Research on Browser Fuzz Sample Generation Technology Based on Deep Learning

doi:10.3969/j.issn.1671-1122.2019.03.004

Abstract

Abstract:

Fuzz testing is one of the most mature and effective methods among the approaches used to mine vulnerabilities for modern software. However, traditional Fuzz testing generally have some problems, such as limited depth of exploring code space or lacking of directivity in generating samples. To alleviate these issues, a kind of framework was proposed to generate samples of browsers by making use of long short term memory (LSTM) network. The framework consists two components: sample generating and Fuzz testing. Firstly, the sample are encoded into vectors which are much easier to implement in LSTM network. This process is called file preprocessing. After finishing the learning period, the network will generate a mound of samples as test set. Then test set will be generated by mutating samples based on traditional mutation strategies. Finally, the test set will be feed into the browser for Fuzz testing. In order to verify the effectiveness of the framework, the learning results, generating sample results and Fuzz results of LSTM network have been analyzed statistically. It is proofed that the proposed framework could satisfy the needs of browser Fuzz generation and overcome the difficulties of insufficient mining depth and lack of directivity in generating samples in traditional browser Fuzz, which was suitable for mining one or several browser vulnerabilities.

Key words: browser Fuzz, deep learning, sample generation, LSTM neural network, file vectorization

CLC Number:

TP309

Yong FANG, Guangxiatian ZHU, Luping LIU, Peng JIA. Research on Browser Fuzz Sample Generation Technology Based on Deep Learning[J]. Netinfo Security, 2019, 19(3): 26-33.

Figures/Tables 9

References 18

[1]	WANG xiajing,HU changzhen,MA rui. A Survey of Key techniques of Binary Program Vulnerability Discovery[J]. Netinfo Security, 2017, 17(8): 1-13.
	王夏菁,胡昌振,马锐,等.二进制程序漏洞挖掘关键技术研究综述[J].信息网络安全,2017,17(8):1-13.
[2]	PANG Y, XUE X, NAMIN A S.Early Identification of Vulnerable Software Components via Ensemble Learning[C]// IEEE. 15th IEEE International Conference on Machine Learning and Applications(ICMLA), December 18-20, 2016, Los Angeles, California, USA. New York: IEEE, 2017: 476-481.
[3]	PANG Y, XUE X, NAMIN A S.Predicting Vulnerable Software Components through N-Gram Analysis and Statistical Feature Selection[C]// IEEE. 14th International Conference on Machine Learning and Applications (ICMLA), December 4 -7, 2013, Miami, Florida, USA. New York: IEEE, 2015:543-548.
[4]	WEN weiping, WU bozhi, JIAO yingnan, et al. Design and Implementation on Malicious Document Detection Tool Based on Machine Learning[J]. Netinfo Security, 2018, 18(8): 1-7.
	文伟平,吴勃志,焦英楠,等.基于机器学习的恶意文档识别工具设计与实现[J].信息网络安全,2018,18(8):1-7.
[5]	GODEFROID P, PELEG H, SINGH R.Learn&Fuzz: Machine Learning for Input Fuzzing[C]// IEEE. 32nd IEEE/ACM International Conference on Automated Software Engineering, October 30-November 3, 2017, Urbana-Champaign, IL, USA, New York: IEEE, 2017: 50-59.
[6]	WANG J, CHEN B, WEI L, et al.Skyfire: Data-Driven Seed Generation for Fuzzing[C]//IEEE. 38th IEEE Symposium on Security and Privacy, May 22-24, 2017, San Jose, California, USA. New York: IEEE, 2017: 579-594.
[7]	WU Fang, A Study of Binary Vulnerability Analysis and Detection Based on Deep Leraning[D]. Beijing: Beijing Jiaotong University, 2018.
	吴芳. 基于深度学习的二进制程序漏洞分析与检测方法研究[D].北京:北京交通大学,2018.
[8]	SUNDERMEYER M,SCHLÜTER R,NEY H. LSTM Neural Networks for Language Modeling[C]//INTERSPEECH. 13th Annual Conference of the International Speech Communication Association, September 9-13, 2012, Portland, Oregon, USA. New York: 2012: 601-608.
[9]	KALCHBRENNER N, GREFENSTETTE E,BLUNSOM P. A Convolutional Neural Network for Modelling Sentences[EB/OL]. .
[10]	PALANGI H, DENG L, SHEN Y, et al.Deep Sentence Embedding Using Long Short-Term Memory Networks: Analysis and Application to Information Retrieval[J]. ACM Transactions on Audio Speech & Language Processing, 2016, 24(4): 694-707.
[11]	BENGIO Y, SIMARD P, FRASCONI P.Learning Long-term Dependencies with Gradient Descent is Difficult[J]. IEEE Transactions on Neural Networks, 2002, 5(2):157-166.
[12]	BELTRAMELLI T.Pix2code: Generating Code from a Graphical User Interface Screenshot[C]//EICS. ACM SIGCHI Symposium on Engineering Interactive Computing Systems, June 26-29, 2017, Lisbon, Portugal. New York: ACM, 2018: 3.
[13]	NIEPERT M, AHMED M, KUTZKOV K.Learning Convolutional Neural Networks for Graphs[C]//ICML. 33rd International conference on machine learning, June 19 - 24, 2016, New York City, NY, USA. New York: ICML, 2016: 2014-2023.
[14]	GRAVES A. Generating Sequences With Recurrent Neural Networks[EB/OL]. , 2013-8-4.
[15]	SHE D, PEI K, EPSTEIN D, et al. NEUZZ: Efficient Fuzzing with Neural Program Learning[EB/OL]., 2018-7-15.
[16]	RAJPAL M, BLUM W, SINGH R. Not all Bytes are Equal: Neural Byte Sieve for Fuzzing[EB/OL]., 2017-11-10.
[17]	BÖTTINGER K, GODEFROID P, SINGH R. Deep Reinforcement Fuzzing[C]//IEEE. IEEE Security and Privacy Workshops (SPW), May 24, 2018, San Francisco, CA, USA. New York: IEEE, 2018: 116-122.
[18]	HUANG Yi.Research on Software Security Vulnerability Discovery Based on Fuzzing[D]. Hefei: University of Science and Technology of China, 2010.
	黄奕. 基于模糊测试的软件安全漏洞发掘技术研究[D].合肥:中国科学技术大学,2010.

向量定义	表达式
标签词向量	N_twi=(N_ti,L_ti,P_ti)
标签属性词向量	N_ewi=(N_ei,L_ei,P_ei)
文本词向量	N_cwi=(N_ci,L_ci,P_ci)
标签向量	N_tsi=(N_twi,N_ewi)
文本向量	N_csi=(N_twi,N_cwi)
标签向量集	&#x02211;N_t = (N_tsi,N_tsj,N_tsk)
文本向量集	&#x02211;N_c = (N_csi,N_csj,N_csk)
输入向量集	&#x02211;N = (N_t,N_c)

超参数名	参数设置
LSTM网络细胞数量	256
激活函数	sigmoid
Dropout比例	0.3

样本批次	样本数量/个	合格样本数量/个	样本合格率/%
第一批	10000	8312	83.12
第二批	10000	8001	80.01
第三批	10000	8362	83.62
第四批	10000	8196	81.96

Crash类型	触发次数	衍生样本数量	非衍生样本数量
内存破坏	31	25	6
网页过大	16	12	4
其他	36	23	13