Learn&Fuzz: Machine learning for input fuzzing

Citations Over TimeTop 1% of 2017 papers

Abstract

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques. We present a detailed case study with a complex input format, namely PDF, and a large complex security-critical parser for this format, namely, the PDF parser embedded in Microsoft's new Edge browser. We discuss and measure the tension between conflicting learning and fuzzing goals: learning wants to capture the structure of well-formed inputs, while fuzzing wants to break that structure in order to cover unexpected code paths and find bugs. We also present a new algorithm for this learn&fuzz challenge which uses a learnt input probability distribution to intelligently guide where to fuzz inputs.

Related Papers

• → Continuous Fuzzing: A Study of the Effectiveness and Scalability of Fuzzing in CI/CD Pipelines(2023)20 cited
• → SeededFuzz: Selecting and Generating Seeds for Directed Fuzzing(2016)21 cited
• → P-Fuzz: A Parallel Grey-Box Fuzzing Framework(2019)20 cited
• → A Survey of Hybrid Fuzzing based on Symbolic Execution(2020)4 cited
• → FUZZING TESTING. CLASSIFICATION OF MODERN FUZZING TOOLS(2021)1 cited