
Publica
Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten. Deep Reinforcement Fuzzing
| Institute of Electrical and Electronics Engineers -IEEE-: IEEE Symposium on Security and Privacy Workshops, SPW 2018. Proceedings : 24 May 2018, San Francisco, California, USA Piscataway, NJ: IEEE, 2018 ISBN: 978-1-5386-8276-0 ISBN: 978-1-5386-8277-7 S.116-122 |
| Symposium on Security and Privacy (SP) <39, 2018, San Francisco/Calif.> |
|
| Englisch |
| Konferenzbeitrag |
| Fraunhofer AISEC () |
Abstract
Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-the-art deep Q -learning algorithms that optimize rewards, which we define from runtime properties of the program under test. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs. We have implemented this new approach, and preliminary empirical evidence shows that reinforcement fuzzing can outperform baseline random fuzzing.