Description of field of research:

Fuzzing is an automatic technique used to detect bugs and vulnerabilities in software based on genetic algorithm. The idea behind it is to generate different inputs to maximise the code coverage, which in turn maximises the bug coverage. However, without any guidance, the naïve approach to fuzzing is extremely computationally expensive.  In this project you will be exploring how to use machine learning to guide the fuzzing algorithm to detect software vulnerabilities more efficiently. Machine learning can be used to filter out inputs to develop a better model for the code reachability as well as providing guidance on the exploration and exploitation trade-off.

School

Computer Science and Engineering

Research areas

Software Engineering, Cyber Security, Machine Learning

In this project, you will primarily be working with Dr. Simon Luo and Prof. Salil Kanhere. There will be weekly meetings where you will receive guidance on the project to develop and implement state-of-the-art techniques to automatically detect software vulnerabilities on real-world software. You will be given the opportunity to run experiments on high performance computers.

At the end of the project, you will have conducted a literature review of the state-of-the-art approaches for using machine learning to guide the fuzzing algorithm. You will have run a few benchmarks fuzzing software to identify any vulnerabilities. You will have critically assessed which approaches are the best using several evaluation methods.

  • Marcel Bohme, Van-Thuan Pham, Manh-Dung Nguyen and Abhik Roychoudhury, Directed Greybox Fuzzing, CCS'17
  • Xiaogang Zhu and Marcel Bohme, Regression Greybox Fuzzing, CCS'21
  • Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang and Kai Chen, FuzzGaurd: Filtering out Unreachable Inputs in Directed Grey-Box Fuzzing through Deep Learning