Adaptive Grey-Box Fuzz-Testing with Thompson Sampling

Karamcheti, Siddharth; Mann, Gideon; Rosenberg, David S.

doi:10.1145/3270101.3270108

Cited by 14 publications

(7 citation statements)

References 24 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the GA, the selection of the Pareto fronts is made using an elitist GA, in which GA favors some individuals than others due to better results from the evaluated result from the GA. On the other hand, with the TS optimization algorithm, the best Pareto search is obtained by choosing some set of data points that gave the largest hypervolume indicator (the performance measure that is assigned a single value to the solutions obtained from the data points; (Trovo et al, 2020). The advantage of a GA over the TS algorithm is that it enhances faster optimization results; however, the TS algorithm obtained better results than the GA, which coincides with the findings of Karamcheti et al (2018).…”

Section: Discussionsupporting

confidence: 82%

A socio-economic multi-objective optimization approach toward enhancing public–private partnerships’ concession agreements in infrastructure development

Alghamdi

2022

Journal of Strategic Contracting and Negotiation

View full text Add to dashboard Cite

The participants of the public–private partnership projects have different parts in developing the concessions, hence different perspectives and goals. Besides, the public–private partnership concession agreement has many parameters and components, and a change in one component will have a considerable impact on other components. Thus, determining the optimal value for different concession parameters by providing a series of feasible contribution options was investigated in this paper using two different multi-objective optimization models: genetic algorithm and Thompson sampling. Two case studies (the US I-495 and the I-4 Ultimate) were used to construct and validate the results of the model. The model results showed that the socio-economic sustainability performance increases as the private equity increases and the public equity decreases. The results also showed that the socio-economic sustainability performance increases as the concession price (user-fee) decreases. Having these contribution options could facilitate the decision-making process for both the public and private parties. The genetic algorithm model obtained faster optimization results when compared to the Thompson sampling model; however, the Thompson sampling obtained better results. Moreover, the use of the model could improve the socio-economic sustainability performance of the public–private partnership projects.

show abstract

Section: Discussionsupporting

confidence: 82%

A socio-economic multi-objective optimization approach toward enhancing public–private partnerships’ concession agreements in infrastructure development

Alghamdi

2022

Journal of Strategic Contracting and Negotiation

View full text Add to dashboard Cite

show abstract

“…Karamcheti et al integrated Thompson sampling into a random mutation in AFL, called havoc, and confirmed its effectiveness [35]. Although they modified only AFL, their mutation scheme is generally applicable to other fuzzers.…”

Section: Online Optimization Of Mutation Operatormentioning

confidence: 99%

“…To meet this demand, online optimization algorithms, particularly bandit algorithms, have gained attention in recent years as a means of accelerating the efficiency of mutation-based fuzzing [35,43,[62][63][64][65][66][67]. They are expected to work with a minimum amount of information that can be retrieved in any environment as long as feedback-driven fuzzing can be used.…”

Section: Introductionmentioning

confidence: 99%

“…We experimentally show that a fuzzer achieves similar code coverage regardless of whether it follows the conventional scheme or our bandit-friendly scheme, which allows the modification of existing fuzzers so that they follow the bandit-friendly scheme. This mutation scheme resolves the dependency of existing methods on heuristics that were introduced to harness online optimization without changing the mutation scheme [35,40,64]. Although these heuristics work well in practice, it is also beneficial to adhere to vanilla optimization algorithms by changing the scheme itself; this enables us to take advantage of the theoretical guarantees and advancements in the well-researched field of optimization algorithms.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing

Koike¹,

Katsura²,

Yakura³

et al. 2022

Proceedings of the 38th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Mutation-based fuzzing has become one of the most common vulnerability discovery solutions over the last decade. Fuzzing can be optimized when targeting specific programs, and given that, some studies have employed online optimization methods to do it automatically, i.e., tuning fuzzers for any given program in a program-agnostic manner. However, previous studies have neither fully explored mutation schemes suitable for online optimization methods, nor online optimization methods suitable for mutation schemes. In this study, we propose an optimization framework called SLOPT that encompasses both a bandit-friendly mutation scheme and mutation-scheme-friendly bandit algorithms. The advantage of SLOPT is that it can generally be incorporated into existing fuzzers, such as AFL and Honggfuzz. As a proof of concept, we implemented SLOPT-AFL++ by integrating SLOPT into AFL++ and showed that the program-agnostic optimization delivered by SLOPT enabled SLOPT-AFL++ to achieve higher code coverage than AFL++ in all of ten real-world FuzzBench programs. Moreover, we ran SLOPT-AFL++ against several real-world programs from OSS-Fuzz and successfully identified three previously unknown vulnerabilities, even though these programs have been fuzzed by AFL++ for a considerable number of CPU days on OSS-Fuzz. CCS CONCEPTS• Security and privacy → Software security engineering; • Theory of computation → Sequential decision making.

show abstract

“…The advantages of reinforcement learning and fuzzing are combined to achieve more in-depth coverage across multiple benchmarks by integrating OpenAI Gym with libFuzzer, and realize the learning of the mutation-selection strategy directly from input data. Karamcheti et al (Karamcheti et al 2018a) proposed a Thompson Sampling optimization method based on robbers, which can adaptively adjust the mutator distribution in the process of fuzzing a single program. It is determined which mutation operator should be selected by learning the impact of each mutation operator on code coverage.…”

Section: Mutation Operator Selectionmentioning

confidence: 99%

A systematic review of fuzzing based on machine learning techniques

et al. 2020

View full text Add to dashboard Cite

Security vulnerabilities play a vital role in network security system. Fuzzing technology is widely used as a vulnerability discovery technology to reduce damage in advance. However, traditional fuzz testing faces many challenges, such as how to mutate input seed files, how to increase code coverage, and how to bypass the format verification effectively. Therefore machine learning techniques have been introduced as a new method into fuzz testing to alleviate these challenges. This paper reviews the research progress of using machine learning techniques for fuzz testing in recent years, analyzes how machine learning improves the fuzzing process and results, and sheds light on future work in fuzzing. Firstly, this paper discusses the reasons why machine learning techniques can be used for fuzzing scenarios and identifies five different stages in which machine learning has been used. Then this paper systematically studies machine learning-based fuzzing models from five dimensions of selection of machine learning algorithms, pre-processing methods, datasets, evaluation metrics, and hyperparameters setting. Secondly, this paper assesses the performance of the machine learning techniques in existing research for fuzz testing. The results of the evaluation prove that machine learning techniques have an acceptable capability of prediction for fuzzing. Finally, the capability of discovering vulnerabilities both traditional fuzzers and machine learning-based fuzzers is analyzed. The results depict that the introduction of machine learning techniques can improve the performance of fuzzing. We hope to provide researchers with a systematic and more in-depth understanding of fuzzing based on machine learning techniques and provide some references for this field through analysis and summarization of multiple dimensions.

show abstract

Adaptive Grey-Box Fuzz-Testing with Thompson Sampling

Cited by 14 publications

References 24 publications

A socio-economic multi-objective optimization approach toward enhancing public–private partnerships’ concession agreements in infrastructure development

A socio-economic multi-objective optimization approach toward enhancing public–private partnerships’ concession agreements in infrastructure development

SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing

A systematic review of fuzzing based on machine learning techniques

Contact Info

Product

Resources

About