WGAN-AFL: Seed Generation Augmented Fuzzer with Wasserstein-GAN

• URL: http://arxiv.org/abs/2401.16947v1
• Date: Tue, 30 Jan 2024 12:20:21 GMT
• Title: WGAN-AFL: Seed Generation Augmented Fuzzer with Wasserstein-GAN
• Authors: Liqun Yang, Chunan Li, Yongxin Qiu, Chaoren Wei, Jian Yang, Hongcheng Guo, Jinxin Ma, Zhoujun Li,
• Abstract summary: WGAN-AFL is agenerative adversarial network (GAN) that learns features and generates high-quality initial input seeds. We show that WGAN-AFL significantly outperforms the original AFL in terms of code coverage, new paths, and vulnerability discovery.
• Score: 25.908940995229248
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The importance of addressing security vulnerabilities is indisputable, with software becoming crucial in sectors such as national defense and finance. Consequently, The security issues caused by software vulnerabilities cannot be ignored. Fuzz testing is an automated software testing technology that can detect vulnerabilities in the software. However, most previous fuzzers encounter challenges that fuzzing performance is sensitive to initial input seeds. In the absence of high-quality initial input seeds, fuzzers may expend significant resources on program path exploration, leading to a substantial decrease in the efficiency of vulnerability detection. To address this issue, we propose WGAN-AFL. By collecting high-quality testcases, we train a generative adversarial network (GAN) to learn their features, thereby obtaining high-quality initial input seeds. To overcome drawbacks like mode collapse and training instability inherent in GANs, we utilize the Wasserstein GAN (WGAN) architecture for training, further enhancing the quality of the generated seeds. Experimental results demonstrate that WGAN-AFL significantly outperforms the original AFL in terms of code coverage, new paths, and vulnerability discovery, demonstrating the effective enhancement of seed quality by WGAN-AFL.

Related papers

• Fixing Security Vulnerabilities with AI in OSS-Fuzz [9.730566646484304]
  OSS-Fuzz is the most significant and widely used infrastructure for continuous validation of open source systems. We customise the well-known AutoCodeRover agent for fixing security vulnerabilities. Our experience with OSS-Fuzz vulnerability data shows that LLM agent autonomy is useful for successful security patching.
  arXiv  Detail & Related papers  (2024-11-03T16:20:32Z)
• ISC4DGF: Enhancing Directed Grey-box Fuzzing with LLM-Driven Initial Seed Corpus Generation [32.6118621456906]
  directed grey-box fuzzing (DGF) has become essential, focusing on specific vulnerabilities. ISC4DGF generates optimized initial seed corpus for DGF using Large Language Models (LLMs) ISC4DGF achieved a 35.63x speedup and 616.10x fewer target reaches.
  arXiv  Detail & Related papers  (2024-09-22T06:27:28Z)
• FuzzEval: Assessing Fuzzers on Generating Context-Sensitive Inputs [0.0]
  This paper presents a comprehensive evaluation of fuzzers' ability to generate context-sensitive inputs for testing a cryptographic standard. Our study reveals nuanced performance differences among the fuzzers in terms of the validity and diversity of the produced inputs.
  arXiv  Detail & Related papers  (2024-09-18T21:55:53Z)
• The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach [56.4040698609393]
  Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies. We propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings.
  arXiv  Detail & Related papers  (2024-09-10T10:12:37Z)
• $\mathbb{USCD}$: Improving Code Generation of LLMs by Uncertainty-Aware Selective Contrastive Decoding [64.00025564372095]
  Large language models (LLMs) have shown remarkable capabilities in code generation. The effects of hallucinations (e.g., output noise) make it challenging for LLMs to generate high-quality code in one pass. We propose a simple and effective textbfuncertainty-aware textbfselective textbfcontrastive textbfdecoding.
  arXiv  Detail & Related papers  (2024-09-09T02:07:41Z)
• FuzzTheREST: An Intelligent Automated Black-box RESTful API Fuzzer [0.0]
  This work introduces a black-box API of fuzzy testing tool that employs Reinforcement Learning (RL) for vulnerability detection. The tool found a total of six unique vulnerabilities and achieved 55% code coverage.
  arXiv  Detail & Related papers  (2024-07-19T14:43:35Z)
• Dual Associated Encoder for Face Restoration [68.49568459672076]
  We propose a novel dual-branch framework named DAEFR to restore facial details from low-quality (LQ) images. Our method introduces an auxiliary LQ branch that extracts crucial information from the LQ inputs. We evaluate the effectiveness of DAEFR on both synthetic and real-world datasets.
  arXiv  Detail & Related papers  (2023-08-14T17:58:33Z)
• Anomaly Detection Based on Selection and Weighting in Latent Space [73.01328671569759]
  We propose a novel selection-and-weighting-based anomaly detection framework called SWAD. Experiments on both benchmark and real-world datasets have shown the effectiveness and superiority of SWAD.
  arXiv  Detail & Related papers  (2021-03-08T10:56:38Z)
• DeFuzz: Deep Learning Guided Directed Fuzzing [41.61500799890691]
  We propose a deep learning (DL) guided directed fuzzing for software vulnerability detection, named DeFuzz. DeFuzz includes two main schemes: (1) we employ a pre-trained DL prediction model to identify the potentially vulnerable functions and the locations (i.e., vulnerable addresses) Precisely, we employ Bidirectional-LSTM (BiLSTM) to identify attention words, and the vulnerabilities are associated with these attention words in functions.
  arXiv  Detail & Related papers  (2020-10-23T03:44:03Z)
• Robust Deep Reinforcement Learning through Adversarial Loss [74.20501663956604]
  Recent studies have shown that deep reinforcement learning agents are vulnerable to small adversarial perturbations on the agent's inputs. We propose RADIAL-RL, a principled framework to train reinforcement learning agents with improved robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2020-08-05T07:49:42Z)
• ScoreGAN: A Fraud Review Detector based on Multi Task Learning of Regulated GAN with Data Augmentation [50.779498955162644]
  We propose ScoreGAN for fraud review detection that makes use of both review text and review rating scores in the generation and detection process. Results show that the proposed framework outperformed the existing state-of-the-art framework, namely FakeGAN, in terms of AP by 7%, and 5% on the Yelp and TripAdvisor datasets.
  arXiv  Detail & Related papers  (2020-06-11T16:15:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.