Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation

TL;DR

This paper presents an automated workflow that uses machine learning as a target oracle to generate fuzz drivers for vulnerability detection, aiming to improve fuzzing efficiency and accuracy.

Contribution

It introduces a novel automated fuzz driver generation process leveraging machine learning as a target oracle for vulnerability detection.

Findings

Successfully identified a vulnerability in libgd using the proposed method.

Automated fuzz driver generation reduces manual effort in fuzzing.

Plan for large-scale evaluation to validate effectiveness.

Abstract

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an effective dynamic analysis technique, although it requires manually writing fuzz drivers. Fuzz drivers usually target a limited subset of functions in a library that must be chosen according to certain criteria, e.g., the depth of a function, the number of paths. These criteria are verified by components called target oracles. In this work, we propose an automated fuzz driver generation workflow composed of: (1) identifying a likely vulnerable function by leveraging a machine learning for vulnerability detection model as a target oracle, (2) automatically generating fuzz drivers, (3) fuzzing the target function to find bugs which could confirm the vulnerability inferred by the target oracle. We show our method on an existing vulnerability in libgd, with a plan for large-scale evaluation.