Research on the Optimization Technology of Open Source Fuzzing Framework for Intelligent Systems

doi:10.3969/j.issn.1671-1122.2025.04.007

Abstract

Abstract:

With the widespread adoption of application softwares in intelligent systems, ensuring software security is crucial for enhancing the reliability of these systems. Although existing fuzz testing techniques can reveal software security vulnerabilities to some extent, they are often hindered by issues related to testing effectiveness and efficiency. To address these challenges, this paper proposed a mutation-sensitive fuzz testing method (Seq2Seq-Fuzzer). First, we introduced four Seq2Seq models based on improved LSTM and Transformer architectures, and trained the proposed models using byte vector datasets constructed from programs such as objdump, readelf, and others. Next, we appled the Seq2Seq model to optimize american fuzzy lop (AFL) by predicting effective mutation strategies and mutation position pairs, aiming to address the high randomness and low efficiency inherent in AFL fuzz testing. Finally, we evaluated the proposed AFL optimization method. Experimental results show that, in tests on objdump, readelf, and nm, the code coverage of Seq2Seq-Fuzzer surpasses that of AFL by up to 56.8%, and it successfully identifies 21 crashes in programs related to objdump.

Key words: intelligent systems, fuzz testing, Seq2Seq, Transformer, LSTM

CLC Number:

TP309

WEI Chaoren, XIA Wanxu, QU Gang, BAI Wanrong, YANG Liqun. Research on the Optimization Technology of Open Source Fuzzing Framework for Intelligent Systems[J]. Netinfo Security, 2025, 25(4): 587-597.

Figures/Tables 10

References 19

[1]	WU Tong, LIU Jian, XUE Lei, et al. Fixed-Time Synchronization of Multilayer Complex Networks under Denial-of-Service Attacks[J]. IEEE Transactions on Circuits and Systems II: Express Briefs, 2023, 70(9): 3519-3523.
[2]	MIN D, KO Y, WALKER R, et al. A Content-Based Ransomware Detection and Backup Solid-State Drive for Ransomware Defense[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2022, 41(7): 2038-2051.
[3]	MICHAL Z. American Fuzzy Lop[EB/OL]. [2024-10-15]. https://github.com/google/AFL.
[4]	MICHAEL E. Peach Fuzeer[EB/OL]. [2024-10-15]. https://peachtech.gitlab.io/peach-fuzzer-community.
[5]	Google. LibFuzzer[EB/OL]. [2024-10-15]. https://llvm.org/docs/LibFuzzer.html#fuzzer-usage.
[6]	RAWAT S, JAIN V, KUMAR A, et al. VUzzer: Application-Aware Evolutionary Fuzzing[EB/OL]. [2024-10-15]. https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_10-2_Rawat_paper.pdf.
[7]	CHOI J, JANG J, HAN C, et al. Grey-Box Concolic Testing on Binary Code[C]// IEEE. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). New York: IEEE, 2019: 736-747.
[8]	LI Yuekang, XUE Yinxing, CHEN Hongxu, et al. Cerebro: Context-Aware Adaptive Fuzzing for Effective Vulnerability Detection[C]// ACM. Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York: ACM, 2019: 533-544.
[9]	PHAM V T, BÖHME M, SANTOSA A E, et al. Smart Greybox Fuzzing[J]. IEEE Transactions on Software Engineering, 2021, 47(9): 1980-1997.
[10]	WU Mingyuan, JIANG Ling, XIANG Jiahong, et al. One Fuzzing Strategy to Rule Them All[C]// IEEE. 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). New York: IEEE, 2022: 1634-1645.
[11]	LING Hanqin, JIA Peng, ZHOU Anmin. IFuzz: Grey Box Fuzzy Testing for Integer Type Vulnerabilities[J]. Network Security Technology & Application, 2023(12): 36-39.
	凌翰钦, 贾鹏, 周安民. IFuzz: 对整数类型漏洞的灰盒模糊测试[J]. 网络安全技术与应用, 2023(12): 36-39.
[12]	LU Liyu, LIU Yuan, HONG Chao, et al. Screening Method of Fuzzy Test Seeds Based on Impact Orientation[J]. Network Security Technology & Application, 2024(2): 44-46.
	陆力瑜, 刘媛, 洪超, 等. 基于影响性导向的模糊测试种子筛选方法[J]. 网络安全技术与应用, 2024(2): 44-46.
[13]	YU Yuanping, SU Purui. HeapAFL: Heap-Behavior Guided Greybox Fuzzing[J]. Journal of Computer Research and Development, 2023, 60 (7): 1501-1513.
	余媛萍, 苏璞睿. HeapAFL:基于堆操作行为引导的灰盒模糊测试[J]. 计算机研究与发展, 2023, 60 (7): 1501-1513.
[14]	PENG Hao, LI Jianxin, WANG Zheng, et al. Lifelong Property Price Prediction: A Case Study for the Toronto Real Estate Market[J]. IEEE Transactions on Knowledge and Data Engineering, 2021, 35(3): 2765-2780.
[15]	LI Qian, PENG Hao, LI Jianxin, et al. Reinforcement Learning-Based Dialogue Guided Event Extraction to Exploit Argument Relations[J]. IEEE/ACM Transactions on Audio, Speech, and Language Processing, 2021, 30: 520-533.
[16]	MA Lianwei, ZHAO Yuan, WANG Bin, et al. A Multistep Sequence-to-Sequence Model with Attention LSTM Neural Networks for Industrial Soft Sensor Application[J]. IEEE Sensors Journal, 2023, 23(10): 10801-10813.
[17]	HOCHREITER S, SCHMIDHUBER J. Long Short-Term Memory[J]. Neural Computation, 1997, 9(8): 1735-1780. doi: 10.1162/neco.1997.9.8.1735 pmid: 9377276
[18]	MENENDEZ H D, CLARK D. Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection[J]. IEEE Transactions on Software Engineering, 2022, 48(9): 3540-3553.
[19]	MILLER B P, ZHANG Mengxiao, HEYMANN E R. The Relevance of Classic Fuzz Testing: Have We Solved this One?[J]. IEEE Transactions on Software Engineering, 2022, 48(6): 2028-2039.

类别	名称	版本
软件	Python	3.9.17
	Cuda	11.4
	torch	1.12.0+cu113
	torchaudio	0.12.0+cu113
	torchvision	0.13.0+cu113
	Flask	3.0.0
	AFL	2.52b
	GCC	9.4.0
	Operation System	Ubuntu 20.04.4 LTS
硬件	RAM	64 GB
	Graphics Card	V100
	Graphics memory	32 GB

数据集	方法/策略	bitflip 1/1	bitflip 2/1	bitflip 4/1	bitflip 8/8	bitflip 16/8	bitflip 32/8
readelf 数据集	AFL(原始)	3.69	3.42	3.11	3.10	2.18	2.51
	AFL(LL)	4.02	3.93	3.77	3.87	2.54	3.46
	AFL(TL)	4.00	3.91	3.67	3.69	2.66	1.00
	AFL(LT)	4.07	3.97	3.81	3.52	3.28	3.07
	AFL(TT)	4.00	4.12	3.88	3.73	3.71	3.52
objdump数据集	AFL(原始)	3.73	3.25	2.95	2.97	3.31	3.53
	AFL(LL)	3.73	3.44	2.89	3.41	3.59	4.70
	AFL(TL)	3.79	3.46	3.05	3.05	4.29	3.64
	AFL(LT)	3.86	3.47	3.03	4.27	3.85	3.07
	AFL(TT)	3.91	3.55	3.15	4.19	3.71	3.67
nm 数据集	AFL(原始)	3.76	3.25	2.79	3.96	3.79	3.66
	AFL(LL)	3.72	3.37	2.79	3.96	3.06	3.33
	AFL(TL)	3.82	3.27	2.99	4.09	3.00	3.22
	AFL(LT)	4.01	3.57	3.76	4.20	2.85	3.02
	AFL(TT)	3.63	3.50	2.74	4.17	3.15	3.06

数据集	方法/策略	arith 8/8	arith 16/8	arith 32/8	interest 8/8	interest 16/8	interest 32/8
readelf数据集	AFL(原始)	3.17	1.71	1.26	3.04	2.16	2.09
	AFL(LL)	4.91	3.31	3.06	3.59	3.62	3.65
	AFL(TL)	4.38	2.89	2.82	3.34	3.24	3.45
	AFL(LT)	4.69	3.38	3.23	3.38	3.69	3.80
	AFL(TT)	4.69	3.49	3.37	3.63	3.48	3.65
objdump数据集	AFL(原始)	3.39	2.76	2.07	3.07	2.60	2.20
	AFL(LL)	4.91	3.24	3.19	3.70	3.89	3.79
	AFL(TL)	4.84	3.71	3.33	3.84	3.23	3.74
	AFL(LT)	4.62	3.66	3.31	3.75	3.62	3.84
	AFL(TT)	4.36	3.82	2.99	3.48	3.04	3.67
nm 数据集	AFL(原始)	2.80	1.75	1.18	2.39	2.29	2.28
	AFL(LL)	3.82	3.06	3.19	2.61	3.24	3.08
	AFL(TL)	3.02	3.21	3.02	3.02	3.02	3.45
	AFL(LT)	4.03	3.68	3.25	2.95	3.53	3.66
	AFL(TT)	3.95	2.99	1.00	2.36	3.43	3.65

数据集方法/策略	崩溃数量/个
数据集方法/策略	objdump	nm
AFL(原始)	0	0
AFL(LL)	2	3
AFL(TL)	2	3
AFL(LT)	21	12
AFL(TT)	1	4