DeepFuzzing: Breaking the Limits of Traditional Fuzzers with Deep Learning

Researcher

Fuzzing is an  automated testing process of a computer software,  during which  the tested software is provided  and run with automatically generated inputs, also called seeds, with the aim of triggering unexpected behaviors. Since enumerating all possible inputs is infeasible for most software, the fuzzers input generation mechanism must emphasize the generation of inputs that are likely to trigger a novel behavior that was never seen before and discount inputs that would lead to a behavior that was already encountered. We  consider  the  problem  of  “Greybox  Fuzzing”,  e.g  effectively fuzzing  an endpoint  software while guided by the softwares code lines coverage. Our approach incorporates three deep learning models, which are learned concurrently and online while the AI-powered fuzzer runs. The first network predicts the correct code coverage map for a given software input, serving as a differentiable model of the execution process of the given software. The second model generates additional useful seeds that are likely to demonstrate new execution paths of the software. A third network, which is a GAN discriminator, helps to make sure that the samples created by the generator appear valid. Our method is expected to greatly increases the effectiveness of the fuzzer as measured by:(i) the number of bugs found during the process, (ii) the number of code lines that were ultimately covered and (iii) the number of newly discovered execution paths of the software.

Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing, Contact us as soon as possible >>