Deep learning for coverage-guided fuzzing: How far are we?
Fuzzing is a widely-used software vulnerability discovery technology, many of which are optimized using coverage-feedback. Recently, some techniques propose to train deep learning (DL) models to predict the branch coverage of an arbitrary input owing to its always-available gradients etc. as a guide...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7494 https://ink.library.smu.edu.sg/context/sis_research/article/8497/viewcontent/tdsc22_fuzzing.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8497 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-84972022-11-10T07:44:29Z Deep learning for coverage-guided fuzzing: How far are we? LI, Siqi XIE, Xiaofei LIN, Yun LI, Yuekang FENG, Ruitao LI, Xiaohong GE, Weimin DONG, Jin Song Fuzzing is a widely-used software vulnerability discovery technology, many of which are optimized using coverage-feedback. Recently, some techniques propose to train deep learning (DL) models to predict the branch coverage of an arbitrary input owing to its always-available gradients etc. as a guide. Those techniques have proved their success in improving coverage and discovering bugs under different experimental settings. However, DL models, usually as a magic black-box, are notoriously lack of explanation. Moreover, their performance can be sensitive to the collected runtime coverage information for training, indicating potentially unstable performance. In this work, we conduct a systematic empirical study on 4 types of DL models across 6 projects to (1) revisit the performance of DL models on predicting branch coverage (2) demystify what specific knowledge do the models exactly learn, (3) study the scenarios where the DL models can outperform and underperform the traditional fuzzers, and (4) gain insight into the challenges of applying DL models on fuzzing. Our empirical results reveal that existing DL-based fuzzers do not perform well as expected, which is largely affected by the dependencies between branches, unbalanced sample distribution, and the limited model expressiveness. In addition, the estimated gradient information tends to be less helpful in our experiments. Finally, we further pinpoint the research directions based on our summarized challenges. 2022-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7494 info:doi/10.1109/TDSC.2022.3200525 https://ink.library.smu.edu.sg/context/sis_research/article/8497/viewcontent/tdsc22_fuzzing.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Deep Learning Testing Fuzzing Mutation Coverage Artificial Intelligence and Robotics |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Deep Learning Testing Fuzzing Mutation Coverage Artificial Intelligence and Robotics |
| spellingShingle |
Deep Learning Testing Fuzzing Mutation Coverage Artificial Intelligence and Robotics LI, Siqi XIE, Xiaofei LIN, Yun LI, Yuekang FENG, Ruitao LI, Xiaohong GE, Weimin DONG, Jin Song Deep learning for coverage-guided fuzzing: How far are we? |
| description |
Fuzzing is a widely-used software vulnerability discovery technology, many of which are optimized using coverage-feedback. Recently, some techniques propose to train deep learning (DL) models to predict the branch coverage of an arbitrary input owing to its always-available gradients etc. as a guide. Those techniques have proved their success in improving coverage and discovering bugs under different experimental settings. However, DL models, usually as a magic black-box, are notoriously lack of explanation. Moreover, their performance can be sensitive to the collected runtime coverage information for training, indicating potentially unstable performance. In this work, we conduct a systematic empirical study on 4 types of DL models across 6 projects to (1) revisit the performance of DL models on predicting branch coverage (2) demystify what specific knowledge do the models exactly learn, (3) study the scenarios where the DL models can outperform and underperform the traditional fuzzers, and (4) gain insight into the challenges of applying DL models on fuzzing. Our empirical results reveal that existing DL-based fuzzers do not perform well as expected, which is largely affected by the dependencies between branches, unbalanced sample distribution, and the limited model expressiveness. In addition, the estimated gradient information tends to be less helpful in our experiments. Finally, we further pinpoint the research directions based on our summarized challenges. |
| format |
text |
| author |
LI, Siqi XIE, Xiaofei LIN, Yun LI, Yuekang FENG, Ruitao LI, Xiaohong GE, Weimin DONG, Jin Song |
| author_facet |
LI, Siqi XIE, Xiaofei LIN, Yun LI, Yuekang FENG, Ruitao LI, Xiaohong GE, Weimin DONG, Jin Song |
| author_sort |
LI, Siqi |
| title |
Deep learning for coverage-guided fuzzing: How far are we? |
| title_short |
Deep learning for coverage-guided fuzzing: How far are we? |
| title_full |
Deep learning for coverage-guided fuzzing: How far are we? |
| title_fullStr |
Deep learning for coverage-guided fuzzing: How far are we? |
| title_full_unstemmed |
Deep learning for coverage-guided fuzzing: How far are we? |
| title_sort |
deep learning for coverage-guided fuzzing: how far are we? |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7494 https://ink.library.smu.edu.sg/context/sis_research/article/8497/viewcontent/tdsc22_fuzzing.pdf |
| _version_ |
1770576357428822016 |