Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Dr.PathFinder: hybrid fuzzing with deep reinforcement concolic execution toward deeper path-first search

Authors
Jeon, SeunghoMoon, Jongsub
Issue Date
Jul-2022
Publisher
SPRINGER LONDON LTD
Keywords
Fuzzing; Symbolic execution; Concolic execution; Reinforcement learning; Deep Q-network
Citation
NEURAL COMPUTING & APPLICATIONS, v.34, no.13, pp 10731 - 10750
Pages
20
Indexed
SCIE
SCOPUS
Journal Title
NEURAL COMPUTING & APPLICATIONS
Volume
34
Number
13
Start Page
10731
End Page
10750
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/139009
DOI
10.1007/s00521-022-07008-8
ISSN
0941-0643
1433-3058
Abstract
Fuzzing is an effective approach to discover bugs in programs, especially memory corruption bugs, using randomly generated test cases. However, without prior knowledge of the target program, the fuzzer can generate only a limited number of test cases because of sanity checks. To solve this problem, recent studies have proposed hybrid fuzzers that observe the context of a target program using symbolic execution; these fuzzers generate test cases to bypass the sanity check. While hybrid fuzzers explore "deep" bugs in the target program, they generate many ineffective test cases. In this paper, we propose a concolic execution algorithm that combines deep reinforcement learning with a hybrid fuzzing solution, Dr.PathFinder. When the reinforcement learning agent encounters a branch during concolic execution, it evaluates the state and determines the search path. In this process,"shallow" paths are pruned, and "deep" paths are searched first. This reduces unnecessary exploration, allowing the efficient memory usage and alleviating the state explosion problem. In experiments with the CB-multios dataset for deep bug cases, Dr.PathFinder discovered approximately five times more bugs than AFL and two times more than Driller-AFL. In addition to finding more bugs, Dr.PathFinder generated 19 times fewer test cases and used at least 2% less memory than Driller-AFL. While it performed well in finding bugs located in deep paths, Dr.PathFinder had limitation to find bugs located at shallow paths, which we discussed.
Files in This Item
There are no files associated with this item.
Appears in
Collections
College of Science and Technology > Department of Electronics and Information Engineering > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Altmetrics

Total Views & Downloads

BROWSE