High-performance directional fuzzing scheme based on deep reinforcement learning
With the continuous growth and advancement of the Internet and information technology, continuous growth and advancement of the Internet and information technology.Nevertheless, these applications’ vulnerabilities pose a severe threat to information security and users’ privacy.Fuzzing was widely use...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023027 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529719268311040 |
|---|---|
| author | Tian XIAO Zhihao JIANG Peng TANG Zheng HUANG Jie GUO Weidong QIU |
| author_facet | Tian XIAO Zhihao JIANG Peng TANG Zheng HUANG Jie GUO Weidong QIU |
| author_sort | Tian XIAO |
| collection | DOAJ |
| description | With the continuous growth and advancement of the Internet and information technology, continuous growth and advancement of the Internet and information technology.Nevertheless, these applications’ vulnerabilities pose a severe threat to information security and users’ privacy.Fuzzing was widely used as one of the main tools for automatic vulnerability detection due to its ease of vulnerability recurrence and low false positive errors.It generates test cases randomly and executes the application by optimization in terms of coverage or sample generation to detect deeper program paths.However, the mutation operation in fuzzing is blind and tends to make the generated test cases execute the same program path.Consequently, traditional fuzzing tests have problems such as low efficiency, high randomness of inputs generation and limited pertinence of the program structure.To address these problems, a directional fuzzing based on deep reinforcement learning was proposed, which used deep reinforcement learning networks with information obtained by staking program to guide the selection of the inputs.Besides, it enabled fast approximation and inspection of the program paths that may exist vulnerabilities.The experimental results showed that the proposed approach had better performance than the popular fuzzing tools such as AFL and AFLGO in terms of vulnerability detection and recurrence on the LAVA-M dataset and real applications like LibPNG and Binutils.Therefore, the approach can provide support for further vulnerability mining and security research. |
| format | Article |
| id | doaj-art-8f7b2ceaa0b944ad92705037a9bfce7c |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-8f7b2ceaa0b944ad92705037a9bfce7c2025-01-15T03:16:22ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-04-01913214259576407High-performance directional fuzzing scheme based on deep reinforcement learningTian XIAOZhihao JIANGPeng TANGZheng HUANGJie GUOWeidong QIUWith the continuous growth and advancement of the Internet and information technology, continuous growth and advancement of the Internet and information technology.Nevertheless, these applications’ vulnerabilities pose a severe threat to information security and users’ privacy.Fuzzing was widely used as one of the main tools for automatic vulnerability detection due to its ease of vulnerability recurrence and low false positive errors.It generates test cases randomly and executes the application by optimization in terms of coverage or sample generation to detect deeper program paths.However, the mutation operation in fuzzing is blind and tends to make the generated test cases execute the same program path.Consequently, traditional fuzzing tests have problems such as low efficiency, high randomness of inputs generation and limited pertinence of the program structure.To address these problems, a directional fuzzing based on deep reinforcement learning was proposed, which used deep reinforcement learning networks with information obtained by staking program to guide the selection of the inputs.Besides, it enabled fast approximation and inspection of the program paths that may exist vulnerabilities.The experimental results showed that the proposed approach had better performance than the popular fuzzing tools such as AFL and AFLGO in terms of vulnerability detection and recurrence on the LAVA-M dataset and real applications like LibPNG and Binutils.Therefore, the approach can provide support for further vulnerability mining and security research.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023027vulnerability miningfuzzing testdeep reinforcement learningprogram path |
| spellingShingle | Tian XIAO Zhihao JIANG Peng TANG Zheng HUANG Jie GUO Weidong QIU High-performance directional fuzzing scheme based on deep reinforcement learning 网络与信息安全学报 vulnerability mining fuzzing test deep reinforcement learning program path |
| title | High-performance directional fuzzing scheme based on deep reinforcement learning |
| title_full | High-performance directional fuzzing scheme based on deep reinforcement learning |
| title_fullStr | High-performance directional fuzzing scheme based on deep reinforcement learning |
| title_full_unstemmed | High-performance directional fuzzing scheme based on deep reinforcement learning |
| title_short | High-performance directional fuzzing scheme based on deep reinforcement learning |
| title_sort | high performance directional fuzzing scheme based on deep reinforcement learning |
| topic | vulnerability mining fuzzing test deep reinforcement learning program path |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023027 |
| work_keys_str_mv | AT tianxiao highperformancedirectionalfuzzingschemebasedondeepreinforcementlearning AT zhihaojiang highperformancedirectionalfuzzingschemebasedondeepreinforcementlearning AT pengtang highperformancedirectionalfuzzingschemebasedondeepreinforcementlearning AT zhenghuang highperformancedirectionalfuzzingschemebasedondeepreinforcementlearning AT jieguo highperformancedirectionalfuzzingschemebasedondeepreinforcementlearning AT weidongqiu highperformancedirectionalfuzzingschemebasedondeepreinforcementlearning |