pAFL: Adaptive Energy Allocation with Upper Confidence Bound
Pages 62 - 68
Abstract
Recently, Fuzzing has regarded as one of the most widely used tools of discovering software vulnerabilities, due to its effectiveness and efficiency. With various fuzzers developing, ineffective seed generation has emerged as a concern. American Fuzzy Lop (AFL), a coverage-guided fuzzer, allocates mutation energy to seeds to create new inputs. Nevertheless, AFL’s fixed mutation energy for the same seed after multiple mutations leads to the exploration of unproductive paths, reducing vulnerability detection efficiency. To overcome this problem, we proposed a novel adaptive energy allocation scheme, pAFL. Utilizing reinforcement learning, pAFL dynamically assigns energy to seeds in iterations. Initially, it assigns more energy to promising seeds which are judged by several native metrics, followed by employing the Upper Confidence Bound (UCB) algorithm to balance exploration and exploitation. This prevents the same seeds from over-exploitation and improves exploration among different seeds. The evaluations on LAVA-M dataset and 7 real-world programs demonstrate that pAFL outperforms AFL significantly. Additionally, we verifies that pAFL could achieve better performance by overcoming more path constraints on fuzzer_challenges dataset compared to AFL, AFLFast, EcoFuzz and MOPT.
References
[1]
Shipra Agrawal and Navin Goyal. 2012. Analysis of Thompson Sampling for the Multi-armed Bandit Problem. In Proceedings of the 25th Annual Conference on Learning Theory(Proceedings of Machine Learning Research, Vol. 23), Shie Mannor, Nathan Srebro, and Robert C. Williamson (Eds.). PMLR, Edinburgh, Scotland, 39.1–39.26. https://proceedings.mlr.press/v23/agrawal12.html
[2]
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury. 2016. Coverage-Based Greybox Fuzzing as Markov Chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS ’16). Association for Computing Machinery, New York, NY, USA, 1032–1043. https://doi.org/10.1145/2976749.2978428
[3]
Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, Wil Robertson, Frederick Ulrich, and Ryan Whelan. 2016. LAVA: Large-Scale Automated Vulnerability Addition. In 2016 IEEE Symposium on Security and Privacy (SP). 110–121. https://doi.org/10.1109/SP.2016.15
[4]
Aurélien Garivier and Eric Moulines. 2011. On Upper-Confidence Bound Policies for Switching Bandit Problems. In Algorithmic Learning Theory, Jyrki Kivinen, Csaba Szepesvári, Esko Ukkonen, and Thomas Zeugmann (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 174–188.
[5]
Yuwei Li, Shouling Ji, Chenyang Lv, Yuan Chen, Jianhai Chen, Qinchen Gu, and Chunming Wu. 2019. V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing. arxiv:1901.01142 [cs.CR]
[6]
Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. 2019. MOPT: Optimized Mutation Scheduling for Fuzzers. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1949–1966. https://www.usenix.org/conference/usenixsecurity19/presentation/lyu
[7]
Barton P. Miller, Lars Fredriksen, and Bryan So. 1990. An Empirical Study of the Reliability of UNIX Utilities. Commun. ACM 33, 12 (Dec. 1990), 32–44. https://doi.org/10.1145/96267.96279
[8]
Dongdong She, Rahul Krishna, Lu Yan, Suman Jana, and Baishakhi Ray. 2020. MTFuzz: fuzzing with a multi-task neural network. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM. https://doi.org/10.1145/3368089.3409723
[9]
Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana. 2019. NEUZZ: Efficient Fuzzing with Neural Program Smoothing. arxiv:1807.05620 [cs.CR]
[10]
Jianzhong Su, Hong-Ning Dai, Lingjun Zhao, Zibin Zheng, and Xiapu Luo. 2023. Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-Guided Fuzzing. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (Rochester, MI, USA) (ASE ’22). Association for Computing Machinery, New York, NY, USA, Article 36, 12 pages. https://doi.org/10.1145/3551349.3560429
[11]
Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh. 2021. SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 2741–2758. https://www.usenix.org/conference/usenixsecurity21/presentation/wang-daimeng
[12]
Jinghan Wang, Chengyu Song, and Heng Yin. 2021. Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing. https://doi.org/10.14722/ndss.2021.24486
[13]
Yunchao Wang, Zehui Wu, Qiang Wei, and Qingxian Wang. 2019. NeuFuzz: Efficient Fuzzing With Deep Neural Network. IEEE Access 7 (2019), 36340–36352. https://doi.org/10.1109/ACCESS.2019.2903291
[14]
Tai Yue, Pengfei Wang, Yong Tang, Enze Wang, Bo Yu, Kai Lu, and Xu Zhou. 2020. EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2307–2324. https://www.usenix.org/conference/usenixsecurity20/presentation/yue
[15]
Michal Zalewski. 2018. American fuzzy lop (AFL). https://lcamtuf.coredump.cx/ afl/
Index Terms
- pAFL: Adaptive Energy Allocation with Upper Confidence Bound
Recommendations
Energy efficient task allocation and energy scheduling in green energy powered edge computing
AbstractThe ever-increasing computation tasks and communication traffic have imposed a heavy burden on cloud data centers and also resulted in a significantly high energy consumption. To ease such burden, edge computing is proposed to explore ...
Highlights- This paper investigates the energy cost minimization problem in edge computing.
Bounded energy allocation and scheduling for real-time Embedded Systems
Real-Time and Embedded Computing SystemsFor energy-constrained real-time embedded systems, the power-delay tradeoff property of Volta ge-Clock Scaling (VCS) needs to be carefully considered in scheduling real-time tasks for meeting strict timing requirements. In addition, non-real-time tasks ...
Efficient flow-control algorithm cooperating with energy allocation scheme for solar-powered WSNs
Recently, solar energy emerged as a feasible supplement to battery power for wireless sensor networks (WSNs) which are expected to operate for long periods. Since solar energy can be harvested periodically and permanently, solar-powered WSNs can use the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2023
363 pages
ISBN:9798400707964
DOI:10.1145/3638782
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 18 April 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCNS 2023
ICCNS 2023: 2023 13th International Conference on Communication and Network Security
December 6 - 8, 2023
Fuzhou, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 11Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)1
Reflects downloads up to 12 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format