Deep Reinforcement Fuzzing
نویسندگان
چکیده
Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-theart deep Q-learning algorithms that optimize rewards, which we define from runtime properties of the program under test. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higherreward inputs. We have implemented this new approach, and preliminary empirical evidence shows that reinforcement fuzzing can outperform baseline random fuzzing.
منابع مشابه
An Autonomic Testing Framework for IPv6 Configuration Protocols
The current underutilization of IPv6 enabled services makes accesses to them very attractive because of higher availability and better response time, like the IPv6 specific services from Google and Youtube have recently got a lot of requests. In this paper, we describe a fuzzing framework for IPv6 protocols. Fuzzing is a process by which faults are injected in order to find vulnerabilities in i...
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملThe future of grey-box fuzzing
Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day[31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive[7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This...
متن کاملWork-in-Progress: Testing Autonomous Cyber-Physical Systems using Fuzzing Features derived from Convolutional Neural Networks
Autonomous cyber-physical systems rely onmodern machine learning methods such as deep neural networks to control their interactions with the physical world. Testing of such intelligent cyberphysical systems is a challenge due to the huge state space associated with high-resolution visual sensory inputs. In this paper, we demonstrate how fuzzing the input using patterns obtained from the convolu...
متن کاملOperation Scheduling of MGs Based on Deep Reinforcement Learning Algorithm
: In this paper, the operation scheduling of Microgrids (MGs), including Distributed Energy Resources (DERs) and Energy Storage Systems (ESSs), is proposed using a Deep Reinforcement Learning (DRL) based approach. Due to the dynamic characteristic of the problem, it firstly is formulated as a Markov Decision Process (MDP). Next, Deep Deterministic Policy Gradient (DDPG) algorithm is presented t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1801.04589 شماره
صفحات -
تاریخ انتشار 2018