Abstract
The security issues in sensors impede the experience of using sensors to improve the quality of our life. By analyzing security issues in open-source programs for sensors, we can understand the security problems in sensors. Fuzzing is one of the most effective techniques to identify potential software vulnerabilities. Most fuzzers aim to improve code coverage. However, a tester may want to focus on examining some specific code regions. In this article, we proposed a deep learning (DL)-guided fuzzing for software vulnerability detection, named DeFuzz. DeFuzz includes two main schemes: 1) we employ a pretrained DL prediction model to identify the potentially vulnerable functions and the locations (i.e., vulnerable addresses). Precisely, we employ bidirectional-LSTM (BiLSTM) to identify attention words and the vulnerabilities associated with these attention words in functions; and 2) then, we employ directed fuzzing to examine the potential vulnerabilities by generating inputs that tend to arrive at the predicted locations. To evaluate the effectiveness of the proposed DeFuzz technique, we have conducted experiments on real-world data sets. Experimental results show that our DeFuzz can discover more coverage and run faster than AFL. Moreover, DeFuzz exposes 43 more bugs than AFL on real-world applications.
Original language | English |
---|---|
Pages (from-to) | 5522-5529 |
Number of pages | 8 |
Journal | IEEE Sensors Journal |
Volume | 24 |
Issue number | 5 |
Early online date | 8 Aug 2023 |
DOIs | |
Publication status | Published - 1 Mar 2024 |
Keywords
- Computer bugs
- Fuzzing
- Microprogramming
- Security
- Sensors
- Software
- fuzz testing
- Deep learning (DL)
- sensor security