NEUZZ: Efficient Fuzzing with Neural Program Smoothing

AI-generated keywords: NEUZZ Fuzzing Gradient-Guided Optimization Surrogate Neural Network Models IEEE Symposium

AI-generated Key Points

⚠The license of the paper does not allow us to build upon its content and the key points are generated using the paper metadata rather than the full article.

NEUZZ is a new fuzzing technique developed to efficiently find software vulnerabilities.
Fuzzing is used to generate inputs that can trigger different bugs in software.
Existing state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs.
Gradient-guided optimization has been shown to outperform evolutionary algorithms in domains like machine learning by utilizing gradients or higher-order derivatives of the underlying function.
However, gradient-guided approaches are not directly applicable to fuzzing as real-world program behaviors contain many discontinuities, plateaus and ridges where the gradient-based methods often get stuck.
NEUZZ proposes a novel program smoothing technique using surrogate neural network models that can incrementally learn smooth approximations of a complex, real-world program's branching behaviors.
This approach creates a smooth surrogate function approximating the discrete branching behavior of target programs and enables gradient-guided input generation schemes to improve the fuzzing efficiency.
NEUZZ significantly outperforms 10 state-of-the art graybox fuzzers on 10 real world programs both at finding new bugs and achieving higher edge coverage.
NEUZZ found 31 unknown bugs that other fuzzers failed to find in 10 real world programs and achieved 3X more edge coverage than all of the tested graybox fuzzers for 24 hours running.
The authors behind NEUZZ include Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray and Suman Jana who presented their findings at the 40th IEEE Symposium on Security and Privacy held from May 20 - 22 in San Francisco.

Also access our AI generated: Comprehensive summary, Lay summary, Blog-like article; or ask questions about this paper to our AI assistant.

Authors: Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana

arXiv: 1807.05620v4 - DOI (cs.CR)

To appear in the 40th IEEE Symposium on Security and Privacy, May 20--22, 2019, San Francisco, CA, USA

License: NONEXCLUSIVE-DISTRIB 1.0

Abstract: Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance to generate inputs that can trigger different bugs. Such evolutionary algorithms, while fast and simple to implement, often get stuck in fruitless sequences of random mutations. Gradient-guided optimization presents a promising alternative to evolutionary guidance. Gradient-guided techniques have been shown to significantly outperform evolutionary algorithms at solving high-dimensional structured optimization problems in domains like machine learning by efficiently utilizing gradients or higher-order derivatives of the underlying function. However, gradient-guided approaches are not directly applicable to fuzzing as real-world program behaviors contain many discontinuities, plateaus, and ridges where the gradient-based methods often get stuck. We observe that this problem can be addressed by creating a smooth surrogate function approximating the discrete branching behavior of target program. In this paper, we propose a novel program smoothing technique using surrogate neural network models that can incrementally learn smooth approximations of a complex, real-world program's branching behaviors. We further demonstrate that such neural network models can be used together with gradient-guided input generation schemes to significantly improve the fuzzing efficiency. Our extensive evaluations demonstrate that NEUZZ significantly outperforms 10 state-of-the-art graybox fuzzers on 10 real-world programs both at finding new bugs and achieving higher edge coverage. NEUZZ found 31 unknown bugs that other fuzzers failed to find in 10 real world programs and achieved 3X more edge coverage than all of the tested graybox fuzzers for 24 hours running.

Submitted to arXiv on 15 Jul. 2018

Ask questions about this paper to our AI assistant

You can also chat with multiple papers at once here.

⚠The license of the paper does not allow us to build upon its content and the AI assistant only knows about the paper metadata rather than the full article.

AI assistant instructions?

Results of the summarizing process for the arXiv paper: 1807.05620v4

⚠This paper's license doesn't allow us to build upon its content and the summarizing process is here made with the paper's metadata rather than the article.

Comprehensive Summary
Key points
Layman's Summary
Blog article

NEUZZ is a new fuzzing technique developed to efficiently find software vulnerabilities. Fuzzing is a popular technique used to generate inputs that can trigger different bugs in software. However, existing state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance to generate inputs but such algorithms often get stuck in fruitless sequences of random mutations. Gradient-guided optimization presents an alternative to evolutionary guidance and has been shown to outperform evolutionary algorithms in domains like machine learning by utilizing gradients or higher-order derivatives of the underlying function. However, gradient-guided approaches are not directly applicable to fuzzing as real-world program behaviors contain many discontinuities, plateaus and ridges where the gradient-based methods often get stuck. To address this problem, NEUZZ proposes a novel program smoothing technique using surrogate neural network models that can incrementally learn smooth approximations of a complex, real-world program's branching behaviors. This approach creates a smooth surrogate function approximating the discrete branching behavior of target programs and enables gradient-guided input generation schemes to improve the fuzzing efficiency. The extensive evaluations demonstrate that NEUZZ significantly outperforms 10 state-of-the art graybox fuzzers on 10 real world programs both at finding new bugs and achieving higher edge coverage. NEUZZ found 31 unknown bugs that other fuzzers failed to find in 10 real world programs and achieved 3X more edge coverage than all of the tested graybox fuzzers for 24 hours running. The authors behind NEUZZ include Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray and Suman Jana who presented their findings at the 40th IEEE Symposium on Security and Privacy held from May 20 - 22 in San Francisco.

- NEUZZ is a new fuzzing technique developed to efficiently find software vulnerabilities.
- Fuzzing is used to generate inputs that can trigger different bugs in software.
- Existing state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs.
- Gradient-guided optimization has been shown to outperform evolutionary algorithms in domains like machine learning by utilizing gradients or higher-order derivatives of the underlying function.
- However, gradient-guided approaches are not directly applicable to fuzzing as real-world program behaviors contain many discontinuities, plateaus and ridges where the gradient-based methods often get stuck.
- NEUZZ proposes a novel program smoothing technique using surrogate neural network models that can incrementally learn smooth approximations of a complex, real-world program's branching behaviors.
- This approach creates a smooth surrogate function approximating the discrete branching behavior of target programs and enables gradient-guided input generation schemes to improve the fuzzing efficiency.
- NEUZZ significantly outperforms 10 state-of-the art graybox fuzzers on 10 real world programs both at finding new bugs and achieving higher edge coverage.
- NEUZZ found 31 unknown bugs that other fuzzers failed to find in 10 real world programs and achieved 3X more edge coverage than all of the tested graybox fuzzers for 24 hours running.
- The authors behind NEUZZ include Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray and Suman Jana who presented their findings at the 40th IEEE Symposium on Security and Privacy held from May 20 - 22 in San Francisco.

NEUZZ is a new way to find problems in computer programs. Fuzzing is when you try different things to see if they cause problems in the program. NEUZZ is better at finding tricky problems than other fuzzing methods. Gradient-guided optimization is a way to make things work better by using math. But it doesn't always work for fuzzing because programs can be too complicated. NEUZZ uses a special technique with neural networks to make fuzzing more efficient and find more problems. The people who made NEUZZ presented their work at a conference called IEEE Symposium on Security and Privacy." Definitions- Fuzzing: trying different inputs to see if they cause problems in software - Surrogate neural network models: mathematical models that can learn how a program works and predict what will happen next - Gradient-guided optimization: using math to improve performance by following the direction of the slope of a function - Discontinuities, plateaus, ridges: parts of a program where the behavior changes suddenly or stays the same for a while before changing again - Graybox fuzzers: tools that test software by partially knowing how it works

Introducing NEUZZ: A Novel Fuzzing Technique for Efficiently Finding Software Vulnerabilities

Fuzzing is a popular technique used to generate inputs that can trigger different bugs in software. However, existing state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. To address this problem, researchers from Columbia University have developed a novel fuzzing technique called NEUZZ (Neural Network Enhanced Unconstrained ZZ) which utilizes program smoothing and gradient-guided optimization to significantly improve the efficiency of fuzzing. The authors presented their findings at the 40th IEEE Symposium on Security and Privacy held from May 20 - 22 in San Francisco.

What is Fuzzing?

Fuzzing is a type of automated testing that involves providing invalid or unexpected data as input to a computer system or application with the goal of uncovering security vulnerabilities or other types of bugs. It works by generating random data and feeding it into an application or system in order to test its behavior under various conditions. The idea behind fuzzing is that if enough random data is provided, eventually some combination will cause the application or system to crash due to an unforeseen bug. This can then be used by developers to identify and fix potential security issues before they become exploitable by malicious actors.

Limitations of Existing Fuzzers

Most popular fuzzers use evolutionary guidance algorithms which often get stuck in fruitless sequences of random mutations when trying to find hard-to-trigger software bugs. Gradient-guided optimization presents an alternative but such approaches are not directly applicable to fuzzing as real world program behaviors contain many discontinuities, plateaus and ridges where gradient based methods often get stuck.

NEUZZ: Neural Network Enhanced Unconstrained ZZ

To address these limitations, NEUZZ proposes a novel program smoothing technique using surrogate neural network models that can incrementally learn smooth approximations of complex real world programs’ branching behaviors. This approach creates a smooth surrogate function approximating the discrete branching behavior of target programs and enables gradient guided input generation schemes which significantly improves the efficiency of fuzzing compared with existing techniques like evolutionary guidance algorithms.

Evaluation Results

The extensive evaluations demonstrate that NEUZZ significantly outperforms 10 state-of-the art graybox fuzzers on 10 real world programs both at finding new bugs and achieving higher edge coverage than all other tested graybox fuzzers within 24 hours running time period . Specifically, NEUZZ found 31 unknown bugs that other tested fuzzy failed to find in 10 real world programs while achieving 3X more edge coverage than all tested graybox fuzzy within 24 hours running time period .

Conclusion

In conclusion, this research paper introduces NEUZZ – a novel neural network enhanced unconstrained zz algorithm for efficiently finding software vulnerabilities through improved program smoothing and gradient guided optimization techniques compared with traditional evolutionary guidance algorithms used by most popular existing fuzzy tools today . The evaluation results show significant improvements over state -of -the art grey box fuzzy tools both at discovering new unknown bugs as well as achieving higher edge coverage within 24 hours running time period .

Created on 08 May. 2023

Assess the quality of the AI-generated content by voting

Score: 0

The previous summary was created more than a year ago and can be re-run (if necessary) by clicking on the Run button below.

⚠The license of this specific paper does not allow us to build upon its content and the summarizing tools will be run using the paper metadata rather than the full article. However, it still does a good job, and you can also try our tools on papers with more open licenses.

Similar papers summarized with our AI tools

79.6%

A systematic review of fuzzing based on machine learning techniques

cs.CR

75.6%

A Case Study on Automated Fuzz Target Generation for Large Codebases

cs.SE

74.5%

Recent Advances in Neural Question Generation

cs.CL

73.2%

FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques

cs.CR

73.0%

Gradient Methods for Problems with Inexact Model of the Objective

math.OC

72.8%

Emergent autonomous scientific research capabilities of large language models

physics.chem-ph

72.6%

Fuzzy-based forest fire prevention and detection by wireless sensor networks

cs.CR

Navigate through even more similar papers through a

tree representation

Look for similar papers (in beta version)

By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.

Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.