Filters








260 Hits in 5.4 sec

TOFU: Target-Oriented FUzzer [article]

Zi Wang, Ben Liblit, Thomas Reps
2020 arXiv   pre-print
Program fuzzing---providing randomly constructed inputs to a computer program---has proved to be a powerful way to uncover bugs, find security vulnerabilities, and generate test inputs that increase code  ...  We have created TOFU (for Target-Oriented FUzzer) to address the directed fuzzing problem.  ...  This approach reduces the dimensionality of the input space for each individual stage of fuzzing, and we found that fuzzing efficiency is improved by doing so.  ... 
arXiv:2004.14375v2 fatcat:bkbyycfxubdwzjchbyqjq5lp3y

A Review of Machine Learning Applications in Fuzzing [article]

Gary J Saavedra, Kathryn N Rodhouse, Daniel M Dunlavy, Philip W Kegelmeyer
2019 arXiv   pre-print
Specifically, this review discusses successful applications of ML to fuzzing, briefly explores challenges encountered, and motivates future research to address fuzzing bottlenecks.  ...  Recent research in fuzzing has focused on applications of machine learning (ML), offering useful tools to overcome challenges in the fuzzing process.  ...  ACKNOWLEDGMENTS The authors would like to thank thank Danny Loffredo for insights into the practical application of fuzzing processes and Christopher Harrison for helpful discussions on symbolic execution  ... 
arXiv:1906.11133v2 fatcat:netgtnfzfvgwxodqlcj26zlfjq

DeepGalaxy: Testing Neural Network Verifiers via Two-Dimensional Input Space Exploration [article]

Xuan Xie, Fuyuan Zhang
2022 arXiv   pre-print
Specifically, we (1) propose a line of mutation rules, including model level mutation and specification level mutation, to effectively explore the two-dimensional input space of neural network verifiers  ...  To address the first challenge, we design two levels of mutation operators to produce various test cases to explore the two-dimensional input space.  ...  Thus, the input space to the verifiers has two dimensions, which makes the input space exploration more difficult.  ... 
arXiv:2201.08087v1 fatcat:m75hwzuifzgljfmmzoxf7bu6ja

The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing [article]

Pengfei Wang and Xu Zhou and Kai Lu and Tai Yue and Yingying Liu
2022 arXiv   pre-print
Most greybox fuzzing tools are coverage-guided as code coverage is strongly correlated with bug coverage.  ...  Thus, directed greybox fuzzing (DGF) is particularly suitable for scenarios such as patch testing, bug reproduction, and specialist bug hunting.  ...  Thus, staged fuzzing can reduce the dimensionality of the input space for each stage of fuzzing and improve overall fuzzing efficiency. VI.  ... 
arXiv:2005.11907v4 fatcat:dfoejnfw4jfobj4ejghpcgksji

MTFuzz: Fuzzing with a Multi-Task Neural Network [article]

Dongdong She, Rahul Krishna, Lu Yan, Suman Jana, Baishakhi Ray
2020 arXiv   pre-print
As the input space of the target programs is high dimensional and sparse, it is prohibitively expensive to collect many diverse samples demonstrating successful and unsuccessful mutations to train the  ...  Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage.  ...  high-dimensional program input spaces.  ... 
arXiv:2005.12392v1 fatcat:46luwyy3mja5naldfaz2lkcula

Learn&Fuzz: Machine Learning for Input Fuzzing [article]

Patrice Godefroid, Hila Peleg, Rishabh Singh
2017 arXiv   pre-print
Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code.  ...  We also present a new algorithm for this learn&fuzz challenge which uses a learnt input probability distribution to intelligently guide where to fuzz inputs.  ...  Tupni [9] is another system that reverse engineers an input format from examples using a taint tracking mechanism that associate data structures with addresses in the application address space.  ... 
arXiv:1701.07232v1 fatcat:vwdm56k355hrfnmc5mkbdzgdxi

FDFuzz: Applying Feature Detection to Fuzz Deep Learning Systems

Wang Jie, Cao Kefan, Fang Chunrong, Chen Jinxin
2019 International Journal of Performability Engineering  
Under the guidance of the neuron coverage metric, the fuzzing process aims to find those examples to let the network make mistakes via mutating inputs, which are then correctly classified.  ...  It is widely acknowledged that the reliability of many safety-critical systems must be confirmed.  ...  These scales are calculated as follows: ( , , ) = ( , , ) × ( , ) (1) Where ( , , ) is a two-dimensional Gaussian kernel, and different values of represent different angles. (2) Then, we compare the pixel  ... 
doi:10.23940/ijpe.19.10.p13.26752682 fatcat:2qo5h74dr5ayrh7culuwsl7x3y

Neural Network Guided Evolutionary Fuzzing for Finding Traffic Violations of Autonomous Vehicles [article]

Ziyuan Zhong, Gail Kaiser, Baishakhi Ray
2021 arXiv   pre-print
To address these limitations, we propose a new fuzz testing technique, called AutoFuzz, which can leverage widely-used AV simulators' API grammars.  ...  Evaluation of our prototype on one state-of-the-art learning-based controller, two rule-based controllers, and one industrial-grade controller shows that AutoFuzz efficiently finds hundreds of traffic  ...  These methods have the potential to scale up to high-dimensional input search spaces.  ... 
arXiv:2109.06126v2 fatcat:gr6htwke55bjhatmp47y2vhzyi

NeuFuzz: Efficient Fuzzing with Deep Neural Network

Yunchao Wang, Zehui Wu, Qiang Wei, Qingxian Wang
2019 IEEE Access  
These techniques aim to cover as many paths as possible rather than to explore paths that are more likely to be vulnerable.  ...  We implemented a prototype of NeuFuzz based on an existing fuzzer PTfuzz and evaluated it on two different test suites: LAVA-M and nine real-world applications.  ...  Learn&Fuzz [28] uses neural networks to learn the generation model of the file input format for grammar-based fuzzing.  ... 
doi:10.1109/access.2019.2903291 fatcat:cmbyaxwohba6zm746p5xfxmdzy

A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection

Serafeim Moustakidis, Patrik Karlsson
2020 Cybersecurity  
reduction module that makes use of Siamese convolutional neural networks that finally reduces the input data dimensionality into a 1-d feature space.  ...  Many papers have explored various dimensionality reduction algorithms, however a large number of selected features is still required to detect the attacks successfully, which humans cannot intuitively  ...  Three different feature spaces of varying dimensionality were generated via PCA as follows: -A 1-d feature space using only the first extracted principal component (experiment 29) -A 2-d feature space  ... 
doi:10.1186/s42400-020-00056-4 fatcat:wpu7e5qxybc4rlqaybplljccme

PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization

Chen Chen, Han Xu, Baojiang Cui
2021 Applied Sciences  
Compared with coverage-oriented fuzzing, target-oriented fuzzing concentrates more computing resources on suspected vulnerable points to improve the testing efficiency.  ...  Coverage-oriented and target-oriented fuzzing are widely used in vulnerability detection.  ...  Fuzzing via heavy use of state information is based mainly on symbol execution.  ... 
doi:10.3390/app11031095 fatcat:q46uxbejfnhbnfp54ri66nk4su

Vulnerability Analysis of HD Photo Image Viewer Applications

Clifford C. Juan, James Bret Michael, Christopher S. Eagle
2008 2008 Second International Conference on Secure System Integration and Reliability Improvement  
The input space of the data type can be infinite, and it is impossible to try all possible inputs.  ...  two of the most popular web browser applications: Microsoft's Internet Explorer and Mozilla Firefox.  ...  fuzzing toolset // (*) 1st arg is the target directory // holding the valid HD Photo files // (*) 2nd arg is the target application // to fuzz using HD Photo  ... 
doi:10.1109/ssiri.2008.50 dblp:conf/ssiri/JuanME08 fatcat:4t7w74vyb5f4pge4txi5djoil4

Artificial Intelligence Techniques for Security Vulnerability Prevention [article]

Steve Kommrusch
2019 arXiv   pre-print
to process software and specifications to detect vulnerabilities in a system before it is deployed.  ...  In the surveyed papers, techniques are presented for using NLP to analyze requirements documents for security standard completeness, performing neural fuzz testing of software, generating exploits to detect  ...  In taint tracking, one monitors the flow of data between resources such as the file system or network.  ... 
arXiv:1912.06796v1 fatcat:rhdfn75xfnhdnkpkndcpfe66za

DeepHunter: Hunting Deep Neural Network Defects via Coverage-Guided Fuzzing [article]

Xiaofei Xie, Lei Ma, Felix Juefei-Xu, Hongxu Chen, Minhui Xue, Bo Li, Yang Liu, Jianjun Zhao, Jianxiong Yin, Simon See
2018 arXiv   pre-print
In this paper, we propose DeepHunter, an automated fuzz testing framework for hunting potential defects of general-purpose DNNs.  ...  DeepSafe [76] tried to identify safe regions in the input space using Reluplex as its core.  ...  Transformation and Mutation Traditional fuzzers such as AFL mutate the input with bitwise / bytewise flips, block replacement, crossover between input files, etc.  ... 
arXiv:1809.01266v3 fatcat:xyjpjnlvojazvhqv5u6wpod4qu

FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings [article]

M. Caner Tol, Berk Gulmezoglu, Koray Yurtseven, Berk Sunar
2021 arXiv   pre-print
Finally, we propose FastSpec which builds a classifier with the generated Spectre gadgets based on a novel high dimensional Neural Embeddings technique (BERT).  ...  In this work, we employ both fuzzing and deep learning techniques to automate the generation and detection of Spectre gadgets.  ...  The unrelated instructions are separated from each other in the three-dimensional space after the pre-training.  ... 
arXiv:2006.14147v2 fatcat:ioglqzk2xjdwrl75cvbrioowxu
« Previous Showing results 1 — 15 out of 260 results