Skip to main content
SpringerLink
Log in

Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12020))

Included in the following conference series:

Abstract

Fuzzing is a simple and effective way to find software bugs. Most state-of-the-art fuzzers focus on improving code coverage to enhance the possibility of causing crashes. However, a software program oftentimes has only a fairly small portion that contains vulnerabilities, leading coverage-based fuzzers to work poorly most of the time. To address this challenge, we propose Suzzer, a vulnerability-guided fuzzer, to concentrate on testing code blocks that are more likely to contain bugs. Suzzer has a light-weight static analyzer to extract ACFG vector from target programs. In order to determine which code blocks are more vulnerable, Suzzer is equipped with prediction models which get the prior probability of each ACFG vector. The prediction models will guide Suzzer to generate test inputs with higher vulnerability scores, thus improving the efficiency of finding bugs. We evaluate Suzzer using two different datasets: artificial LAVA-M dataset and a set of real-world programs. The results demonstrate that in the best case of short-term fuzzing, Suzzer saved 64.5% of the time consumed to discover vulnerabilities compared to VUzzer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wikipedia. Fuzzing (2018). https://en.wikipedia.org/wiki/Fuzzing/

  2. Roning, J., et al.: Protos-systematic approach to eliminate software vulnerabilities. Invited presentation at Microsoft Research (2002)

    Google Scholar 

  3. Eddington, M.: Peach fuzzing platform. Peach Fuzzer 34 (2011)

    Google Scholar 

  4. Aitel, D.: An introduction to spike, the Fuzzer creation kit (2002)

    Google Scholar 

  5. Yang, X., Chen, Y., Eide, E., et al.: Finding and understanding bugs in C compilers. In: ACM SIGPLAN Notices (2011)

    Google Scholar 

  6. Zalewski, M.: American fuzzy lop (2017). http://lcamtuf.coredump.cx/afl/

  7. Google. honggfuzz (2017). https://google.github.io/honggfuzz/

  8. Caca Labs (2017). http://caca.zoy.org/wiki/zzuf/

  9. Chen, Y., et al.: EnFuzz: ensemble fuzzing with seed synchronization among diverse Fuzzers. In: 28th USENIX Security Symposium (USENIX Security 2019) (2019)

    Google Scholar 

  10. Rawat, S., et al.: VUzzer: application-aware evolutionary fuzzing. In: NDSS, vol. 17 (2017)

    Google Scholar 

  11. Peng, H., Shoshitaishvili, Y., Payer, M.: T-Fuzz: fuzzing by program transformation. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)

    Google Scholar 

  12. Chen, P., Chen, H.: Angora: efficient fuzzing by principled search. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)

    Google Scholar 

  13. Gan, S., et al.: Collafl: path sensitive fuzzing. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)

    Google Scholar 

  14. Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empirical Softw. Eng. 18(1), 25–59 (2013)

    Article  Google Scholar 

  15. Liu, C., et al.: SOBER: statistical model-based bug localization. ACM SIGSOFT Softw. Eng. Notes 30(5), 286–295 (2005)

    Article  Google Scholar 

  16. OpenRCE. Sulley fuzzing framework (2015). https://github.com/OpenRCE/sulley

  17. Takanen, A., Demott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance. Artech House (2008)

    Google Scholar 

  18. Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: Network and Distributed System Security Symposium (2008)

    Google Scholar 

  19. Ganesh, V., Leek, T., Rinard, M.: Taint-based directed whitebox fuzzing. In: Proceedings of the 31st International Conference on Software Engineering. IEEE Computer Society (2009)

    Google Scholar 

  20. Li, Y., et al.: V-Fuzz: vulnerability-oriented evolutionary fuzzing. arXiv preprint arXiv:1901.01142 (2019)

  21. Li, Z., et al.: SySeVR: a framework for using deep learning to detect software vulnerabilities. arXiv preprint arXiv:1807.06756 (2018)

  22. Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)

  23. Xu, X., et al.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM (2017)

    Google Scholar 

  24. Zuo, F., et al.: Neural machine translation inspired binary code similarity comparison beyond function pairs. arXiv preprint arXiv:1808.04706 (2018)

  25. Feng, Q., et al.: Scalable graph-based bug search for firmware images. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)

    Google Scholar 

  26. Control-flow graph (2015). https://en.wikipedia.org/wiki/Control-flow_graph

  27. Pewny, J., et al.: Cross-architecture bug search in binary executables. In: 2015 IEEE Symposium on Security and Privacy. IEEE (2015)

    Google Scholar 

  28. Yan, S., et al.: Graph embedding and extensions: a general framework for dimensionality reduction. IEEE Trans. Pattern Anal. Mach. Intell. 29(1), 40–51 (2007)

    Article  Google Scholar 

  29. Rajpal, M., Blum, W., Singh, R.: Not all bytes are equal: Neural byte sieve for fuzzing. arXiv preprint arXiv:1711.04596 (2017)

  30. Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM (1999)

    Google Scholar 

  31. Intel. Intel 64 and IA-32 architectures software developer manuals (2018). https://software.intel.com/en-us/articles/intel-sdm

  32. Hex-Rays. The IDA pro disassembler and debugger (2015). https://www.hex-rays.com/products/ida/

  33. Stamatogiannakis, M., Groth, P., Bos, H.: Looking inside the black-box: capturing data provenance using dynamic instrumentation. In: Ludäscher, B., Plale, B. (eds.) IPAW 2014. LNCS, vol. 8628, pp. 155–167. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16462-5_12

    Chapter  Google Scholar 

  34. Luk, C.-K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. ACM SIGPLAN Not. 40(6), 190–200 (2005)

    Article  Google Scholar 

  35. NVD (2017). http://nvd.nist.gov/

  36. Dolan-Gavitt, B., et al.: Lava: large-scale automated vulnerability addition. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE (2016)

    Google Scholar 

Download references

Acknowledgements

This research is supported in part by the National Key Research and Development Project (Grant No. 2017YFC0820503) and Beijing Science and Technology Plan (Grant No. Z181100009818020).

Author information

Authors and Affiliations

  1. University of Science and Technology of China, Hefei, 230027, Anhui, China

    Yuyue Zhao & Haiyong Xie

  2. National Engineering Laboratory for Public Safety Risk Perception and Control by Big Data (NEL-PSRPC), Beijing, 100041, China

    Yangyang Li, Tengfei Yang & Haiyong Xie

  3. Advanced Innovation Center for Human Brain Protection, Capital Medical University, Beijing, 100054, China

    Haiyong Xie

Authors
  1. Yuyue Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yangyang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tengfei Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Haiyong Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuyue Zhao .

Editor information

Editors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Zhe Liu

  2. Computer Science Department, Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhao, Y., Li, Y., Yang, T., Xie, H. (2020). Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning. In: Liu, Z., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2019. Lecture Notes in Computer Science(), vol 12020. Springer, Cham. https://doi.org/10.1007/978-3-030-42921-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42921-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42920-1

  • Online ISBN: 978-3-030-42921-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation