Chinese Journal of Network and Information Security ›› 2023, Vol. 9 ›› Issue (2): 132-142.doi: 10.11959/j.issn.2096-109x.2023027
• Papers • Previous Articles Next Articles
Tian XIAO1, Zhihao JIANG1,2, Peng TANG1, Zheng HUANG1, Jie GUO1, Weidong QIU1
Revised:
2023-03-02
Online:
2023-04-25
Published:
2023-04-01
Supported by:
CLC Number:
Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning[J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142.
"
CVE | AFL | AFLGO | 本文方案 | P值 |
CVE-2016-4487 | 830(2.36) | 512(1.46) | 351 | 0.0215 6 |
CVE-2016-4488 | 1671(3.47) | 901(1.87) | 482 | 0.0180 4 |
CVE-2016-4489 | 1328(3.49) | 667(1.76) | 380 | 0.0190 6 |
CVE-2016-4491 | 31760(2.99) | 27983(2.63) | 10633 | 0.0002 8 |
CVE-2016-4492 | 948(2.46) | 640(1.66) | 385 | 0.0280 4 |
CVE-2016-6131 | 33 895(3.45) | 21280(2.17) | 9821 | 0.0009 8 |
CVE-2011-2501 | 2 162(4.55) | 672(1.41) | 475 | 0.0270 4 |
CVE-2011-3328 | 12 736(6.77) | 3165(1.68) | 1880 | 0.012 |
[1] | Cybersecurity & Infrastructure Security Agency. known exploited vulnerabilities catalog[R]. 2023. |
[2] | REDSCAN. 2021 has officially been a record-breaking year for vulnerabilities[R]. 2021. |
[3] | 张雄, 李舟军 . 模糊测试技术研究综述[J]. 计算机科学, 2016,43(5): 1-8,26. |
ZHANG X , LI Z J . Survey of fuzz testing technology[J]. Computer Science, 2016,43(5): 1-8,26. | |
[4] | 邹燕燕, 邹维, 尹嘉伟 ,等. 变异策略感知的并行模糊测试研究[J]. 信息安全学报, 2020,5(5): 1-16. |
ZOU Y Y , ZOU W , YIN J W ,et al. Research on mutator strategy-aware parallel fuzzing[J]. Journal of Cyber Security, 2020,5(5): 1-16. | |
[5] | FIORALDI A , MAIER D , EI?FELDT H ,et al. AFL++ combining incremental steps of fuzzing research[C]// Proceedings of the 14th USENIX Conference on Offensive Technologies. 2020:10. |
[6] | GAN S T , ZHANG C , QIN X J ,et al. CollAFL:path sensitive fuzzing[C]// Proceedings of 2018 IEEE Symposium on Security and Privacy (SP). 2018: 679-696. |
[7] | YOU W , ZONG P Y , CHEN K ,et al. SemFuzz:semantics-based automatic generation of proof-of-concept exploits[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 2139-2154. |
[8] | ARULKUMARAN K , DEISENROTH M P , BRUNDAGE M ,et al. Deep reinforcement learning:a brief survey[J]. IEEE Signal Processing Magazine, 2017,34(6): 26-38. |
[9] | BOEHME M , CADAR C , ROYCHOUDHURY A . Fuzzing:challenges and reflections[J]. IEEE Software, 2020,38(3): 79-86. |
[10] | HERRERA A , GUNADI H , HAYES L ,et al. Corpus distillation for effective fuzzing:a comparative evaluation[J]. arXiv preprint arXiv:1905.13055, 2019. |
[11] | DONG H , DING Z H , ZHANG S H . Deep reinforcement learning:fundamentals,research and applications[M]. Singapore: Springer Singapore, 2020. |
[12] | B?HME M , PHAM V T , NGUYEN M D ,et al. Directed greybox fuzzing[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 2329-2344. |
[13] | MARINESCU P D , CADAR C . KATCH:high-coverage testing of software patches[C]// Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering. 2013: 235-245. |
[14] | JIN W , ORSO A . BugRedux:reproducing field failures for in-house debugging[C]// Proceedings of 2012 34th International Conference on Software Engineering (ICSE). 2012: 474-484. |
[15] | CHEN H X , XUE Y X , LI Y K ,et al. Hawkeye:towards a desired directed grey-box fuzzer[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 2095-2108. |
[16] | ZONG P Y , LYU T , WANG D W ,et al. FuzzGuard:filtering out unreachable inputs in directed grey-box fuzzing through deep learning[C]// Proceedings of the 29th USENIX Conference on Security Symposium. 2020: 2255-2269. |
[17] | ZHU X , LIU S , LI X ,et al. DeFuzz:deep learning guided directed fuzzing[J]. arXiv Preprint arXiv:2010.12149, 2020. |
[18] | SUTTON R S , BARTO A G . Reinforcement learning:an introduction[M]. Cambridge,Mass: MIT Press, 1998. |
[19] | CHAUHAN N , CHOUDHARY N , GEORGE K . A comparison of reinforcement learning based approaches to appliance scheduling[C]// Proceedings of 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I). 2017: 253-258. |
[20] | ZHAO T T , KONG L , HAN Y J ,et al. Review of model-based reinforcement learning[J]. Journal of Frontiers of Computer Science and Technology, 2020,14(6): 918-927. |
[21] | MNIH V , KAVUKCUOGLU K , SILVER D ,et al. Playing atari with deep reinforcement learning.[C]// Proceedings of Workshops at the 26th Neural Information Processing Systems 2013. 2013: 201-220. |
[22] | MNIH V , KAVUKCUOGLU K , SILVER D ,et al. Human-level control through deep reinforcement learning[J]. Nature, 2015,518(7540): 529-533. |
[23] | SILVER D , HUANG A , MADDISON C J ,et al. Mastering the game of Go with deep neural networks and tree search[J]. Nature, 2016,529(7587): 484-489. |
[24] | KR?SE B J A . Learning from delayed rewards[J]. Robotics and Autonomous Systems, 1995,15(4): 233-235. |
[25] | LIN L J . Reinforcement learning for robots using neural networks[D]. Pittsburgh,Carnegie Mellon University, 1992. |
[26] | LATTNER C , ADVE V . LLVM:a compilation framework for lifelong program analysis & transformation[C]// Proceedings of International Symposium on Code Generation and Optimization. 2004: 75-86. |
[27] | PESCH R H , OSIER J M . The GNU binary utilities[J]. Free Software Foundation, 1993. |
[28] | DOLAN-GAVITT B , HULIN P , KIRDA E ,et al. LAVA:large-scale automated vulnerability addition[C]// Proceedings of 2016 IEEE Symposium on Security and Privacy (SP). 2016: 110-121. |
[29] | METZMAN J , SZEKERES L , SIMON L ,et al. Fuzzbench:an open fuzzer benchmarking platform and service[C]// Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2021: 1393-1403. |
[1] | Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27. |
[2] | Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37. |
[3] | Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59. |
[4] | Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89. |
[5] | Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101. |
[6] | Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122. |
[7] | Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134. |
[8] | Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149. |
[9] | Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32. |
[10] | Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93. |
[11] | Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131. |
[12] | Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153. |
[13] | Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163. |
[14] | Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183. |
[15] | Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|