Conference Proceedings

Deep reinforcement fuzzing

Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 (2018) 116-122
DOI: 10.1109/SPW.2018.00026
103Citations
Citations of this article
198Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-the-art deep Q-learning algorithms that optimize rewards, which we define from runtime properties of the program under test. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs. We have implemented this new approach, and preliminary empirical evidence shows that reinforcement fuzzing can outperform baseline random fuzzing.

Author supplied keywords

Cite

CITATION STYLE

APA

Böttinger, K., Godefroid, P., & Singh, R. (2018). Deep reinforcement fuzzing. In Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 (pp. 116–122). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SPW.2018.00026

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free