PT-Fuzz: A Transformer Based Fuzzing Data Generation Method
Authors: 
Yingyun Ye, Yan ZhuangAuthors Info & Claims
Yingyun Ye, Yan ZhuangAuthors Info & ClaimsPages 277 - 283
Abstract
American Fuzzy Lop (AFL) is one of the most widely used overlay-oriented fuzzers in the field of fuzz processing. In the process of analyzing AFL, we found that the number of tests per code block in the AFL testing process is very unevenly distributed. The AFL spends a lot of testing time on a small number of code blocks. In addition, the fuzzing cannot discover new paths for a long time because new basic blocks cannot be discovered in time. These two reasons lead to a waste of fuzz testing performance. In this paper, we propose a test case generation method that combines path information and deep learning. The deep learning model is used to analyze the relationship between the program execution path and test cases. In addition, the deep learning model also learns the syntactic rules of program input to generate better test cases. We implemented our approach based on the AFL and Transformer model. And test the effect of our method in a real program. Experimental results show that our method can improve the efficiency of fuzzing. On average, PT-Fuzz found 14.4% more paths and 7.2% more code blocks than AFL.
References
[1]
Quanchen Zou, Tao Zhang, Runpu Ww, Jinxin Ma, Meicong Li, Chen Chen, and Changyu Hou. 2018. From automation to intelligence: Survey of research on vulnerability discovery techniques. Journal of Tsinghua University (Science and Technology), Vol. 58(12), 1079-1094.
[2]
Xiong Zhang and Zhou-jun Li. 2016. Survey of Fuzz Testing Technology. J. Computer Science, Vol. 43(5), 1-8. https://doi.org/10.11896/j.issn.1002-137X.2016.05.001
[3]
American Fuzzy Lop 2019. Retrieved November 13, 2022 from https://github.com/google/AFL/
[4]
Zezhong Ren, Han Zheng, Jiayuan Zhang, Wenjie Wang, Tao Feng, He Wang, and Yuqing Zhang. 2021. A Review of Fuzzing Techniques. J. Journal of Computer Research and Development, Vol 58(5), 944-963.
[5]
M. Böhme, VT. Pham and A. Roychoudhury. 2019. Coverage-Based Greybox Fuzzing as Markov Chain. IEEE Transactions on Software Engineering, Vol. 45, no. 5, pp. 489-506, 1 May, https://
[6]
D. She, K. Pei, D. Epstein, J. Yang, B. Ray and S. Jana. 2019. NEUZZ: Efficient Fuzzing with Neural Program Smoothing. IEEE Symposium on Security and Privacy (SP), 803-817. https://
[7]
Yuwei Li, Shouling Ji, Chenyang Lyu, 2022. V-Fuzz: Vulnerability Prediction-Assisted Evolutionary Fuzzing for Binary Programs. IEEE Transactions on Cybernetics. Vol. 52(5). 3745-3756. https://
[8]
MillerBP, KoskiD, LeeC, eta1.1995. Fuzz Revisited: A Re-Examination of the Reliability of UNIX Utilities and Services. University of Wisconsin-Madison Department of Computer Sciences.
[9]
Ashish Vaswani, Noam Shazeer, Parmar, Niki, 2017. Attention is all you need. In Proceedings of the 31st Annual Conference on Neural Information Processing Systems (NIPS). Long Beach, CA. 6000–6010.
[10]
Carion, N, Massa, F, Synnaeve, G, Usunier, N, Kirillov, A, and Zagoruyko, S. 2020. End-to-End Object Detection with Transformers. In Proceedings of the Computer Vision - ECCV 2020. Springer, Glasgow, UK, 16th European Conference, 213-29. https://doi.org/10.1007/978-3-030-58452-8_13
[11]
Dosovitskiy A, Beyer L, Kolesnikov A, An image is worth 16x16 words: Transformers for image recognition at scale. ArXiv preprint arXiv:2010.11929, 2020.
[12]
A YAML Parser and Emitter in C++ Matching the YAML 2021. Retrieved November 13, 2022 from https://github.com/jbeder/yaml-cpp/
Index Terms
- PT-Fuzz: A Transformer Based Fuzzing Data Generation Method
Recommendations
Neuron Semantic-Guided Test Generation for Deep Neural Networks Fuzzing
In recent years, significant progress has been made in testing methods for deep neural networks (DNNs) to ensure their correctness and robustness. Coverage-guided criteria, such as neuron-wise, layer-wise, and path-/trace-wise, have been proposed for DNN ...
Learn&Fuzz: machine learning for input fuzzing
ASE '17: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software EngineeringFuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for input ...
Format-aware learn&fuzz: deep test data generation for efficient fuzzing
AbstractAppropriate test data are a crucial factor to succeed in fuzz testing. Most of the real-world applications, however, accept complex structure inputs containing data surrounded by meta-data which is processed in several stages comprising of the ...
Comments
Information & Contributors
Information
Published In
December 2022
365 pages
ISBN:9781450398039
DOI:10.1145/3579895
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 April 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICNCC 2022
ICNCC 2022: 2022 The 11th International Conference on Networks, Communication and Computing
December 9 - 11, 2022
Beijing, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 89Total Downloads
- Downloads (Last 12 months)57
- Downloads (Last 6 weeks)3
Reflects downloads up to 18 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format