# Format-aware Learn&Fuzz: Deep Test Data Generation for Efficient Fuzzing

**Authors:** Morteza Zakeri Nasrabadi, Saeed Parsa, Akram Kalaee

arXiv: 1812.09961 · 2020-06-16

## TL;DR

This paper introduces Format-aware Learn&Fuzz, a deep learning-based method for generating complex test data that improves fuzzing efficiency by distinguishing data from meta-data, demonstrated on a PDF reader with superior coverage.

## Contribution

It presents a novel neural language model approach for generating structured test data that targets parsing and rendering stages in software testing.

## Key findings

- Achieves higher code coverage than state-of-the-art fuzzers.
- Deep learning models with fewer parameters yield better coverage.
- Effective in testing complex structured inputs like PDFs.

## Abstract

Appropriate test data is a crucial factor to reach success in dynamic software testing, e.g., fuzzing. Most of the real-world applications, however, accept complex structure inputs containing data surrounded by meta-data which is processed in several stages comprising of the parsing and rendering (execution). It makes the automatically generating efficient test data, to be non-trivial and laborious activity. The success of deep learning to cope in solving complex tasks especially in generative tasks has motivated us to exploit it in the context of complex test data generation. To do so, a neural language model (NLM) based on deep recurrent neural networks (RNNs) is used to learn the structure of complex input. Our approach generates new test data while distinguishes between data and meta-data that makes it possible to target both the parsing and rendering parts of software under test (SUT). Such test data can improve, input fuzzing. To assess the proposed approach, we developed a modular file format fuzzer, IUST-DeepFuzz. Our conducted experiments on the MuPDF, a lightweight and favorite portable document format (PDF) reader, reveal that IUST-DeepFuzz reaches high coverage of SUT in comparison with the state-of-the-art tools such as learn&fuzz, AFL, Augmented-AFL and random fuzzing. We also observed that the simpler deep learning models, the higher code coverage.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.09961/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1812.09961/full.md

## References

40 references — full list in the complete paper: https://tomesphere.com/paper/1812.09961/full.md

---
Source: https://tomesphere.com/paper/1812.09961