[Research News] Professor Cha Soo-young's paper was approved for publication in ICSE 2023
- SKKU National Program of Excellence in Software
- Hit972
- 2023-01-31
A paper by Professor Cha Soo-young (co-communications) of the Department of Software has been approved for publication in the ICSE 2023 (The IEEE/ACM International Conference on Software Engineering), a top international conference in software engineering. This paper "Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing" will be published in Melbourne, Australia in May 2023.
In this paper, we propose a technique called 'SEAMFUZZ', which adaptively changes the 'mutation strategy' with seed input, which has a significant impact on the performance (e.g., error detection ability) of Grey-box fuzzing. To this end, this paper proposes a 'Customized Thompson Sampling' algorithm that learns a mutation strategy optimized for each seed input based on data generated during purging. As a result, this study succeeded in detecting higher code coverage and many errors than conventional technologies in various benchmark programs.
[thesis information]
- “Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing”
- Myungho Lee, Sooyoung Cha, and Hakjoo Oh
- The IEEE/ACM International Conference on Software Engineering (ICSE 2023)
- Abstract:
In this paper, we present a technique for learning seed-adaptive mutation strategies for fuzzers. The performance of mutation-based fuzzers highly depends on the mutation strategy that specifies the probability distribution of selecting mutation methods. As a result, developing an effective mutation strategy has received much attention recently, and program-adaptive techniques, which observe the behavior of the target program to learn the optimized mutation strategy per program, have become a trending approach to achieve better performance. They, however, still have a major limitation; they disregard the impacts of different characteristics of seed inputs which can lead to explore deeper program locations. To address this limitation, we present SEAMFUZZ, a novel fuzzing technique that automatically captures the characteristics of individual seed inputs and applies different mutation strategies for different seed inputs. By capturing the syntactic and semantic similarities between seed inputs, SEAMFUZZ clusters them into proper groups and learns effective mutation strategies tailored for each seed cluster by using the customized Thompson sampling algorithm. Experimental results show that SEAMFUZZ improves both the path-discovering and bug-finding abilities of state-of-the-art fuzzers on real-world programs.
차수영 | sooyoung.cha@skku.edu | Software Analysis Lab | https://sal.skku.ed