MTFuzz: Fuzzing with a Multi-Task Neural Network

TL;DR

MTFuzz introduces a multi-task neural network to improve fuzzing by learning a compact input space embedding, leading to better bug discovery and increased code coverage over existing fuzzers.

Contribution

The paper presents MTFuzz, a novel multi-task neural network approach that enhances fuzzing efficiency by learning diverse input representations for multiple coverage tasks.

Findings

Uncovered 11 new bugs in real-world programs.

Achieved 2x more edge coverage on average.

Outperformed 5 state-of-the-art fuzzers.

Abstract

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs, mutate them to generate new inputs, and identify the promising inputs using an evolutionary fitness function for further mutation. Despite their success, evolutionary fuzzers tend to get stuck in long sequences of unproductive mutations. In recent years, machine learning (ML) based mutation strategies have reported promising results. However, the existing ML-based fuzzers are limited by the lack of quality and diversity of the training data. As the input space of the target programs is high dimensional and sparse, it is prohibitively expensive to collect many diverse samples demonstrating successful and unsuccessful mutations to train the model. In this paper, we address these issues by using a Multi-Task Neural Network that can learn a compact embedding of the input space based on diverse training samples for multiple related tasks (i.e., predicting for different types of coverage). The compact embedding can guide the mutation process by focusing most of the mutations on the parts of the embedding where the gradient is high. \tool uncovers $11$ previously unseen bugs and achieves an average of $2\times$ more edge coverage compared with 5 state-of-the-art fuzzer on 10 real-world programs.