SlideShare a Scribd company logo

KISTI-NII Joint Security Workshop 2023.pdf

Ruo Ando
Ruo Ando

The document summarizes various techniques for automated software testing using fuzzing, including coverage-based fuzzing (AFL), directed greybox fuzzing (AflGO), and neural network-based approaches (FuzzGuard). It discusses how genetic algorithms and simulated annealing are used in AFL and AflGO respectively to guide test case mutation towards new code areas. It also provides examples of vulnerabilities found using these fuzzing tools.

Education
1 of 10
Download to read offline
A survey of AFL and guided fuzzing The 3rd KISTI and NII Joint Security Workshop 14:40 – 15:05 2023/09/04 Ruo Ando (NII)
AFL AFL++ AflGO Scatter FuzzGuard Directed Gray-box Fuzzing (CCS17) Manipulation-Distance Guided Fuzzing (Usenix Sec 23) Deep Learning (Usenix Sec 20) Incremental Step (Usenix Woot 20) Google (2013) Overview
Algorithm for fuzzing • GA (Genetic Algorithm) : AFL (CBF) • Simulated Annealing : AflGO (DGF) • CNN (Convolutional Neural Network): Fuzz Guard • Idea: Reinforcement learning / Dynamic Programming
AFL: American Fuzzy Lop • Coverage-based fuzzing • Using GA (Genetic algorithm) • Used to calculate score in coverage based fuzzing (AFL). • Developer: Michał Zalewski • Software bugs in major software projects, including X.Org Server,[2] PHP,[3] OpenSSL,[4][5] pngcrush, bash,[6] Firefox,[7] BIND,[8][9] Qt,[10] and SQLite.[11]
AFL: Mutation by GA pre-process Mutation (GA) Crash or hang ? add input to queue calibrate / trim / score 1. bitflip 2. arith 3. interest 4. dictionary 5. havoc 6. splice YES NO
AFL : score and mutation • Score item • Average execution time • Coverage • Queue Cycle • Depth of branch execution • Mutation • SIMPLE • ARITHMETIC INC/DEC • INTERESTING VALUES • DICTIONARY STUFF • RANDOM HAVOC • SPLICING
Coverage • Depth of control flow graph • How many branches the program with given input passed in fuzzing • Used to calculate score in coverage based fuzzing (AFL). branch covarage
AflGO (CCS17) • Coverage-based Greybox Fuzzers (CGF) • Coverage • GA (Genetic algorithm) • Directed Greybox Fuzzers (DGF) : • reaching a given set of program location effectively • BB (Basic Block Distance) • Simulated annealing • Control flow graph and call graph • HeartBleed
FuzzGaurd (Usenix Sec 20) • Predicting the reachability of inputs and filtering out the unreachable test cases. • Based on AflGO • CNN (Convolutional Neural Network) • Supervised learning • Groud truth (Teacher signal): reachability • Training data (inputs): control flow graph • Famous vulnerability: CVE 2019-7582 (libming)
Idea: Reinforcement learning Output: sequence of mutation – mutation1 -> mutation3 -> mutation 5 …

Recommended

IoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilityIoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT Interoperability
Samsung Open Source Group
 
Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)
Dag Endresen
 
OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015
Alan Sill
 
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Priyanka Aash
 
Survey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented realitySurvey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented reality
IAESIJAI
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - Luxembourg
Abhik Roychoudhury
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
Samsung Open Source Group
 

Recommended

IoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilityIoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT Interoperability
Samsung Open Source Group
 
Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)Germplasm data exchange, CGIAR SINGER (2009)
Germplasm data exchange, CGIAR SINGER (2009)
Dag Endresen
 
OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015OGF Introductory Overview - OGF 44 at EGI Conference 2015
OGF Introductory Overview - OGF 44 at EGI Conference 2015
Alan Sill
 
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Priyanka Aash
 
Survey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented realitySurvey of indoor tracking systems using augmented reality
Survey of indoor tracking systems using augmented reality
IAESIJAI
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - Luxembourg
Abhik Roychoudhury
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
Samsung Open Source Group
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
GeoSolutions
 
Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011
Robert Grossman
 
Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...
Grigori Fursin
 
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxyTin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
GigaScience, BGI Hong Kong
 
Master resume
Master resumeMaster resume
Master resumeMohammed Farrag
 
OSGeo Live Lightening Overview
OSGeo Live Lightening OverviewOSGeo Live Lightening Overview
OSGeo Live Lightening Overview
Jody Garnett
 
Collective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the massesCollective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the masses
Grigori Fursin
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Maksim Shudrak
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
Felipe Prado
 
The next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engineThe next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engine
G. Bruce Berriman
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
Ruo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
Ruo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
Ruo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
Ruo Ando
 

More Related Content

Similar to KISTI-NII Joint Security Workshop 2023.pdf

Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
GeoSolutions
 
Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011
Robert Grossman
 
Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...
Grigori Fursin
 
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxyTin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
GigaScience, BGI Hong Kong
 
OSGeo Live Lightening Overview
OSGeo Live Lightening OverviewOSGeo Live Lightening Overview
OSGeo Live Lightening Overview
Jody Garnett
 
Collective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the massesCollective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the masses
Grigori Fursin
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Maksim Shudrak
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
Felipe Prado
 
The next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engineThe next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engine
G. Bruce Berriman
 

Similar to KISTI-NII Joint Security Workshop 2023.pdf (10)

Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011Bionimbus - Northwestern CGI Workshop 4-21-2011
Bionimbus - Northwestern CGI Workshop 4-21-2011
 
Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...Collective Knowledge: python and scikit-learn based open research SDK for col...
Collective Knowledge: python and scikit-learn based open research SDK for col...
 
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxyTin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
Tin-Lap Lee: Next-Gen Sequencing Analysis by GigaGalaxy
 
Master resume
Master resumeMaster resume
Master resume
 
OSGeo Live Lightening Overview
OSGeo Live Lightening OverviewOSGeo Live Lightening Overview
OSGeo Live Lightening Overview
 
Collective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the massesCollective Mind: bringing reproducible research to the masses
Collective Mind: bringing reproducible research to the masses
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
 
The next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engineThe next generation of the Montage image mosaic engine
The next generation of the Montage image mosaic engine
 

More from Ruo Ando

Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
Ruo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
Ruo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
Ruo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
Ruo Ando
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
Ruo Ando
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
Ruo Ando
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
Ruo Ando
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
Ruo Ando
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
Ruo Ando
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
Ruo Ando
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
Ruo Ando
 
情報セキュリティと標準化I 第15回
情報セキュリティと標準化I 第15回情報セキュリティと標準化I 第15回
情報セキュリティと標準化I 第15回
Ruo Ando
 

More from Ruo Ando (20)

Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
 
情報セキュリティと標準化I 第15回
情報セキュリティと標準化I 第15回情報セキュリティと標準化I 第15回
情報セキュリティと標準化I 第15回
 

Recently uploaded

Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 

Recently uploaded (20)

Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 

KISTI-NII Joint Security Workshop 2023.pdf

  • 1. A survey of AFL and guided fuzzing The 3rd KISTI and NII Joint Security Workshop 14:40 – 15:05 2023/09/04 Ruo Ando (NII)
  • 2. AFL AFL++ AflGO Scatter FuzzGuard Directed Gray-box Fuzzing (CCS17) Manipulation-Distance Guided Fuzzing (Usenix Sec 23) Deep Learning (Usenix Sec 20) Incremental Step (Usenix Woot 20) Google (2013) Overview
  • 3. Algorithm for fuzzing • GA (Genetic Algorithm) : AFL (CBF) • Simulated Annealing : AflGO (DGF) • CNN (Convolutional Neural Network): Fuzz Guard • Idea: Reinforcement learning / Dynamic Programming
  • 4. AFL: American Fuzzy Lop • Coverage-based fuzzing • Using GA (Genetic algorithm) • Used to calculate score in coverage based fuzzing (AFL). • Developer: Michał Zalewski • Software bugs in major software projects, including X.Org Server,[2] PHP,[3] OpenSSL,[4][5] pngcrush, bash,[6] Firefox,[7] BIND,[8][9] Qt,[10] and SQLite.[11]
  • 5. AFL: Mutation by GA pre-process Mutation (GA) Crash or hang ? add input to queue calibrate / trim / score 1. bitflip 2. arith 3. interest 4. dictionary 5. havoc 6. splice YES NO
  • 6. AFL : score and mutation • Score item • Average execution time • Coverage • Queue Cycle • Depth of branch execution • Mutation • SIMPLE • ARITHMETIC INC/DEC • INTERESTING VALUES • DICTIONARY STUFF • RANDOM HAVOC • SPLICING
  • 7. Coverage • Depth of control flow graph • How many branches the program with given input passed in fuzzing • Used to calculate score in coverage based fuzzing (AFL). branch covarage
  • 8. AflGO (CCS17) • Coverage-based Greybox Fuzzers (CGF) • Coverage • GA (Genetic algorithm) • Directed Greybox Fuzzers (DGF) : • reaching a given set of program location effectively • BB (Basic Block Distance) • Simulated annealing • Control flow graph and call graph • HeartBleed
  • 9. FuzzGaurd (Usenix Sec 20) • Predicting the reachability of inputs and filtering out the unreachable test cases. • Based on AflGO • CNN (Convolutional Neural Network) • Supervised learning • Groud truth (Teacher signal): reachability • Training data (inputs): control flow graph • Famous vulnerability: CVE 2019-7582 (libming)
  • 10. Idea: Reinforcement learning Output: sequence of mutation – mutation1 -> mutation3 -> mutation 5 …