Dr.PathFinder: hybrid fuzzing with deep reinforcement concolic execution toward deeper path-first search
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jeon, Seungho | - |
dc.contributor.author | Moon, Jongsub | - |
dc.date.accessioned | 2022-03-15T00:42:17Z | - |
dc.date.available | 2022-03-15T00:42:17Z | - |
dc.date.created | 2022-03-14 | - |
dc.date.issued | 2022-07 | - |
dc.identifier.issn | 0941-0643 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/139009 | - |
dc.description.abstract | Fuzzing is an effective approach to discover bugs in programs, especially memory corruption bugs, using randomly generated test cases. However, without prior knowledge of the target program, the fuzzer can generate only a limited number of test cases because of sanity checks. To solve this problem, recent studies have proposed hybrid fuzzers that observe the context of a target program using symbolic execution; these fuzzers generate test cases to bypass the sanity check. While hybrid fuzzers explore "deep" bugs in the target program, they generate many ineffective test cases. In this paper, we propose a concolic execution algorithm that combines deep reinforcement learning with a hybrid fuzzing solution, Dr.PathFinder. When the reinforcement learning agent encounters a branch during concolic execution, it evaluates the state and determines the search path. In this process,"shallow" paths are pruned, and "deep" paths are searched first. This reduces unnecessary exploration, allowing the efficient memory usage and alleviating the state explosion problem. In experiments with the CB-multios dataset for deep bug cases, Dr.PathFinder discovered approximately five times more bugs than AFL and two times more than Driller-AFL. In addition to finding more bugs, Dr.PathFinder generated 19 times fewer test cases and used at least 2% less memory than Driller-AFL. While it performed well in finding bugs located in deep paths, Dr.PathFinder had limitation to find bugs located at shallow paths, which we discussed. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | SPRINGER LONDON LTD | - |
dc.subject | GAME | - |
dc.subject | GO | - |
dc.title | Dr.PathFinder: hybrid fuzzing with deep reinforcement concolic execution toward deeper path-first search | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Moon, Jongsub | - |
dc.identifier.doi | 10.1007/s00521-022-07008-8 | - |
dc.identifier.scopusid | 2-s2.0-85125243275 | - |
dc.identifier.wosid | 000761145200001 | - |
dc.identifier.bibliographicCitation | NEURAL COMPUTING & APPLICATIONS, v.34, no.13, pp.10731 - 10750 | - |
dc.relation.isPartOf | NEURAL COMPUTING & APPLICATIONS | - |
dc.citation.title | NEURAL COMPUTING & APPLICATIONS | - |
dc.citation.volume | 34 | - |
dc.citation.number | 13 | - |
dc.citation.startPage | 10731 | - |
dc.citation.endPage | 10750 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Artificial Intelligence | - |
dc.subject.keywordPlus | GAME | - |
dc.subject.keywordPlus | GO | - |
dc.subject.keywordAuthor | Fuzzing | - |
dc.subject.keywordAuthor | Symbolic execution | - |
dc.subject.keywordAuthor | Concolic execution | - |
dc.subject.keywordAuthor | Reinforcement learning | - |
dc.subject.keywordAuthor | Deep Q-network | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.