Revisiting Neural Program Smoothing for Fuzzing (ESEC/FSE 2023 - Research Papers) - ESEC/FSE 2023

Sun 3 - Sat 9 December 2023 San Francisco, California, United States

Who

Maria Irina Nicolae, Max Eisele, Andreas Zeller

Track

ESEC/FSE 2023 Research Papers

Time Zone

The program is currently displayed in (GMT-08:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-08:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Tue 5 Dec 2023 12:15 - 12:30 at Golden Gate C2 - Machine Learning I Chair(s): Michael Pradel

Abstract

Testing with randomly generated inputs (fuzzing) has gained significant traction due to its capacity to expose program vulnerabilities automatically. Fuzz testing campaigns generate large amounts of data, making them ideal for the application of machine learning (ML). Neural program smoothing, a specific family of ML-guided fuzzers, aims to use a neural network as a smooth approximation of the software under test for new test case generation. In this paper, we conduct the most extensive benchmark of neural program smoothing (NPS) fuzzers against standard gray-box fuzzers (11 CPU years and >5.5 GPU years), and make the following contributions: (1) We find that the original performance claims for NPS fuzzers do not hold, and proceed to investigate the reasons why; we uncover and elucidate fundamental, implementation, and experimental limitations of prior works. (2) We contribute the first in-depth analysis of the contribution of machine learning and gradient-based mutations in NPS. (3) As we demonstrate in a prototype called Neuzz++, addressing the practical limitations of NPS fuzzers improves performance, but standard gray-box fuzzers almost always surpass NPS-based fuzzers. (4) As a consequence, we propose new guidelines targeted at benchmarking fuzzing based on machine learning, and present a platform, MLFuzz, with GPU access for easy and reproducible evaluation of ML-based fuzzers. Neuzz++, MLFuzz, and all our data are available as open source.

Maria Irina Nicolae

Robert Bosch GmbH

Max Eisele

Robert Bosch; Saarland University

Germany

Andreas Zeller

CISPA Helmholtz Center for Information Security

Germany

Media

Time Zone

The program is currently displayed in (GMT-08:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-08:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Tue 5 Dec
Displayed time zone: Pacific Time (US & Canada) change

	11:00 - 12:30	Machine Learning IIdeas, Visions and Reflections / Industry Papers / Research Papers at Golden Gate C2 Chair(s): Michael Pradel University of Stuttgart

	11:00 15m Talk		[Remote] Beyond Sharing: Conflict-Aware Multivariate Time Series Anomaly Detection Industry Papers Haotian Si Computer Network Information Center at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Changhua Pei Computer Network Information Center at Chinese Academy of Sciences, Zhihan Li Kuaishou Technology, Yadong Zhao Computer Network Information Center at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jingjing Li Computer Network Information Center at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Haiming Zhang Computer Network Information Center at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zulong Diao Institute of Computing Technology at Chinese Academy of Sciences, Jianhui Li Computer Network Information Center at Chinese Academy of Sciences, Gaogang Xie Computer Network Information Center at Chinese Academy of Sciences, Dan Pei Tsinghua University DOI Media Attached
	11:15 15m Talk		Design by Contract for Deep Learning APIs Research Papers Shibbir Ahmed Dept. of Computer Science, Iowa State University, Sayem Mohammad Imtiaz Iowa State University, Samantha Syeda Khairunnesa Bradley University, Breno Dantas Cruz Dept. of Computer Science, Iowa State University, Hridesh Rajan Dept. of Computer Science, Iowa State University DOI Media Attached
	11:30 15m Talk		Towards Top-Down Automated Development in Limited Scopes: A Neuro-Symbolic Framework from Expressibles to Executables Ideas, Visions and Reflections Jian Gu Monash University, Harald Gall University of Zurich Media Attached
	11:45 15m Talk		Testing Coreference Resolution Systems without Labeled Test Sets Research Papers Jialun Cao Hong Kong University of Science and Technology, Yaojie Lu Chinese Information Processing Laboratory Institute of Software, Chinese Academy of Sciences, Ming Wen Huazhong University of Science and Technology, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology Media Attached
	12:00 15m Talk		Neural-Based Test Oracle Generation: A Large-scale Evaluation and Lessons Learned Research Papers Soneya Binta Hossain University of Virginia, USA, Antonio Filieri Amazon Web Services, Matthew B Dwyer University of Virginia, Sebastian Elbaum University of Virginia, Willem Visser Amazon Web Services Pre-print Media Attached
	12:15 15m Talk		Revisiting Neural Program Smoothing for Fuzzing Research Papers Maria Irina Nicolae Robert Bosch GmbH, Max Eisele Robert Bosch; Saarland University, Andreas Zeller CISPA Helmholtz Center for Information Security Media Attached