Yuma Kurogome scite author profile

Yuma Kurogome

5Publications

0Citation Statements Received

105Citation Statements Given

How they've been cited

How they cite others

103

100

Affiliations

NTT (Japan)

Publications

Order By: Most citations

SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing

Koike¹,

Katsura²,

Yakura³

et al. 2022

View full text Add to dashboard Cite

Mutation-based fuzzing has become one of the most common vulnerability discovery solutions over the last decade. Fuzzing can be optimized when targeting specific programs, and given that, some studies have employed online optimization methods to do it automatically, i.e., tuning fuzzers for any given program in a program-agnostic manner. However, previous studies have neither fully explored mutation schemes suitable for online optimization methods, nor online optimization methods suitable for mutation schemes. In this study, we propose an optimization framework called SLOPT that encompasses both a bandit-friendly mutation scheme and mutation-scheme-friendly bandit algorithms. The advantage of SLOPT is that it can generally be incorporated into existing fuzzers, such as AFL and Honggfuzz. As a proof of concept, we implemented SLOPT-AFL++ by integrating SLOPT into AFL++ and showed that the program-agnostic optimization delivered by SLOPT enabled SLOPT-AFL++ to achieve higher code coverage than AFL++ in all of ten real-world FuzzBench programs. Moreover, we ran SLOPT-AFL++ against several real-world programs from OSS-Fuzz and successfully identified three previously unknown vulnerabilities, even though these programs have been fuzzed by AFL++ for a considerable number of CPU days on OSS-Fuzz. CCS CONCEPTS• Security and privacy → Software security engineering; • Theory of computation → Sequential decision making.

show abstract

RCABench: Open Benchmarking Platform for Root Cause Analysis

Nishimura¹,

Sugiyama²,

Koike³

et al. 2023

Preprint

View full text Add to dashboard Cite

RCABench: Open Benchmarking Platform for Root Cause Analysis

Nishimura¹,

Sugiyama²,

Koike³

et al. 2023

View full text Add to dashboard Cite

Fuzzing has contributed to automatically identifying bugs and vulnerabilities in the software testing field. Although it can efficiently generate crashing inputs, these inputs are usually analyzed manually. Several root cause analysis (RCA) techniques have been proposed to automatically analyze the root causes of crashes to mitigate this cost. However, outstanding challenges for realizing more elaborate RCA techniques remain unknown owing to the lack of extensive evaluation methods over existing techniques. With this problem in mind, we developed an endto-end benchmarking platform, RCABench, that can evaluate RCA techniques for various targeted programs in a detailed and comprehensive manner. Our experiments with RCABench indicated that the evaluations in previous studies were not enough to fully support their claims. Moreover, this platform can be leveraged to evaluate emerging RCA techniques by comparing them with existing techniques.

show abstract

The Forefront of Cyberattack Countermeasures Focusing on Traces of Attacks

Kanemoto

Kurogome

Aoki

et al. 2020

View full text Add to dashboard Cite

Cyberattacks have become more capable of infiltrating corporate networks with malware by skillfully deceiving the target, and it is becoming increasingly difficult to prevent infections before they occur. Regarding web servers that are open to the public, the frequency of attacks increases and alerts occur more frequently as attack techniques become well known. It is thus becoming difficult to determine which attack to respond to. In this article, the forefront of cyberattack countermeasures focusing on traces left by attacks is discussed to address this issue.

show abstract

Eiger

Kurogome¹,

Otsuki²,

Kawakoya³

et al. 2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yuma Kurogome

SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing

RCABench: Open Benchmarking Platform for Root Cause Analysis

RCABench: Open Benchmarking Platform for Root Cause Analysis

The Forefront of Cyberattack Countermeasures Focusing on Traces of Attacks

Eiger

Contact Info

Product

Resources

About