Abstract
Fuzzing is a simple and effective way to find software bugs. Most state-of-the-art fuzzers focus on improving code coverage to enhance the possibility of causing crashes. However, a software program oftentimes has only a fairly small portion that contains vulnerabilities, leading coverage-based fuzzers to work poorly most of the time. To address this challenge, we propose Suzzer, a vulnerability-guided fuzzer, to concentrate on testing code blocks that are more likely to contain bugs. Suzzer has a light-weight static analyzer to extract ACFG vector from target programs. In order to determine which code blocks are more vulnerable, Suzzer is equipped with prediction models which get the prior probability of each ACFG vector. The prediction models will guide Suzzer to generate test inputs with higher vulnerability scores, thus improving the efficiency of finding bugs. We evaluate Suzzer using two different datasets: artificial LAVA-M dataset and a set of real-world programs. The results demonstrate that in the best case of short-term fuzzing, Suzzer saved 64.5% of the time consumed to discover vulnerabilities compared to VUzzer.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Wikipedia. Fuzzing (2018). https://en.wikipedia.org/wiki/Fuzzing/
Roning, J., et al.: Protos-systematic approach to eliminate software vulnerabilities. Invited presentation at Microsoft Research (2002)
Eddington, M.: Peach fuzzing platform. Peach Fuzzer 34 (2011)
Aitel, D.: An introduction to spike, the Fuzzer creation kit (2002)
Yang, X., Chen, Y., Eide, E., et al.: Finding and understanding bugs in C compilers. In: ACM SIGPLAN Notices (2011)
Zalewski, M.: American fuzzy lop (2017). http://lcamtuf.coredump.cx/afl/
Google. honggfuzz (2017). https://google.github.io/honggfuzz/
Caca Labs (2017). http://caca.zoy.org/wiki/zzuf/
Chen, Y., et al.: EnFuzz: ensemble fuzzing with seed synchronization among diverse Fuzzers. In: 28th USENIX Security Symposium (USENIX Security 2019) (2019)
Rawat, S., et al.: VUzzer: application-aware evolutionary fuzzing. In: NDSS, vol. 17 (2017)
Peng, H., Shoshitaishvili, Y., Payer, M.: T-Fuzz: fuzzing by program transformation. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)
Chen, P., Chen, H.: Angora: efficient fuzzing by principled search. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)
Gan, S., et al.: Collafl: path sensitive fuzzing. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)
Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empirical Softw. Eng. 18(1), 25–59 (2013)
Liu, C., et al.: SOBER: statistical model-based bug localization. ACM SIGSOFT Softw. Eng. Notes 30(5), 286–295 (2005)
OpenRCE. Sulley fuzzing framework (2015). https://github.com/OpenRCE/sulley
Takanen, A., Demott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance. Artech House (2008)
Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: Network and Distributed System Security Symposium (2008)
Ganesh, V., Leek, T., Rinard, M.: Taint-based directed whitebox fuzzing. In: Proceedings of the 31st International Conference on Software Engineering. IEEE Computer Society (2009)
Li, Y., et al.: V-Fuzz: vulnerability-oriented evolutionary fuzzing. arXiv preprint arXiv:1901.01142 (2019)
Li, Z., et al.: SySeVR: a framework for using deep learning to detect software vulnerabilities. arXiv preprint arXiv:1807.06756 (2018)
Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)
Xu, X., et al.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM (2017)
Zuo, F., et al.: Neural machine translation inspired binary code similarity comparison beyond function pairs. arXiv preprint arXiv:1808.04706 (2018)
Feng, Q., et al.: Scalable graph-based bug search for firmware images. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)
Control-flow graph (2015). https://en.wikipedia.org/wiki/Control-flow_graph
Pewny, J., et al.: Cross-architecture bug search in binary executables. In: 2015 IEEE Symposium on Security and Privacy. IEEE (2015)
Yan, S., et al.: Graph embedding and extensions: a general framework for dimensionality reduction. IEEE Trans. Pattern Anal. Mach. Intell. 29(1), 40–51 (2007)
Rajpal, M., Blum, W., Singh, R.: Not all bytes are equal: Neural byte sieve for fuzzing. arXiv preprint arXiv:1711.04596 (2017)
Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM (1999)
Intel. Intel 64 and IA-32 architectures software developer manuals (2018). https://software.intel.com/en-us/articles/intel-sdm
Hex-Rays. The IDA pro disassembler and debugger (2015). https://www.hex-rays.com/products/ida/
Stamatogiannakis, M., Groth, P., Bos, H.: Looking inside the black-box: capturing data provenance using dynamic instrumentation. In: Ludäscher, B., Plale, B. (eds.) IPAW 2014. LNCS, vol. 8628, pp. 155–167. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16462-5_12
Luk, C.-K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. ACM SIGPLAN Not. 40(6), 190–200 (2005)
NVD (2017). http://nvd.nist.gov/
Dolan-Gavitt, B., et al.: Lava: large-scale automated vulnerability addition. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE (2016)
Acknowledgements
This research is supported in part by the National Key Research and Development Project (Grant No. 2017YFC0820503) and Beijing Science and Technology Plan (Grant No. Z181100009818020).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhao, Y., Li, Y., Yang, T., Xie, H. (2020). Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning. In: Liu, Z., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2019. Lecture Notes in Computer Science(), vol 12020. Springer, Cham. https://doi.org/10.1007/978-3-030-42921-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-42921-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42920-1
Online ISBN: 978-3-030-42921-8
eBook Packages: Computer ScienceComputer Science (R0)