Distinguished Paper Award at NDSS'23

Congrats to CROSSING-PI Professor Sadeghi and his team

2023/03/20 by

The paper “DARWIN: Survival of the Fittest Fuzzing Mutators” co-authored by CROSSING-PI Professor Ahmad-Reza Sadeghi (System Security Lab, TU Darmstadt) received the Distinguished Paper Award at NDSS'23.

Prof. Ahmad-Reza Sadeghi and Patrick Jauernig (both System Security Lab, TU Darmstadt) receive the Distinguished Paper Award from Programme Committee Co-Chairs Wenyuan Xu and Mathias Payer.

Fuzzing is a commonly used technique for finding bugs and vulnerabilities in software. A popular variant of fuzzing is mutation-based fuzzing, which has been widely adopted in the industry for the detection of bugs in software. However, the algorithms used in mutation-based fuzzing are complex, making the results unpredictable. Most of the efforts to improve the technique have focused on optimising the scheduling of the initial seeds, but this approach has not consistently shown improvements in practice.

The authors of the distinguished paper from TU Darmstadt, TU Delft and Radboud University as well as University of Zagreb propose a new approach called DARWIN, which optimises mutation scheduling using an evolutionary strategy. DARWIN has been implemented in a prototype based on the popular general-purpose fuzzer AFL. In experiments, DARWIN outperformed existing mutation schedulers and the AFL baseline by finding more bugs in widely used real-world applications. The results show that DARWIN can improve the fuzzing process without requiring additional user-configurable parameters, making it accessible to a wide range of users.

Recommended external content

We have selected external content from Twitter for you and would like to show it to you right here. To do this, you must reveal it with one click. You can hide the external content at any time with another click.

I agree to external content from X being shown to me. This may result in personal data being transmitted to third-party platforms. You can find more information in our Privacy Policy.

Network and Distributed System Security (NDSS) Symposium is one of the premier venues in IT security and privacy. The conference took place from February 26 – March 1, 2023 in San Diego, USA.

Publication

DARWIN: Survival of the Fittest Fuzzing Mutators

by Patrick Jauernig (Technical University of Darmstadt), Domagoj Jakobovic (University of Zagreb, Croatia), Stjepan Picek (Radboud University and TU Delft), Emmanuel Stapf (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt)

The work was supported by the German Federal Ministry of Education and Research in the StartUpSecure funding program ”Sanctuary” (16KIS1417), the German Federal Ministry of Education and Research and the Hessian State Ministry for Higher Education, Research and the Arts within ATHENE, and by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (Project ASSURED, grant agreement No. 952697).