Efficient fuzzing testcases generation based on SAGAN
Authors: 
Zeru Li, Zhongyuan Qin, Xin Sun, Wen WangAuthors Info & Claims
Zeru Li, Zhongyuan Qin, Xin Sun, Wen WangAuthors Info & ClaimsPages 33 - 38
Abstract
Generative adversarial networks can be used for the generation of testcases in fuzzing, but the structural information of the testcases is rarely attended to. In this paper, we adopt a SAGAN-based testcases generation technique, to learn and utilize the structural information of the testcases and give attention to the important parts. We selectively improve the network structure so that the model can be more adapted to the structural information of the fuzzing testcases. We used gradient penalty and spectral normalization to stabilize the training of the network. The results show that our approach has higher efficiency on the lava-m dataset. In addition, the fuzzing testcases generated by SAGAN can find more crashes and hangs compared to those mutated by AFL++.
References
[1]
Y. Wang, P. Jia, L. Liu, C. Huang, and Z. Liu, "A systematic review of fuzzing based on machine learning techniques," PLoS One, vol. 15, no. 8, p. e0237749, 2020.
[2]
A. Fioraldi, D. Maier, H. Eißfeldt, and M. Heuse, "{AFL++}: Combining Incremental Steps of Fuzzing Research," in 14th USENIX Workshop on Offensive Technologies (WOOT 20), 2020.
[3]
B. P. Miller, L. Fredriksen, and B. So, "An empirical study of the reliability of UNIX utilities," Communications of the ACM, vol. 33, no. 12, pp. 32-44, 1990.
[4]
C. Lyu, "{MOPT}: Optimized mutation scheduling for fuzzers," in 28th USENIX Security Symposium (USENIX Security 19), 2019, pp. 1949-1966.
[5]
C. Lemieux and K. Sen, "Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage," in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, 2018, pp. 475-485.
[6]
P. Chen and H. Chen, "Angora: Efficient fuzzing by principled search," in 2018 IEEE Symposium on Security and Privacy (SP), 2018: IEEE, pp. 711-725.
[7]
D. She, K. Pei, D. Epstein, J. Yang, B. Ray, and S. Jana, "Neuzz: Efficient fuzzing with neural program smoothing," in 2019 IEEE Symposium on Security and Privacy (SP), 2019: IEEE, pp. 803-817.
[8]
D. She, R. Krishna, L. Yan, S. Jana, and B. Ray, "MTFuzz: fuzzing with a multi-task neural network," in Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020, pp. 737-749.
[9]
M. Zakeri Nasrabadi, S. Parsa, and A. Kalaee, "Format-aware learn&fuzz: deep test data generation for efficient fuzzing," Neural Computing and Applications, vol. 33, no. 5, pp. 1497-1513, 2020.
[10]
P. Godefroid, H. Peleg, and R. Singh, "Learn&fuzz: Machine learning for input fuzzing," in 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), 2017: IEEE, pp. 50-59.
[11]
I. Goodfellow, "Generative adversarial networks," Communications of the ACM, vol. 63, no. 11, pp. 139-144, 2020.
[12]
N. Nichols, M. Raugas, R. Jasper, and N. Hilliard, "Faster fuzzing: Reinitialization with deep neural models," arXiv preprint arXiv:1711.02807, 2017.
[13]
C. Lyu, S. Ji, Y. Li, J. Zhou, J. Chen, and J. Chen, "Smartseed: Smart seed generation for efficient fuzzing," arXiv preprint arXiv:1807.02606, 2018.
[14]
Z. Li, H. Zhao, J. Shi, Y. Huang, and J. Xiong, "An Intelligent Fuzzing Data Generation Method Based on Deep Adversarial Learning," IEEE Access, vol. 7, pp. 49327-49340, 2019.
[15]
A. Ye, L. Wang, L. Zhao, J. Ke, W. Wang, and Q. Liu, "RapidFuzz: Accelerating fuzzing via Generative Adversarial Networks," Neurocomputing, vol. 460, pp. 195-204, 2021.
[16]
X. Guo, H. Okamura, and T. Dohi, "Automated Software Test Data Generation With Generative Adversarial Networks," IEEE Access, vol. 10, pp. 20690-20700, 2022.
[17]
K. Lee, H. Chang, L. Jiang, H. Zhang, Z. Tu, and C. Liu, "Vitgan: Training gans with vision transformers," arXiv preprint arXiv:2107.04589, 2021.
[18]
A. Vaswani, "Attention is all you need," Advances in neural information processing systems, vol. 30, 2017.
[19]
H. Zhang, I. Goodfellow, D. Metaxas, and A. Odena, "Self-attention generative adversarial networks," in International conference on machine learning, 2019: PMLR, pp. 7354-7363.
[20]
I. Gulrajani, F. Ahmed, M. Arjovsky, V. Dumoulin, and A. C. Courville, "Improved training of wasserstein gans," Advances in neural information processing systems, vol. 30, 2017.
[21]
T. Miyato, T. Kataoka, M. Koyama, and Y. Yoshida, "Spectral normalization for generative adversarial networks," arXiv preprint arXiv:1802.05957, 2018.
[22]
B. Dolan-Gavitt, "Lava: Large-scale automated vulnerability addition," in 2016 IEEE symposium on security and privacy (SP), 2016: IEEE, pp. 110-121.
Index Terms
- Efficient fuzzing testcases generation based on SAGAN
Index terms have been assigned to the content through auto-classification.
Recommendations
PT-Fuzz: A Transformer Based Fuzzing Data Generation Method
ICNCC '22: Proceedings of the 2022 11th International Conference on Networks, Communication and ComputingAmerican Fuzzy Lop (AFL) is one of the most widely used overlay-oriented fuzzers in the field of fuzz processing. In the process of analyzing AFL, we found that the number of tests per code block in the AFL testing process is very unevenly distributed. ...
Online Model-Based Behavioral Fuzzing
ICSTW '13: Proceedings of the 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation WorkshopsFuzz testing or fuzzing is interface robustness testing by stressing the interface of a system under test (SUT) with invalid input data. It aims at finding security-relevant weaknesses in the implementation that may result in a crash of the system-under-...
Grammar-based whitebox fuzzing
PLDI '08Whitebox fuzzing is a form of automatic dynamic test generation, based on symbolic execution and constraint solving, designed for security testing of large applications. Unfortunately, the current effectiveness of whitebox fuzzing is limited when ...
Comments
Information & Contributors
Information
Published In
October 2023
446 pages
ISBN:9798400716683
DOI:10.1145/3640912
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 February 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CNML 2023
CNML 2023: 2023 International Conference on Communication Network and Machine Learning
October 27 - 28, 2023
Zhengzhou, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 27Total Downloads
- Downloads (Last 12 months)27
- Downloads (Last 6 weeks)6
Reflects downloads up to 09 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format