CAREER: Efficient Fuzzing with Neural Program Smoothing

职业：通过神经程序平滑进行高效模糊测试

• 批准号: 1845995
• 负责人: Suman Jana
• 金额: $ 47.6万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-05-01 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1845995&HistoricalAwards=false
• 关键词: CAREER; Efficient; Fuzzing; Neural; Program

Fuzzing is an automated software testing technique that involves feeding a stream of invalid, unexpected, or rare data as inputs to a computer program for discovering bugs leading to crashes, assertion failures, or memory corruption. Fuzzing is the de facto standard technique for finding software vulnerabilities. However, despite their tremendous promise, popular fuzzers, especially for large programs, often tend to get stuck trying redundant test inputs and struggle to find security vulnerabilities hidden deep into the program logic. To find interesting test inputs, most popular fuzzers use evolutionary algorithms, which start from a set of inputs, apply random mutations and crossovers on these inputs to generate new inputs, and apply a fitness function (e.g., achieved code coverage) to select the most promising new inputs for the next set of mutations. The key insight of this research is that an approach using continuous optimization techniques can do better, by more efficiently using the structure of the underlying functions (e.g., gradients or higher-order derivatives). The key benefit of this approach is that continuous gradient-guided optimization can efficiently generate new promising inputs with a few targeted mutations based on the gradient value and the step size rather than random unguided mutations used in evolutionary techniques. Gradient-guided optimizations have already been shown to significantly outperform evolutionary techniques in popular tasks like training of neural networks. Better fuzzers will significantly improve the security, reliability, and robustness of critical infrastructure software used by billions of users across the world. Data and tools will be made available through open source. Curriculum and training will be developed to disseminate the results. This project will develop a set of novel techniques and tools that will enable fuzzers to fully exploit the power of continuous optimization techniques like gradient descent. One of the key challenges behind applying continuous optimization for fuzzing is that real-world program behaviors often contain many discontinuities and thus are not directly amenable to smooth optimization. Therefore, the target programs must be smoothed before performing continuous optimization. This project will develop a new technique involving surrogate neural networks and graybox instrumentation that will automatically learn smooth approximations of discontinuous program behaviors. This project will further use global optimization schemes like branch-and-bound and cutting plane algorithms to avoid getting stuck at local optima due to the non-convexity of the target program.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Fuzzing是一种自动化软件测试技术，涉及将无效，意外或稀有数据作为输入流，以发现计算机程序，以发现导致崩溃，断言失败或内存损坏的错误。模糊是用于查找软件漏洞的事实上的标准技术。 然而，尽管他们巨大的希望，但流行的模糊器，尤其是对于大型程序，通常会被卡住，试图尝试冗余测试输入，并难以找到隐藏在程序逻辑中的安全漏洞。为了找到有趣的测试输入，大多数流行的模糊器都使用进化算法，这些算法从一组输入开始，在这些输入上应用随机突变和交叉来生成新的输入，并应用健身函数（例如，已实现的代码覆盖率），以选择下一组突变的最有希望的新投入。这项研究的关键见解是，使用连续优化技术的方法可以通过更有效地使用基础功能的结构（例如梯度或高阶导数）来做得更好。 这种方法的关键优势在于，连续梯度引导的优化可以根据梯度值和步长大小而不是进化技术中使用的随机非引导突变，从而有效地产生新的有希望的输入。梯度指导的优化已经显示出在流行任务（例如培训神经网络）中的进化技术明显优于进化技术。更好的模糊器将大大提高全球数十亿用户使用的关键基础架构软件的安全性，可靠性和鲁棒性。数据和工具将通过开源提供。课程和培训将开发以传播结果。该项目将开发一系列新颖的技术和工具，使模糊器能够充分利用连续优化技术（如梯度下降）的力量。将连续优化应用于模糊的关键挑战之一是，现实世界的程序行为通常包含许多不连续性，因此不能直接适合平稳优化。因此，必须在执行连续优化之前对目标程序进行平滑。该项目将开发一种涉及替代神经网络和灰色框架仪器的新技术，该技术将自动学习不连续的程序行为的平滑近似值。该项目将进一步使用全球优化方案，例如分支机构和切割平面算法，以避免由于目标计划的非共同点而陷入本地Optima。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的影响审查标准来通过评估来通过评估来获得支持的。