Deep Reinforcement Fuzzing

Preprint English OPEN
Böttinger, Konstantin; Godefroid, Patrice; Singh, Rishabh;
(2018)
  • Subject: Computer Science - Artificial Intelligence | Computer Science - Cryptography and Security
    acm: TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS

Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn ... View more
  • References (23)
    23 references, page 1 of 3

    [1] M. Sutton, A. Greene, and P. Amini, Fuzzing: Brute Force Vulnerability Discovery, 1st ed. Boston, MA, USA: Addison-Wesley Professional, 2007.

    [2] M. Howard and S. Lipner, The Security Development Lifecycle. Microsoft Press, 2006.

    [3] G. Tesauro, “Practical issues in temporal difference learning,” in Advances in neural information processing systems, 1992, pp. 259-266.

    [4] --, “Td-gammon: A self-teaching backgammon program,” in Applications of Neural Networks. Springer, 1995, pp. 267-285.

    [5] V. Mnih, K. Kavukcuoglu, D. Silver, A. A. Rusu, J. Veness, M. G. Bellemare, A. Graves, M. Riedmiller, A. K. Fidjeland, G. Ostrovski et al., “Human-level control through deep reinforcement learning,” Nature, vol. 518, no. 7540, pp. 529-533, 2015.

    [6] D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. Van Den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot et al., “Mastering the game of go with deep neural networks and tree search,” Nature, vol. 529, no. 7587, pp. 484-489, 2016.

    [7] R. S. Sutton and A. G. Barto, Reinforcement learning: An introduction. MIT press Cambridge, 1998.

    [8] A. Takanen, J. DeMott, and C. Miller, Fuzzing for Software Security Testing and Quality Assurance, 1st ed. Norwood, MA, USA: Artech House, Inc., 2008.

    [9] P. Godefroid, M. Y. Levin, and D. A. Molnar, “Automated whitebox fuzz testing.” in NDSS, vol. 8, 2008, pp. 151-166. [Online]. Available: http://46.43.36.213/sites/default/files/Automated%20Whitebox% 20Fuzz%20Testing%20(paper)%20(Patrice%20Godefroid).pdf

    [10] P. Purdom, “A sentence generator for testing parsers,” BIT Numerical Mathematics, vol. 12, no. 3, pp. 366-375, 1972.

  • Metrics
Share - Bookmark