AFL-RL: A Reinforcement Learning Based Mutation Scheduling Optimization Method for Fuzzing
Pages 46 - 55
Abstract
As the development paradigm of the next generation Internet, the metaverse aims to build a fully immersive, supra-temporal and self-sustaining virtual shared space, which is regarded as an important application for the next generation of people to socialize, entertain and work. However, the serious privacy violations and security vulnerabilities of the metaverse affect its extensive development and application deployment. In order to locate security vulnerabilities in metaverse software as early as possible, many vulnerability mining techniques have been applied to vulnerability detection, and fuzzing is one of the most effective techniques. However, the traditional fuzzing technology has great blindness when mutating samples, which seriously affects its work efficiency. To solve the above problems, this paper proposes a method based on improving TD3 deep reinforcement learning algorithm to improve traditional fuzzing technology, and conducts preliminary tests and evaluation on libtiff, ffmpeg and other software, which verifies the effectiveness and feasibility of this method.
CCS CONCEPTS • Security and privacy∼Software and application security∼Software security engineering
References
[1]
Sanchez J. Second Life: An interactive qualitative analysis[C]//Society for Information Technology & Teacher Education International Conference. Association for the Advancement of Computing in Education (AACE), 2007: 1240-1243.
[2]
Dionisio J D N, III W G B, Gilbert R. 3D virtual worlds and the metaverse: Current status and future possibilities[J]. ACM Computing Surveys (CSUR), 2013, 45(3): 1-38.
[3]
Bruun A, Stentoft M L. Lifelogging in the wild: Participant experiences of using lifelogging as a research tool[C]//Human-Computer Interaction–INTERACT 2019: 17th IFIP TC 13 International Conference, Paphos, Cyprus, September 2–6, 2019, Proceedings, Part III 17. Springer International Publishing, 2019: 431-451.
[4]
Ning H, Wang H, Lin Y, A Survey on Metaverse: the State-of-the-art, Technologies, Applications, and Challenges[J]. arXiv preprint arXiv:2111.09673, 2021.
[5]
Grider D, Maximo M. The metaverse: Web 3.0 virtual cloud economies[J]. Grayscale Research, 2021: 1-19.
[6]
“American Fuzzy Lop” http://lcamtuf.coredump.cx/afl/.
[7]
Rawat S, Jain V, Kumar A, VUzzer: Application-aware Evolutionary Fuzzing[C]//NDSS. 2017, 17: 1-14.
[8]
Gan S, Zhang C, Qin X, Collafl: Path sensitive fuzzing[C]//2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018: 679-696.
[9]
R.Swiecki, “Honggfuzz” http://code.google.com/p/honggfuzz/.
[10]
Godefroid P, Peleg H, Singh R. Learn&fuzz: Machine learning for input fuzzing[C]//2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2017: 50-59.
[11]
Wang J, Chen B, Wei L, Skyfire: Data-driven seed generation for fuzzing[C]//2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017: 579-594.
[12]
Aschermann C, Frassetto T, Holz T, NAUTILUS: Fishing for Deep Bugs with Grammars[C]//NDSS. 2019.
[13]
Krakovsky M . Reinforcement renaissance[J]. Communications of the ACM, 2016, 59(8):12-14.
[14]
Silver D, Schrittwieser J, Simonyan K, Mastering the game of Go without human knowledge[J]. Nature, 2017, 550(7676):354-359.
[15]
Heess N, TB D, Sriram S, Emergence of locomotion behaviours in rich environments[J]. arXiv preprint arXiv:1707.02286, 2017.
[16]
Shao K, Tang Z, Zhu Y, A survey of deep reinforcement learning in video games[J]. arXiv preprint arXiv:1912.10944, 2019.
[17]
Fujimoto S, Hoof H, Meger D. Addressing function approximation error in actor-critic methods[C]//International conference on machine learning. PMLR, 2018: 1587-1596.
[18]
Lyu C, Ji S, Li Y, Smartseed: Smart seed generation for efficient fuzzing[J]. arXiv preprint arXiv:1807.02606, 2018.
[19]
Wu Z, Johnson E, Yang W, REINAM: reinforcement learning for input-grammar inference[C]//Proceedings of the 2019 27th acm joint meeting on european software engineering conference and symposium on the foundations of software engineering. 2019: 488-498.
[20]
Luong N C, Hoang D T, Gong S, Applications of deep reinforcement learning in communications and networking: A survey[J]. IEEE Communications Surveys & Tutorials, 2019, 21(4): 3133-3174.
[21]
Lee S, Han H S, Cha S K, Montage: A neural network language model-guided javascript engine fuzzer[C]//Proceedings of the 29th USENIX Conference on Security Symposium. 2020: 2613-2630.
[22]
Zong P, Lv T, Wang D, Fuzzguard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning[C]//Proceedings of the 29th USENIX Conference on Security Symposium. 2020: 2255-2269.
[23]
Böhme M, Pham V T, Nguyen M D, Directed greybox fuzzing[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 2329-2344.
[24]
Böttinger K, Godefroid P, Singh R. Deep reinforcement fuzzing[C]//2018 IEEE Security and Privacy Workshops (SPW). IEEE, 2018: 116-122.
[25]
Li X, Liu X, Chen L, FuzzBoost: Reinforcement Compiler Fuzzing[C]//Information and Communications Security: 24th International Conference, ICICS 2022, Canterbury, UK, September 5–8, 2022, Proceedings. Cham: Springer International Publishing, 2022: 359-375.
[26]
Drozd W, Wagner M D. Fuzzergym: A competitive framework for fuzzing and learning[J]. arXiv preprint arXiv:1807.07490, 2018.
[27]
Kuznetsov A, Yeromin Y, Shapoval O, Automated software vulnerability testing using deep learning methods[C]//2019 IEEE 2nd Ukraine Conference on Electrical and Computer Engineering (UKRCON). IEEE, 2019: 837-841.
Index Terms
- AFL-RL: A Reinforcement Learning Based Mutation Scheduling Optimization Method for Fuzzing
Index terms have been assigned to the content through auto-classification.
Recommendations
Fuzzing for CPS Mutation Testing
ASE '23: Proceedings of the 38th IEEE/ACM International Conference on Automated Software EngineeringMutation testing can help reduce the risks of releasing faulty software. For such reason, it is a desired practice for the development of embedded software running in safety-critical cyber-physical systems (CPS). Unfortunately, state-of-the-art test data ...
The Application of Fuzzing in Web Software Security Vulnerabilities Test
ITA '13: Proceedings of the 2013 International Conference on Information Technology and ApplicationsWeb applications need for extensive testing before deployment and use, for early detecting security vulnerabilities to improve the quality of the safety of the software, the purpose of this paper is to research the fuzzing applications in security ...
Fuzzing JavaScript Interpreters with Coverage-Guided Reinforcement Learning for LLM-Based Mutation
ISSTA 2024: Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and AnalysisJavaScript interpreters, crucial for modern web browsers, require an effective fuzzing method to identify security-related bugs. However, the strict grammatical requirements for input present significant challenges. Recent efforts to integrate language ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2023
354 pages
ISBN:9781450399883
DOI:10.1145/3606043
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 November 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
HP3C 2023
HP3C 2023: 2023 7th International Conference on High Performance Compilation, Computing and Communications
June 17 - 19, 2023
Jinan, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 70Total Downloads
- Downloads (Last 12 months)70
- Downloads (Last 6 weeks)9
Reflects downloads up to 02 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format