Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs, mutate them to generate new inputs, and identify the promising inputs using an evolutionary fitness function for further mutation.Despite their success, evolutionary fuzzers tend to get stuck in long sequences of unproductive mutations. In recent years, machine learning (ML) based mutation strategies have reported promising results. However, the existing ML-based fuzzers are limited by the lack of quality and diversity of the training data. As the input space of the target programs is high dimensional and sparse, it is prohibitively expensive to collect many diverse samples demonstrating successful and unsuccessful mutations to train the model.In this paper, we address these issues by using a Multi-Task Neural Network that can learn a compact embedding of the input space based on diverse training samples for multiple related tasks (i.e.,predicting for different types of coverage). The compact embedding can guide the mutation process by focusing most of the mutations on the parts of the embedding where the gradient is high. MTFuzz uncovers 11 previously unseen bugs and achieves an average of 2× more edge coverage compared with 5 state-of-the-art fuzzer on 10 real-world programs
Tue 10 Nov Times are displayed in time zone: (UTC) Coordinated Universal Time change
08:00 - 08:02 Talk | Boosting Fuzzer Efficiency: An Information Theoretic PerspectiveACM SIGSOFT Distinguished Paper Award Research Papers Marcel BöhmeMonash University, Australia, Valentin ManèsKAIST, South Korea, Sang Kil ChaKAIST, South Korea DOI | ||
08:03 - 08:04 Talk | CrFuzz: Fuzzing Multi-purpose Programs through Input Validation Research Papers Suhwan SongSeoul National University, South Korea, Chengyu SongUniversity of California at Riverside, USA, Yeongjin JangOregon State University, USA, Byoungyoung LeeSeoul National University, South Korea DOI | ||
08:05 - 08:06 Talk | Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing Research Papers Muhammad Numair MansurMPI-SWS, Germany, Maria ChristakisMPI-SWS, Valentin WüstholzConsenSys, Fuyuan ZhangMPI-SWS, Germany DOI Pre-print | ||
08:07 - 08:08 Talk | Fuzzing: On the Exponential Cost of Vulnerability Discovery Research Papers DOI | ||
08:09 - 08:10 Talk | Harvey: A Greybox Fuzzer for Smart Contracts Industry Papers DOI Pre-print | ||
08:11 - 08:12 Talk | Intelligent REST API Data Fuzzing Research Papers Patrice GodefroidMicrosoft Research, USA, Bo-Yuan HuangPrinceton University, USA, Marina PolishchukMicrosoft Research, USA DOI | ||
08:13 - 08:14 Talk | MTFuzz: Fuzzing with a Multi-task Neural Network Research Papers Dongdong SheColumbia University, USA, Rahul KrishnaColumbia University, USA, Lu YanShanghai Jiao Tong University, China, Suman JanaColumbia University, USA, Baishakhi RayColumbia University, USA DOI Pre-print | ||
08:15 - 08:30 Talk | Conversations on Fuzzing Research Papers Dongdong SheColumbia University, USA, Muhammad Numair MansurMPI-SWS, Germany, Marcel BöhmeMonash University, Australia, Suhwan SongSeoul National University, South Korea, Valentin WüstholzConsenSys, M: Mike PapadakisUniversity of Luxembourg, Luxembourg |