SlideShare a Scribd company logo

KISTI-NII Joint Security Workshop 2023.pdf

Ruo Ando
Ruo Ando

KISTI-NII Joint Security Workshop(Sep. 4 and 5 / 2023)

Education
1 of 10
Download to read offline
A survey of AFL and guided fuzzing The 3rd KISTI and NII Joint Security Workshop 14:40 – 15:05 2023/09/04 Ruo Ando (NII)
AFL AFL++ AflGO Scatter FuzzGuard Directed Gray-box Fuzzing (CCS17) Manipulation-Distance Guided Fuzzing (Usenix Sec 23) Deep Learning (Usenix Sec 20) Incremental Step (Usenix Woot 20) Google (2013) Overview
Algorithm for fuzzing • GA (Genetic Algorithm) : AFL (CBF) • Simulated Annealing : AflGO (DGF) • CNN (Convolutional Neural Network): Fuzz Guard • Idea: Reinforcement learning / Dynamic Programming
AFL: American Fuzzy Lop • Coverage-based fuzzing • Using GA (Genetic algorithm) • Used to calculate score in coverage based fuzzing (AFL). • Developer: Michał Zalewski • Software bugs in major software projects, including X.Org Server,[2] PHP,[3] OpenSSL,[4][5] pngcrush, bash,[6] Firefox,[7] BIND,[8][9] Qt,[10] and SQLite.[11]
AFL: Mutation by GA pre-process Mutation (GA) Crash or hang ? add input to queue calibrate / trim / score 1. bitflip 2. arith 3. interest 4. dictionary 5. havoc 6. splice YES NO
AFL : score and mutation • Score item • Average execution time • Coverage • Queue Cycle • Depth of branch execution • Mutation • SIMPLE • ARITHMETIC INC/DEC • INTERESTING VALUES • DICTIONARY STUFF • RANDOM HAVOC • SPLICING
Coverage • Depth of control flow graph • How many branches the program with given input passed in fuzzing • Used to calculate score in coverage based fuzzing (AFL). branch covarage
AflGO (CCS17) • Coverage-based Greybox Fuzzers (CGF) • Coverage • GA (Genetic algorithm) • Directed Greybox Fuzzers (DGF) : • reaching a given set of program location effectively • BB (Basic Block Distance) • Simulated annealing • Control flow graph and call graph • HeartBleed
FuzzGaurd (Usenix Sec 20) • Predicting the reachability of inputs and filtering out the unreachable test cases. • Based on AflGO • CNN (Convolutional Neural Network) • Supervised learning • Groud truth (Teacher signal): reachability • Training data (inputs): control flow graph • Famous vulnerability: CVE 2019-7582 (libming)
Idea: Reinforcement learning Output: sequence of mutation – mutation1 -> mutation3 -> mutation 5 …

Recommended

IoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilityIoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT Interoperability
Samsung Open Source Group
 
Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)
Dag Endresen
 
OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015
Alan Sill
 
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Priyanka Aash
 
Survey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented realitySurvey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented reality
IAESIJAI
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - Luxembourg
Abhik Roychoudhury
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
Samsung Open Source Group
 

Recommended

IoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilityIoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT Interoperability
Samsung Open Source Group
 
Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)
Dag Endresen
 
OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015
Alan Sill
 
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Priyanka Aash
 
Survey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented realitySurvey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented reality
IAESIJAI
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - Luxembourg
Abhik Roychoudhury
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
Samsung Open Source Group
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
GeoSolutions
 
Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011
Robert Grossman
 
Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...
Grigori Fursin
 
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxyTin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
GigaScience, BGI Hong Kong
 
Master resume
Master resumeMaster resume
Master resume
Mohammed Farrag
 
OSGeo Live Lightening Overview
OSGeo Live Lightening OverviewOSGeo Live Lightening Overview
OSGeo Live Lightening Overview
Jody Garnett
 
Collective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the massesCollective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the masses
Grigori Fursin
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Maksim Shudrak
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
Felipe Prado
 
The next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engineThe next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engine
G. Bruce Berriman
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
Ruo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
Ruo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
Ruo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
Ruo Ando
 

More Related Content

Similar to KISTI-NII Joint Security Workshop 2023.pdf

Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
GeoSolutions
 
Collective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the massesCollective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the masses
Grigori Fursin
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Maksim Shudrak
 

Similar to KISTI-NII Joint Security Workshop 2023.pdf (10)

Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011
 
Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...
 
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxyTin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
 
Master resume
Master resumeMaster resume
Master resume
 
OSGeo Live Lightening Overview
OSGeo Live Lightening OverviewOSGeo Live Lightening Overview
OSGeo Live Lightening Overview
 
Collective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the massesCollective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the masses
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
 
The next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engineThe next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engine
 

More from Ruo Ando

SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
Ruo Ando
 

More from Ruo Ando (20)

Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
 
情報セキュリティと標準化I 第15回
情報セキュリティと標準化I 第15回情報セキュリティと標準化I 第15回
情報セキュリティと標準化I 第15回
 

Recently uploaded

Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 

Recently uploaded (20)

UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use Cases
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 

KISTI-NII Joint Security Workshop 2023.pdf

  • 1. A survey of AFL and guided fuzzing The 3rd KISTI and NII Joint Security Workshop 14:40 – 15:05 2023/09/04 Ruo Ando (NII)
  • 2. AFL AFL++ AflGO Scatter FuzzGuard Directed Gray-box Fuzzing (CCS17) Manipulation-Distance Guided Fuzzing (Usenix Sec 23) Deep Learning (Usenix Sec 20) Incremental Step (Usenix Woot 20) Google (2013) Overview
  • 3. Algorithm for fuzzing • GA (Genetic Algorithm) : AFL (CBF) • Simulated Annealing : AflGO (DGF) • CNN (Convolutional Neural Network): Fuzz Guard • Idea: Reinforcement learning / Dynamic Programming
  • 4. AFL: American Fuzzy Lop • Coverage-based fuzzing • Using GA (Genetic algorithm) • Used to calculate score in coverage based fuzzing (AFL). • Developer: Michał Zalewski • Software bugs in major software projects, including X.Org Server,[2] PHP,[3] OpenSSL,[4][5] pngcrush, bash,[6] Firefox,[7] BIND,[8][9] Qt,[10] and SQLite.[11]
  • 5. AFL: Mutation by GA pre-process Mutation (GA) Crash or hang ? add input to queue calibrate / trim / score 1. bitflip 2. arith 3. interest 4. dictionary 5. havoc 6. splice YES NO
  • 6. AFL : score and mutation • Score item • Average execution time • Coverage • Queue Cycle • Depth of branch execution • Mutation • SIMPLE • ARITHMETIC INC/DEC • INTERESTING VALUES • DICTIONARY STUFF • RANDOM HAVOC • SPLICING
  • 7. Coverage • Depth of control flow graph • How many branches the program with given input passed in fuzzing • Used to calculate score in coverage based fuzzing (AFL). branch covarage
  • 8. AflGO (CCS17) • Coverage-based Greybox Fuzzers (CGF) • Coverage • GA (Genetic algorithm) • Directed Greybox Fuzzers (DGF) : • reaching a given set of program location effectively • BB (Basic Block Distance) • Simulated annealing • Control flow graph and call graph • HeartBleed
  • 9. FuzzGaurd (Usenix Sec 20) • Predicting the reachability of inputs and filtering out the unreachable test cases. • Based on AflGO • CNN (Convolutional Neural Network) • Supervised learning • Groud truth (Teacher signal): reachability • Training data (inputs): control flow graph • Famous vulnerability: CVE 2019-7582 (libming)
  • 10. Idea: Reinforcement learning Output: sequence of mutation – mutation1 -> mutation3 -> mutation 5 …