation-scheme-friendly bandit algorithms.
The advantage of SLOPT is that it can generally be incorporated into existing
fuzzers, such as AFL and Honggfuzz. As a proof of concept, we implemented
SLOPT-AFL++ by integrating SLOPT into AFL++ and showed that the
program-agnostic optimization delivered by SLOPT enabled SLOPT-AFL++ to achieve
higher code coverage than AFL++ in all of ten real-world FuzzBench programs.
Moreover, we ran SLOPT-AFL++ against several real-world programs from OSS-Fuzz
and successfully identified three previously unknown vulnerabilities, even
though these programs have been fuzzed by AFL++ for a considerable number of
CPU days on OSS-Fuzz.
Related papers
- FuzzCoder: Byte-level Fuzzing Test via Large Language Model [46.18191648883695]
We propose to adopt fine-tuned large language models (FuzzCoder) to learn patterns in the input files from successful attacks.
FuzzCoder can predict mutation locations and strategies locations in input files to trigger abnormal behaviors of the program.
arXiv Detail & Related papers (2024-09-03T14:40:31Z) - FOX: Coverage-guided Fuzzing as Online Stochastic Control [13.3158115776899]
Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs executing them against the target program.
This paper addresses the limitations of existing coverage-guided fuzzers, focusing on the scheduler and mutator components.
We present FOX, a proof-of-concept implementation of our control-theoretic approach, and compare it to industry-standard fuzzers.
arXiv Detail & Related papers (2024-06-06T21:21:05Z) - Guided Evolution with Binary Discriminators for ML Program Search [64.44893463120584]
We propose guiding evolution with a binary discriminator, trained online to distinguish which program is better given a pair of programs.
We demonstrate our method can speed up evolution across a set of diverse problems including a 3.7x speedup on the symbolic search for MLs and a 4x speedup for RL loss functions.
arXiv Detail & Related papers (2024-02-08T16:59:24Z) - Make out like a (Multi-Armed) Bandit: Improving the Odds of Fuzzer Seed Scheduling with T-Scheduler [8.447499888458633]
Fuzzing is a highly-scalable software testing technique that uncovers bugs in a target program by executing it with mutated inputs.
We propose T-Scheduler, a seed scheduler built on multi-armed bandit theory.
We evaluate T-Scheduler over 35 CPU-yr of fuzzing, comparing it to 11 state-of-the-art schedulers.
arXiv Detail & Related papers (2023-12-07T23:27:55Z) - Fuzzing for CPS Mutation Testing [3.512722797771289]
We propose a mutation testing approach that leverages fuzz testing, which has proved effective with C and C++ software.
Our empirical evaluation shows that mutation testing based on fuzz testing kills a significantly higher proportion of live mutants than symbolic execution.
arXiv Detail & Related papers (2023-08-15T16:35:31Z) - Universal Online Learning with Gradient Variations: A Multi-layer Online Ensemble Approach [57.92727189589498]
We propose an online convex optimization approach with two different levels of adaptivity.
We obtain $mathcalO(log V_T)$, $mathcalO(d log V_T)$ and $hatmathcalO(sqrtV_T)$ regret bounds for strongly convex, exp-concave and convex loss functions.
arXiv Detail & Related papers (2023-07-17T09:55:35Z) - An Empirical Evaluation of Zeroth-Order Optimization Methods on
AI-driven Molecule Optimization [78.36413169647408]
We study the effectiveness of various ZO optimization methods for optimizing molecular objectives.
We show the advantages of ZO sign-based gradient descent (ZO-signGD)
We demonstrate the potential effectiveness of ZO optimization methods on widely used benchmark tasks from the Guacamol suite.
arXiv Detail & Related papers (2022-10-27T01:58:10Z) - State Selection Algorithms and Their Impact on The Performance of
Stateful Network Protocol Fuzzing [10.96645260573865]
Stateful fuzzers use state models to partition the state space and assist the test generation process.
We evaluate an extensive set of state selection algorithms on the same fuzzing platform that is AFLNet.
arXiv Detail & Related papers (2021-12-24T21:33:06Z) - Bayesian Algorithm Execution: Estimating Computable Properties of
Black-box Functions Using Mutual Information [78.78486761923855]
In many real world problems, we want to infer some property of an expensive black-box function f, given a budget of T function evaluations.
We present a procedure, InfoBAX, that sequentially chooses queries that maximize mutual information with respect to the algorithm's output.
On these problems, InfoBAX uses up to 500 times fewer queries to f than required by the original algorithm.
arXiv Detail & Related papers (2021-04-19T17:22:11Z) - AdaLead: A simple and robust adaptive greedy search algorithm for
sequence design [55.41644538483948]
We develop an easy-to-directed, scalable, and robust evolutionary greedy algorithm (AdaLead)
AdaLead is a remarkably strong benchmark that out-competes more complex state of the art approaches in a variety of biologically motivated sequence design challenges.
arXiv Detail & Related papers (2020-10-05T16:40:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.