基于深度强化学习的高性能导向性模糊测试方案

doi:10.11959/j.issn.2096-109x.2023027

Abstract

Abstract:

With the continuous growth and advancement of the Internet and information technology, continuous growth and advancement of the Internet and information technology.Nevertheless, these applications’ vulnerabilities pose a severe threat to information security and users’ privacy.Fuzzing was widely used as one of the main tools for automatic vulnerability detection due to its ease of vulnerability recurrence and low false positive errors.It generates test cases randomly and executes the application by optimization in terms of coverage or sample generation to detect deeper program paths.However, the mutation operation in fuzzing is blind and tends to make the generated test cases execute the same program path.Consequently, traditional fuzzing tests have problems such as low efficiency, high randomness of inputs generation and limited pertinence of the program structure.To address these problems, a directional fuzzing based on deep reinforcement learning was proposed, which used deep reinforcement learning networks with information obtained by staking program to guide the selection of the inputs.Besides, it enabled fast approximation and inspection of the program paths that may exist vulnerabilities.The experimental results showed that the proposed approach had better performance than the popular fuzzing tools such as AFL and AFLGO in terms of vulnerability detection and recurrence on the LAVA-M dataset and real applications like LibPNG and Binutils.Therefore, the approach can provide support for further vulnerability mining and security research.

Key words: vulnerability mining, fuzzing test, deep reinforcement learning, program path

CLC Number:

TP393

Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning[J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142.

Figures/Tables 7

References 29

[1]	Cybersecurity ＆ Infrastructure Security Agency. known exploited vulnerabilities catalog[R]. 2023.
[2]	REDSCAN. 2021 has officially been a record-breaking year for vulnerabilities[R]. 2021.
[3]	张雄, 李舟军 . 模糊测试技术研究综述[J]. 计算机科学, 2016,43(5): 1-8,26.
	ZHANG X , LI Z J . Survey of fuzz testing technology[J]. Computer Science, 2016,43(5): 1-8,26.
[4]	邹燕燕, 邹维, 尹嘉伟 ,等. 变异策略感知的并行模糊测试研究[J]. 信息安全学报, 2020,5(5): 1-16.
	ZOU Y Y , ZOU W , YIN J W ,et al. Research on mutator strategy-aware parallel fuzzing[J]. Journal of Cyber Security, 2020,5(5): 1-16.
[5]	FIORALDI A , MAIER D , EI?FELDT H ,et al. AFL++ combining incremental steps of fuzzing research[C]// Proceedings of the 14th USENIX Conference on Offensive Technologies. 2020:10.
[6]	GAN S T , ZHANG C , QIN X J ,et al. CollAFL:path sensitive fuzzing[C]// Proceedings of 2018 IEEE Symposium on Security and Privacy (SP). 2018: 679-696.
[7]	YOU W , ZONG P Y , CHEN K ,et al. SemFuzz:semantics-based automatic generation of proof-of-concept exploits[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 2139-2154.
[8]	ARULKUMARAN K , DEISENROTH M P , BRUNDAGE M ,et al. Deep reinforcement learning:a brief survey[J]. IEEE Signal Processing Magazine, 2017,34(6): 26-38.
[9]	BOEHME M , CADAR C , ROYCHOUDHURY A . Fuzzing:challenges and reflections[J]. IEEE Software, 2020,38(3): 79-86.
[10]	HERRERA A , GUNADI H , HAYES L ,et al. Corpus distillation for effective fuzzing:a comparative evaluation[J]. arXiv preprint arXiv:1905.13055, 2019.
[11]	DONG H , DING Z H , ZHANG S H . Deep reinforcement learning:fundamentals,research and applications[M]. Singapore: Springer Singapore, 2020.
[12]	B?HME M , PHAM V T , NGUYEN M D ,et al. Directed greybox fuzzing[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 2329-2344.
[13]	MARINESCU P D , CADAR C . KATCH:high-coverage testing of software patches[C]// Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering. 2013: 235-245.
[14]	JIN W , ORSO A . BugRedux:reproducing field failures for in-house debugging[C]// Proceedings of 2012 34th International Conference on Software Engineering (ICSE). 2012: 474-484.
[15]	CHEN H X , XUE Y X , LI Y K ,et al. Hawkeye:towards a desired directed grey-box fuzzer[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 2095-2108.
[16]	ZONG P Y , LYU T , WANG D W ,et al. FuzzGuard:filtering out unreachable inputs in directed grey-box fuzzing through deep learning[C]// Proceedings of the 29th USENIX Conference on Security Symposium. 2020: 2255-2269.
[17]	ZHU X , LIU S , LI X ,et al. DeFuzz:deep learning guided directed fuzzing[J]. arXiv Preprint arXiv:2010.12149, 2020.
[18]	SUTTON R S , BARTO A G . Reinforcement learning:an introduction[M]. Cambridge,Mass: MIT Press, 1998.
[19]	CHAUHAN N , CHOUDHARY N , GEORGE K . A comparison of reinforcement learning based approaches to appliance scheduling[C]// Proceedings of 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I). 2017: 253-258.
[20]	ZHAO T T , KONG L , HAN Y J ,et al. Review of model-based reinforcement learning[J]. Journal of Frontiers of Computer Science and Technology, 2020,14(6): 918-927.
[21]	MNIH V , KAVUKCUOGLU K , SILVER D ,et al. Playing atari with deep reinforcement learning.[C]// Proceedings of Workshops at the 26th Neural Information Processing Systems 2013. 2013: 201-220.
[22]	MNIH V , KAVUKCUOGLU K , SILVER D ,et al. Human-level control through deep reinforcement learning[J]. Nature, 2015,518(7540): 529-533.
[23]	SILVER D , HUANG A , MADDISON C J ,et al. Mastering the game of Go with deep neural networks and tree search[J]. Nature, 2016,529(7587): 484-489.
[24]	KR?SE B J A . Learning from delayed rewards[J]. Robotics and Autonomous Systems, 1995,15(4): 233-235.
[25]	LIN L J . Reinforcement learning for robots using neural networks[D]. Pittsburgh,Carnegie Mellon University, 1992.
[26]	LATTNER C , ADVE V . LLVM:a compilation framework for lifelong program analysis ＆ transformation[C]// Proceedings of International Symposium on Code Generation and Optimization. 2004: 75-86.
[27]	PESCH R H , OSIER J M . The GNU binary utilities[J]. Free Software Foundation, 1993.
[28]	DOLAN-GAVITT B , HULIN P , KIRDA E ,et al. LAVA:large-scale automated vulnerability addition[C]// Proceedings of 2016 IEEE Symposium on Security and Privacy (SP). 2016: 110-121.
[29]	METZMAN J , SZEKERES L , SIMON L ,et al. Fuzzbench:an open fuzzer benchmarking platform and service[C]// Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2021: 1393-1403.

Metrics

Recommended 0

No Suggested Reading articles found!

测试对象	工具	覆盖次数	平均发现时长/s	性能增益
	AFL	3	68 130	3.89
who	AFLGO	4	30 629	1.75
	本文方案	6	17 542	—
	AFL	5	3 957	4.74
base64	AFLGO	5	1 571	1.88
	本文方案	5	834	—
	AFL	1	67 152	1.79
md5sum	AFLGO	4	42 969	1.15
	本文方案	5	37 578	—
	AFL	5	50 183	2.87
uniq	AFLGO	7	17 466	1.22
	本文方案	7	14 323	—

程序	CVE编号	漏洞类型
LibPNG	CVE-2011-2501	缓冲区溢出
LibPNG	CVE-2011-3328	除数为零
Binutil^]	CVE-2016-4487	无效写入
Binutils	CVE-2016-4488	无效写入
Binutils	CVE-2016-4489	无效写入
Binutils	CVE-2016-4491	非法访问
Binutils	CVE-2016-4492	堆栈错误
Binutils	CVE-2016-6131	非法访问

CVE	AFL	AFLGO	本文方案	P值
CVE-2016-4487	830（2.36）	512（1.46）	351	0.0215 6
CVE-2016-4488	1671（3.47）	901（1.87）	482	0.0180 4
CVE-2016-4489	1328（3.49）	667（1.76）	380	0.0190 6
CVE-2016-4491	31760（2.99）	27983（2.63）	10633	0.0002 8
CVE-2016-4492	948（2.46）	640（1.66）	385	0.0280 4
CVE-2016-6131	33 895（3.45）	21280（2.17）	9821	0.0009 8
CVE-2011-2501	2 162（4.55）	672（1.41）	475	0.0270 4
CVE-2011-3328	12 736（6.77）	3165（1.68）	1880	0.012

High-performance directional fuzzing scheme based on deep reinforcement learning

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 29

Related Articles 15

Metrics

Recommended 0

[1]	Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27.
[2]	Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37.
[3]	Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59.
[4]	Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89.
[5]	Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101.
[6]	Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122.
[7]	Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134.
[8]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[9]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[10]	Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93.
[11]	Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131.
[12]	Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153.
[13]	Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163.
[14]	Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183.
[15]	Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17.