A Fuzzing Method for Security Testing of Sensors

The security issues in sensors impede the experience of using sensors to improve the quality of our life. By analysing security issues in open-source programs for sensors, we can understand the security problems in sensors. Fuzzing is one of the most effective techniques to identify potential software vulnerabilities. Most fuzzers aim to improve code coverage. However, a tester may want to focus on examining some specific code regions. In this paper, we proposed a deep learning (DL) guided fuzzing for software vulnerability detection, named DeFuzz. DeFuzz includes two main schemes: (1) We employ a pre-trained DL prediction model to identify the potentially vulnerable functions and the locations (<italic>i.e</italic>., vulnerable addresses). Precisely, we employ Bidirectional-LSTM (BiLSTM) to identify attention words, and the vulnerabilities are associated with these attention words in functions. (2) Then, we employ directed fuzzing to examine the potential vulnerabilities by generating inputs that tend to arrive at the predicted locations. To evaluate the effectiveness of the proposed DeFuzz technique, we have conducted experiments on real-world data sets. Experimental results show that our DeFuzz can discover more coverage and run faster than AFL. Moreover, DeFuzz exposes 43 more bugs than AFL on real-world applications.