Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Deep Reinforcement Fuzzing

: Böttinger, K.; Godefroid, P.; Singh, R.


Institute of Electrical and Electronics Engineers -IEEE-:
IEEE Symposium on Security and Privacy Workshops, SPW 2018. Proceedings : 24 May 2018, San Francisco, California, USA
Piscataway, NJ: IEEE, 2018
ISBN: 978-1-5386-8276-0
ISBN: 978-1-5386-8277-7
Symposium on Security and Privacy (SP) <39, 2018, San Francisco/Calif.>
Fraunhofer AISEC ()

Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-the-art deep Q -learning algorithms that optimize rewards, which we define from runtime properties of the program under test. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs. We have implemented this new approach, and preliminary empirical evidence shows that reinforcement fuzzing can outperform baseline random fuzzing.