Microsoft Hopes Advanced Neural Fuzzing Can Help Squash Bugs
Software bugs are the bane of programming. Squash one and 10 more pop up to take its place, but engineers at Microsoft are hoping a new form of testing will make it easier to find unexpected bugs and exploits. The automated testing, known as fuzzing, involves inputting large amounts of data into a program in order to make it crash or behave in an unexpected way. Neural fuzzing is the company’s latest attempt to improve this testing process.
Fuzzing has been around for many years and is traditionally broken into three different categories. Blackbox fuzzers, sometimes known as dumb fuzzing, is the most primitive of these forms of tests and makes use of sample input files to create new inputs. Whitebox fuzzers are smarter than their blackbox counterpart and will make use of algorithms in order to find new code branches. Greybox fuzzers do not use algorithms in the same way that whitebox fuzzers do, but will make use of feedback loops in order to attempt to find new new code paths.
Microsoft’s new neural network fuzzer is a variant on greybox fuzzing. The new form of testing applies a neural network to the greybox’s feedback loop allowing it to find more new code paths than traditional forms of fuzzing.
In early tests, Microsoft reported that neural fuzzing was twice as effective at identifying new code paths as traditional fuzzers. However, this level of success was only reported with .png files. When attempting to replicate the experiment using PDF files, Microsoft found that traditional fuzzing methods were more effective. The company believes that the larger file sizes resulted in slower communication with the neural network making it less efficient.
Those hoping to test out the software for themselves can do so as part of the company’s Security Risk Detection and Azure Cloud Services.
Eric is an avid tech junkie, gamer, and comic fan. When he's not working on his PC, you'll find him at your local comic book shop.