TY - GEN
T1 - Optimized Mutation of Grey-box Fuzzing
T2 - 12th IEEE Data Driven Control and Learning Systems Conference, DDCLS 2023
AU - Shao, Jiawei
AU - Zhou, Yan
AU - Liu, Guohua
AU - Zheng, Dezhi
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - As a vulnerability discovery technique, fuzzing has been widely used in the field of software test in the past years. Traditional fuzzing has several drawbacks, including poor efficiency, low code coverage, and a high dependence on expert experience. By introducing the deep reinforcement learning technique, one can train the mutator of the fuzzer to move in a desired direction, such as maximizing code coverage or finding more code paths. This paper proposes a reinforcement learning-based fuzzing method to enhance the code coverage and explore potential code vulnerabilities. First, the concept of the input field is introduced to the seed file, reducing invalid operations by marking whether each byte of the seed file is a valid byte. Then, we optimize mutation by modeling the grey-box fuzzing as a reinforcement learning problem and training mutator's behavior on test cases. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs. Finally, experimental results show that the proposed deep reinforcement learning-based fuzzing method outperforms the baseline random fuzzing algorithms.
AB - As a vulnerability discovery technique, fuzzing has been widely used in the field of software test in the past years. Traditional fuzzing has several drawbacks, including poor efficiency, low code coverage, and a high dependence on expert experience. By introducing the deep reinforcement learning technique, one can train the mutator of the fuzzer to move in a desired direction, such as maximizing code coverage or finding more code paths. This paper proposes a reinforcement learning-based fuzzing method to enhance the code coverage and explore potential code vulnerabilities. First, the concept of the input field is introduced to the seed file, reducing invalid operations by marking whether each byte of the seed file is a valid byte. Then, we optimize mutation by modeling the grey-box fuzzing as a reinforcement learning problem and training mutator's behavior on test cases. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs. Finally, experimental results show that the proposed deep reinforcement learning-based fuzzing method outperforms the baseline random fuzzing algorithms.
KW - Fuzzing
KW - Reinforcement Learning
KW - Seed Mutation
KW - Software Testing
UR - http://www.scopus.com/inward/record.url?scp=85165962610&partnerID=8YFLogxK
U2 - 10.1109/DDCLS58216.2023.10166955
DO - 10.1109/DDCLS58216.2023.10166955
M3 - Conference contribution
AN - SCOPUS:85165962610
T3 - Proceedings of 2023 IEEE 12th Data Driven Control and Learning Systems Conference, DDCLS 2023
SP - 1296
EP - 1300
BT - Proceedings of 2023 IEEE 12th Data Driven Control and Learning Systems Conference, DDCLS 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 12 May 2023 through 14 May 2023
ER -