{"title":"基于强化学习的模糊检测技术在二进制程序漏洞检测中的应用","authors":"Guoyan Cao , Yanhui Ma , Mengjiao Geng","doi":"10.1016/j.array.2025.100458","DOIUrl":null,"url":null,"abstract":"<div><div>Binary programs are susceptible to vulnerabilities that can lead to unauthorized access, data breaches, and system damage. Fuzzing is a promising technique for identifying vulnerabilities in binary programs. However, fuzzing is time-consuming and inefficient as many seeds are random and recurrently executed. This paper proposes a novel approach called Vulnerable State Guided Fuzzing (VSGFuzz) employs a heuristic mechanism for generating seeds to optimize vulnerability detection. This mechanism assesses the vulnerable probability of each function within the target binary program and employs reinforcement learning to mutate seeds based on a comprehensive reward calculation algorithm considering vulnerable probability and coverage assessment. Experiments evaluating VSGFuzz compared with other typical methods on several datasets demonstrated the superiority of the proposed method over other methods.</div></div>","PeriodicalId":8417,"journal":{"name":"Array","volume":"27 ","pages":"Article 100458"},"PeriodicalIF":4.5000,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A reinforcement learning based fuzzing technique for binary programs vulnerabilities detection\",\"authors\":\"Guoyan Cao , Yanhui Ma , Mengjiao Geng\",\"doi\":\"10.1016/j.array.2025.100458\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Binary programs are susceptible to vulnerabilities that can lead to unauthorized access, data breaches, and system damage. Fuzzing is a promising technique for identifying vulnerabilities in binary programs. However, fuzzing is time-consuming and inefficient as many seeds are random and recurrently executed. This paper proposes a novel approach called Vulnerable State Guided Fuzzing (VSGFuzz) employs a heuristic mechanism for generating seeds to optimize vulnerability detection. This mechanism assesses the vulnerable probability of each function within the target binary program and employs reinforcement learning to mutate seeds based on a comprehensive reward calculation algorithm considering vulnerable probability and coverage assessment. Experiments evaluating VSGFuzz compared with other typical methods on several datasets demonstrated the superiority of the proposed method over other methods.</div></div>\",\"PeriodicalId\":8417,\"journal\":{\"name\":\"Array\",\"volume\":\"27 \",\"pages\":\"Article 100458\"},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2025-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Array\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2590005625000852\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Array","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590005625000852","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
A reinforcement learning based fuzzing technique for binary programs vulnerabilities detection
Binary programs are susceptible to vulnerabilities that can lead to unauthorized access, data breaches, and system damage. Fuzzing is a promising technique for identifying vulnerabilities in binary programs. However, fuzzing is time-consuming and inefficient as many seeds are random and recurrently executed. This paper proposes a novel approach called Vulnerable State Guided Fuzzing (VSGFuzz) employs a heuristic mechanism for generating seeds to optimize vulnerability detection. This mechanism assesses the vulnerable probability of each function within the target binary program and employs reinforcement learning to mutate seeds based on a comprehensive reward calculation algorithm considering vulnerable probability and coverage assessment. Experiments evaluating VSGFuzz compared with other typical methods on several datasets demonstrated the superiority of the proposed method over other methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
