CAREER: Efficient Fuzzing with Neural Program Smoothing

职业：通过神经程序平滑进行高效模糊测试

• 批准号: 1845995
• 负责人: Suman Jana
• 金额: $ 47.6万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-05-01 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1845995&HistoricalAwards=false
• 关键词: CAREER; Efficient; Fuzzing; Neural; Program

Fuzzing is an automated software testing technique that involves feeding a stream of invalid, unexpected, or rare data as inputs to a computer program for discovering bugs leading to crashes, assertion failures, or memory corruption. Fuzzing is the de facto standard technique for finding software vulnerabilities. However, despite their tremendous promise, popular fuzzers, especially for large programs, often tend to get stuck trying redundant test inputs and struggle to find security vulnerabilities hidden deep into the program logic. To find interesting test inputs, most popular fuzzers use evolutionary algorithms, which start from a set of inputs, apply random mutations and crossovers on these inputs to generate new inputs, and apply a fitness function (e.g., achieved code coverage) to select the most promising new inputs for the next set of mutations. The key insight of this research is that an approach using continuous optimization techniques can do better, by more efficiently using the structure of the underlying functions (e.g., gradients or higher-order derivatives). The key benefit of this approach is that continuous gradient-guided optimization can efficiently generate new promising inputs with a few targeted mutations based on the gradient value and the step size rather than random unguided mutations used in evolutionary techniques. Gradient-guided optimizations have already been shown to significantly outperform evolutionary techniques in popular tasks like training of neural networks. Better fuzzers will significantly improve the security, reliability, and robustness of critical infrastructure software used by billions of users across the world. Data and tools will be made available through open source. Curriculum and training will be developed to disseminate the results. This project will develop a set of novel techniques and tools that will enable fuzzers to fully exploit the power of continuous optimization techniques like gradient descent. One of the key challenges behind applying continuous optimization for fuzzing is that real-world program behaviors often contain many discontinuities and thus are not directly amenable to smooth optimization. Therefore, the target programs must be smoothed before performing continuous optimization. This project will develop a new technique involving surrogate neural networks and graybox instrumentation that will automatically learn smooth approximations of discontinuous program behaviors. This project will further use global optimization schemes like branch-and-bound and cutting plane algorithms to avoid getting stuck at local optima due to the non-convexity of the target program.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Fuzzing是一种自动化软件测试技术，涉及将无效，意外或罕见的数据流作为计算机程序的输入，用于发现导致崩溃，断言失败或内存损坏的错误。Fuzzing是查找软件漏洞的事实上的标准技术。 然而，尽管它们有着巨大的前景，但流行的模糊器，特别是对于大型程序，往往会陷入尝试冗余测试输入的困境，并难以找到隐藏在程序逻辑深处的安全漏洞。为了找到有趣的测试输入，大多数流行的模糊器使用进化算法，其从一组输入开始，对这些输入应用随机突变和交叉以生成新的输入，并应用适应度函数（例如，实现了代码覆盖），以选择用于下一组突变的最有希望的新输入。这项研究的关键见解是，使用连续优化技术的方法可以做得更好，通过更有效地使用底层函数的结构（例如，梯度或高阶导数）。 这种方法的主要好处是，连续梯度引导优化可以有效地生成新的有希望的输入，基于梯度值和步长的一些有针对性的突变，而不是进化技术中使用的随机无引导突变。在神经网络训练等热门任务中，直觉引导的优化已经被证明明显优于进化技术。更好的模糊器将显著提高全球数十亿用户使用的关键基础设施软件的安全性、可靠性和健壮性。数据和工具将通过开放源代码提供。将制定课程和培训，以传播成果。该项目将开发一套新的技术和工具，使模糊器能够充分利用梯度下降等连续优化技术的力量。将连续优化应用于模糊化的关键挑战之一是，现实世界的程序行为通常包含许多不连续性，因此不直接适用于平滑优化。因此，在执行连续优化之前，必须对目标程序进行平滑。这个项目将开发一种新的技术，涉及代理神经网络和灰盒仪器，将自动学习不连续的程序行为的平滑近似。该项目将进一步使用全局优化方案，如分支定界和切割平面算法，以避免由于目标程序的非凸性而陷入局部最优。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。