English

Deep Reinforcement Fuzzing

Artificial Intelligence 2018-01-16 v1 Cryptography and Security

Abstract

Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-the-art deep Q-learning algorithms that optimize rewards, which we define from runtime properties of the program under test. By observing the rewards caused by mutating with a specific set of actions performed on an initial program input, the fuzzing agent learns a policy that can next generate new higher-reward inputs. We have implemented this new approach, and preliminary empirical evidence shows that reinforcement fuzzing can outperform baseline random fuzzing.

Keywords

Cite

@article{arxiv.1801.04589,
  title  = {Deep Reinforcement Fuzzing},
  author = {Konstantin Böttinger and Patrice Godefroid and Rishabh Singh},
  journal= {arXiv preprint arXiv:1801.04589},
  year   = {2018}
}
R2 v1 2026-06-22T23:44:46.327Z