Unlock the Potential of General-purpose Fuzzing: An Optimization Approach
Speaker
Dongdong SHE, HKUST
Time
2024-09-29 13:30:00 ~ 2024-09-29 14:30:00
Location
上海交通大学电信群楼3-220A会议室
Host
郁昱
Abstract
Based on the application domains, fuzzing can be categorized into general-purpose fuzzing (i.e., testing all kinds of software) and domain-specific fuzzing (e.g., testing a specific type of software). AFL havoc mode/AFL++ is the most powerful general-purpose fuzzer, and it has been used in the Google OSS-Fuzz project to harvest tons of bugs. Despite the significant advancement of fuzzing research, general-purpose fuzzing still relies on random strategies and human-written heuristics. In this talk, we show that by formulating general-purpose fuzzing as an online scholastic control problem, a combination of lightweight optimization algorithms can significantly boost its performance. We present FOX, a novel general-purpose fuzzer that can beat the strongest mode of AFL++ (with CMPLOG and fuzzing dictionary) up to 26.45% on standalone programs and 6.59% on FuzzBench programs.
Bio
Dongdong She is an assistant professor at the Hong Kong University of Science and Technology, CSE department. He obtained his PhD from the CS department at Columbia University. Before Columbia, He earned his M.S. from UC Riverside and B.S. from Huazhong University of Science and Technology. He is broadly interested in security and machine learning. He is particularly interested in applying data-driven approaches (e.g., LLM, optimization) to solve traditional security problems (e.g., vulnerability detection, software testing, program analysis).
Hiring: Multiple PhD positions are available; send me an email at dongdong@cse.ust.hk if you are interested.