Write a Blog >>
Tue 10 Nov 2020 08:13 - 08:14 at Virtual room 1 - Fuzzing

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs, mutate them to generate new inputs, and identify the promising inputs using an evolutionary fitness function for further mutation.Despite their success, evolutionary fuzzers tend to get stuck in long sequences of unproductive mutations. In recent years, machine learning (ML) based mutation strategies have reported promising results. However, the existing ML-based fuzzers are limited by the lack of quality and diversity of the training data. As the input space of the target programs is high dimensional and sparse, it is prohibitively expensive to collect many diverse samples demonstrating successful and unsuccessful mutations to train the model.In this paper, we address these issues by using a Multi-Task Neural Network that can learn a compact embedding of the input space based on diverse training samples for multiple related tasks (i.e.,predicting for different types of coverage). The compact embedding can guide the mutation process by focusing most of the mutations on the parts of the embedding where the gradient is high. MTFuzz uncovers 11 previously unseen bugs and achieves an average of 2× more edge coverage compared with 5 state-of-the-art fuzzer on 10 real-world programs

Tue 10 Nov

Displayed time zone: (UTC) Coordinated Universal Time change

08:00 - 08:30
08:00
2m
Talk
Boosting Fuzzer Efficiency: An Information Theoretic PerspectiveACM SIGSOFT Distinguished Paper Award
Research Papers
Marcel Böhme Monash University, Australia, Valentin Manès KAIST, South Korea, Sang Kil Cha KAIST, South Korea
DOI
08:03
1m
Talk
CrFuzz: Fuzzing Multi-purpose Programs through Input Validation
Research Papers
Suhwan Song Seoul National University, South Korea, Chengyu Song University of California at Riverside, USA, Yeongjin Jang Oregon State University, USA, Byoungyoung Lee Seoul National University, South Korea
DOI
08:05
1m
Talk
Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
Research Papers
Muhammad Numair Mansur MPI-SWS, Germany, Maria Christakis MPI-SWS, Valentin Wüstholz ConsenSys, Fuyuan Zhang MPI-SWS, Germany
DOI Pre-print
08:07
1m
Talk
Fuzzing: On the Exponential Cost of Vulnerability Discovery
Research Papers
Marcel Böhme Monash University, Australia, Brandon Falk Gamozo Labs, n.n.
DOI
08:09
1m
Talk
Harvey: A Greybox Fuzzer for Smart Contracts
Industry Papers
DOI Pre-print
08:11
1m
Talk
Intelligent REST API Data Fuzzing
Research Papers
Patrice Godefroid Microsoft Research, USA, Bo-Yuan Huang Princeton University, USA, Marina Polishchuk Microsoft Research, USA
DOI
08:13
1m
Talk
MTFuzz: Fuzzing with a Multi-task Neural Network
Research Papers
Dongdong She Columbia University, USA, Rahul Krishna Columbia University, USA, Lu Yan Shanghai Jiao Tong University, China, Suman Jana Columbia University, USA, Baishakhi Ray Columbia University, USA
DOI Pre-print
08:15
15m
Talk
Conversations on Fuzzing
Research Papers
Dongdong She Columbia University, USA, Muhammad Numair Mansur MPI-SWS, Germany, Marcel Böhme Monash University, Australia, Suhwan Song Seoul National University, South Korea, Valentin Wüstholz ConsenSys, M: Mike Papadakis University of Luxembourg, Luxembourg