Ruo Ando, profile picture
Uploaded byRuo Ando
PDF, PPTX41 views

KISTI-NII Joint Security Workshop 2023.pdf

The document summarizes various techniques for automated software testing using fuzzing, including coverage-based fuzzing (AFL), directed greybox fuzzing (AflGO), and neural network-based approaches (FuzzGuard). It discusses how genetic algorithms and simulated annealing are used in AFL and AflGO respectively to guide test case mutation towards new code areas. It also provides examples of vulnerabilities found using these fuzzing tools.

Embed presentation

Download as PDF, PPTX
A survey of AFL and guided fuzzing The 3rd KISTI and NII Joint Security Workshop 14:40 – 15:05 2023/09/04 Ruo Ando (NII)
AFL AFL++ AflGO Scatter FuzzGuard Directed Gray-box Fuzzing (CCS17) Manipulation-Distance Guided Fuzzing (Usenix Sec 23) Deep Learning (Usenix Sec 20) Incremental Step (Usenix Woot 20) Google (2013) Overview
Algorithm for fuzzing • GA (Genetic Algorithm) : AFL (CBF) • Simulated Annealing : AflGO (DGF) • CNN (Convolutional Neural Network): Fuzz Guard • Idea: Reinforcement learning / Dynamic Programming
AFL: American Fuzzy Lop • Coverage-based fuzzing • Using GA (Genetic algorithm) • Used to calculate score in coverage based fuzzing (AFL). • Developer: Michał Zalewski • Software bugs in major software projects, including X.Org Server,[2] PHP,[3] OpenSSL,[4][5] pngcrush, bash,[6] Firefox,[7] BIND,[8][9] Qt,[10] and SQLite.[11]
AFL: Mutation by GA pre-process Mutation (GA) Crash or hang ? add input to queue calibrate / trim / score 1. bitflip 2. arith 3. interest 4. dictionary 5. havoc 6. splice YES NO
AFL : score and mutation • Score item • Average execution time • Coverage • Queue Cycle • Depth of branch execution • Mutation • SIMPLE • ARITHMETIC INC/DEC • INTERESTING VALUES • DICTIONARY STUFF • RANDOM HAVOC • SPLICING
Coverage • Depth of control flow graph • How many branches the program with given input passed in fuzzing • Used to calculate score in coverage based fuzzing (AFL). branch covarage
AflGO (CCS17) • Coverage-based Greybox Fuzzers (CGF) • Coverage • GA (Genetic algorithm) • Directed Greybox Fuzzers (DGF) : • reaching a given set of program location effectively • BB (Basic Block Distance) • Simulated annealing • Control flow graph and call graph • HeartBleed
FuzzGaurd (Usenix Sec 20) • Predicting the reachability of inputs and filtering out the unreachable test cases. • Based on AflGO • CNN (Convolutional Neural Network) • Supervised learning • Groud truth (Teacher signal): reachability • Training data (inputs): control flow graph • Famous vulnerability: CVE 2019-7582 (libming)
Idea: Reinforcement learning Output: sequence of mutation – mutation1 -> mutation3 -> mutation 5 …

More Related Content

PDF
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
byMaksim Shudrak
 
PPTX
Dagstuhl2021
byAbhik Roychoudhury
 
PDF
XPDDS17: Using American Fuzzy Lop on the x86 Instruction Emulator - George Du...
byThe Linux Foundation
 
PPTX
A Quantitative Comparison of Coverage-Based Greybox Fuzzers
byNorihiro Yoshida
 
PPTX
Binary Analysis - Luxembourg
byAbhik Roychoudhury
 
PPTX
Fuzzy Genetic Algorithm
byPintu Khan
 
PPTX
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
byAlexandre Moneger
 
PPTX
Fuzzing.pptx
byAbhik Roychoudhury
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
byMaksim Shudrak
 
Dagstuhl2021
byAbhik Roychoudhury
 
XPDDS17: Using American Fuzzy Lop on the x86 Instruction Emulator - George Du...
byThe Linux Foundation
 
A Quantitative Comparison of Coverage-Based Greybox Fuzzers
byNorihiro Yoshida
 
Binary Analysis - Luxembourg
byAbhik Roychoudhury
 
Fuzzy Genetic Algorithm
byPintu Khan
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
byAlexandre Moneger
 
Fuzzing.pptx
byAbhik Roychoudhury
 

Similar to KISTI-NII Joint Security Workshop 2023.pdf

PPTX
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
byOWASP
 
PPTX
IFIP2023-Abhik.pptx
byAbhik Roychoudhury
 
PDF
FPGA Optimized Fuzzy Controller Design for Magnetic Ball Levitation using Gen...
byIDES Editor
 
PPTX
Introduction to fuzzing
byHieu Nguyen Trung
 
PPTX
FUZZY GENETIC HYBRID SYSTEM of neural system.pptx
byGpcJaisalmer
 
PDF
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
byFelipe Prado
 
PDF
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
byMaksim Shudrak
 
PDF
FUZZY LOGIC CONTROLLER TUNNING VIA ADAPTIVE GENETIC ALGORITHM APPLIED TO AIRC...
byAhmed Momtaz Hosny, PhD
 
PDF
FUZZING & SOFTWARE SECURITY TESTING
byMuH4f1Z
 
PDF
0-knowledge fuzzing white paper
byzynamics GmbH
 
PDF
0-knowledge fuzzing white paper
byVincenzo Iozzo
 
PPTX
module 3_updated ai machine learning.pptx
byadityasrivastav8769
 
PPTX
FPGA Implementation of a GA
byHocine Merabti
 
PPTX
Meetup Julio Algoritmos Genéticos
byDataLab Community
 
PDF
J017446568
byIOSR Journals
 
PPTX
Blaze Information Security: Slaying bugs and improving software security thro...
byBlaze Information Security
 
PDF
Artificial intelligence cs607 handouts lecture 11 - 45
bySattar kayani
 
PDF
COMPUTER INTRUSION DETECTION BY TWOOBJECTIVE FUZZY GENETIC ALGORITHM
bycscpconf
 
PPTX
Introduction to Genetic algorithm and its significance in VLSI design and aut...
byCentre for Electronics, Computer, Self development
 
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
byOWASP
 
IFIP2023-Abhik.pptx
byAbhik Roychoudhury
 
FPGA Optimized Fuzzy Controller Design for Magnetic Ball Levitation using Gen...
byIDES Editor
 
Introduction to fuzzing
byHieu Nguyen Trung
 
FUZZY GENETIC HYBRID SYSTEM of neural system.pptx
byGpcJaisalmer
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
byFelipe Prado
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
byMaksim Shudrak
 
FUZZY LOGIC CONTROLLER TUNNING VIA ADAPTIVE GENETIC ALGORITHM APPLIED TO AIRC...
byAhmed Momtaz Hosny, PhD
 
FUZZING & SOFTWARE SECURITY TESTING
byMuH4f1Z
 
0-knowledge fuzzing white paper
byzynamics GmbH
 
0-knowledge fuzzing white paper
byVincenzo Iozzo
 
module 3_updated ai machine learning.pptx
byadityasrivastav8769
 
FPGA Implementation of a GA
byHocine Merabti
 
Meetup Julio Algoritmos Genéticos
byDataLab Community
 
J017446568
byIOSR Journals
 
Blaze Information Security: Slaying bugs and improving software security thro...
byBlaze Information Security
 
Artificial intelligence cs607 handouts lecture 11 - 45
bySattar kayani
 
COMPUTER INTRUSION DETECTION BY TWOOBJECTIVE FUZZY GENETIC ALGORITHM
bycscpconf
 
Introduction to Genetic algorithm and its significance in VLSI design and aut...
byCentre for Electronics, Computer, Self development
 

More from Ruo Ando

PDF
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
byRuo Ando
 
PDF
解説#86 決定木 - ss.pdf
byRuo Ando
 
PDF
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
byRuo Ando
 
PDF
解説#83 情報エントロピー
byRuo Ando
 
PDF
解説#82 記号論理学
byRuo Ando
 
PDF
解説#81 ロジスティック回帰
byRuo Ando
 
PDF
解説#74 連結リスト
byRuo Ando
 
PDF
解説#76 福岡正信
byRuo Ando
 
PDF
解説#77 非加算無限
byRuo Ando
 
PDF
解説#1 C言語ポインタとアドレス
byRuo Ando
 
PDF
解説#78 誤差逆伝播
byRuo Ando
 
PDF
解説#73 ハフマン符号
byRuo Ando
 
PDF
【技術解説20】 ミニバッチ確率的勾配降下法
byRuo Ando
 
PDF
【技術解説4】assertion failureとuse after-free
byRuo Ando
 
PDF
ITmedia Security Week 2021 講演資料
byRuo Ando
 
PPTX
ファジングの解説
byRuo Ando
 
PDF
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
byRuo Ando
 
PDF
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
byRuo Ando
 
PDF
Intel Trusted Computing Group 1st Workshop
byRuo Ando
 
PDF
情報セキュリティと標準化I 第15回
byRuo Ando
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
byRuo Ando
 
解説#86 決定木 - ss.pdf
byRuo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
byRuo Ando
 
解説#83 情報エントロピー
byRuo Ando
 
解説#82 記号論理学
byRuo Ando
 
解説#81 ロジスティック回帰
byRuo Ando
 
解説#74 連結リスト
byRuo Ando
 
解説#76 福岡正信
byRuo Ando
 
解説#77 非加算無限
byRuo Ando
 
解説#1 C言語ポインタとアドレス
byRuo Ando
 
解説#78 誤差逆伝播
byRuo Ando
 
解説#73 ハフマン符号
byRuo Ando
 
【技術解説20】 ミニバッチ確率的勾配降下法
byRuo Ando
 
【技術解説4】assertion failureとuse after-free
byRuo Ando
 
ITmedia Security Week 2021 講演資料
byRuo Ando
 
ファジングの解説
byRuo Ando
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
byRuo Ando
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
byRuo Ando
 
Intel Trusted Computing Group 1st Workshop
byRuo Ando
 
情報セキュリティと標準化I 第15回
byRuo Ando
 

Recently uploaded

PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
Renal Physiology -Nephron.pptx
byDisha Soriya
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PDF
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PPTX
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
Renal Physiology -Nephron.pptx
byDisha Soriya
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 

KISTI-NII Joint Security Workshop 2023.pdf

  • 1.
    A survey ofAFL and guided fuzzing The 3rd KISTI and NII Joint Security Workshop 14:40 – 15:05 2023/09/04 Ruo Ando (NII)
  • 2.
    AFL AFL++ AflGO Scatter FuzzGuard Directed Gray-box Fuzzing(CCS17) Manipulation-Distance Guided Fuzzing (Usenix Sec 23) Deep Learning (Usenix Sec 20) Incremental Step (Usenix Woot 20) Google (2013) Overview
  • 3.
    Algorithm for fuzzing •GA (Genetic Algorithm) : AFL (CBF) • Simulated Annealing : AflGO (DGF) • CNN (Convolutional Neural Network): Fuzz Guard • Idea: Reinforcement learning / Dynamic Programming
  • 4.
    AFL: American FuzzyLop • Coverage-based fuzzing • Using GA (Genetic algorithm) • Used to calculate score in coverage based fuzzing (AFL). • Developer: Michał Zalewski • Software bugs in major software projects, including X.Org Server,[2] PHP,[3] OpenSSL,[4][5] pngcrush, bash,[6] Firefox,[7] BIND,[8][9] Qt,[10] and SQLite.[11]
  • 5.
    AFL: Mutation byGA pre-process Mutation (GA) Crash or hang ? add input to queue calibrate / trim / score 1. bitflip 2. arith 3. interest 4. dictionary 5. havoc 6. splice YES NO
  • 6.
    AFL : scoreand mutation • Score item • Average execution time • Coverage • Queue Cycle • Depth of branch execution • Mutation • SIMPLE • ARITHMETIC INC/DEC • INTERESTING VALUES • DICTIONARY STUFF • RANDOM HAVOC • SPLICING
  • 7.
    Coverage • Depth ofcontrol flow graph • How many branches the program with given input passed in fuzzing • Used to calculate score in coverage based fuzzing (AFL). branch covarage
  • 8.
    AflGO (CCS17) • Coverage-basedGreybox Fuzzers (CGF) • Coverage • GA (Genetic algorithm) • Directed Greybox Fuzzers (DGF) : • reaching a given set of program location effectively • BB (Basic Block Distance) • Simulated annealing • Control flow graph and call graph • HeartBleed
  • 9.
    FuzzGaurd (Usenix Sec20) • Predicting the reachability of inputs and filtering out the unreachable test cases. • Based on AflGO • CNN (Convolutional Neural Network) • Supervised learning • Groud truth (Teacher signal): reachability • Training data (inputs): control flow graph • Famous vulnerability: CVE 2019-7582 (libming)
  • 10.
    Idea: Reinforcement learning Output:sequence of mutation – mutation1 -> mutation3 -> mutation 5 …