Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing
Wed 17 May 2023 15:34 - 15:36 at Meeting Room 105 - Posters 1
In this paper, we present a technique for learning seed-adaptive mutation strategies for fuzzers. The performance of mutation-based fuzzers highly depends on the mutation strategy that specifies the probability distribution of selecting mutation methods. As a result, developing an effective mutation strategy has received much attention recently, and program-adaptive techniques, which observe the behavior of the target program to learn the optimized mutation strategy per program, have become a trending approach to achieve better performance. They, however, still have a major limitation; they disregard the impacts of different characteristics of seed inputs which can lead to explore deeper program locations To address this limitation, we present SeamFuzz, a novel fuzzing technique that automatically captures the characteristics of individual seed inputs and applies different mutation strategies for different seed inputs. By capturing the syntactic and semantic similarities between seed inputs, SeamFuzz clusters them into proper groups and learns effective mutation strategies tailored for each seed cluster by using the customized Thompson sampling algorithm. Experimental results show that SeamFuzz improves both the path-discovering and bug-finding abilities of state-of-the-art fuzzers on real-world programs.
Wed 17 MayDisplayed time zone: Hobart change
13:45 - 15:15 | Fuzzing: techniques and toolsTechnical Track / Journal-First Papers / SEIP - Software Engineering in Practice at Meeting Room 101 Chair(s): Mike Papadakis University of Luxembourg, Luxembourg | ||
13:45 7mTalk | Neural Network Guided Evolutionary Fuzzing for Finding Traffic Violations of Autonomous Vehicles Journal-First Papers Ziyuan Zhong Columbia University, Gail Kaiser Columbia University, Baishakhi Ray Columbia University | ||
13:52 15mTalk | Reachable Code Coverage Technical Track Danushka Liyanage Monash University, Australia, Marcel Böhme MPI-SP, Germany and Monash University, Australia, Kla Tantithamthavorn Monash University, Stephan Lipp Technical University of Munich | ||
14:07 15mTalk | Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing Technical Track | ||
14:22 15mTalk | Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation Technical Track Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Rongxin Wu Xiamen University, Wei Liu Nanjing University, Biao He Ant Group, Yu Ouyang Ant Group, Jiajia Li Ant Group | ||
14:37 15mTalk | Evaluating and Improving Hybrid Fuzzing Technical Track Ling Jiang Southern University of Science and Technology, Hengchen Yuan Southern University of Science and Technology, Mingyuan Wu Southern University of Science and Technology, Lingming Zhang University of Illinois at Urbana-Champaign, Yuqun Zhang Southern University of Science and Technology | ||
14:52 15mTalk | DAISY: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis SEIP - Software Engineering in Practice Mingrui Zhang Tsinghua University, Beijing, China, Chijin Zhou Tsinghua University, Jianzhong Liu ShanghaiTech University, Mingzhe Wang Tsinghua University, Jie Liang , Juan Zhu , Yu Jiang Tsinghua University | ||