xFuzz: Machine Learning Guided Cross-Contract Fuzzing
نویسندگان
چکیده
Smart contract transactions are increasingly interleaved by cross-contract calls. While many tools have been developed to identify a common set of vulnerabilities, the vulnerability is overlooked existing tools. Cross-contract vulnerabilities exploitable bugs that manifest in presence more than two interacting contracts. Existing methods however limited analyze maximum contracts at same time. Detecting highly non-trivial. With multiple contracts, search space much larger single contract. To address this problem, we present xFuzz, machine learning guided smart fuzzing framework. The models trained with novel features (e.g., word vectors and instructions) used filter likely benign program paths. Comparing static tools, model proven be robust, avoiding directly adopting manually-defined rules specific We compare xFuzz three state-of-the-art on 7,391 detects 18 which 15 exposed for first Furthermore, our approach shown efficient detecting non-cross-contract as well—using less 20% time other twice vulnerabilities.
منابع مشابه
Learn&Fuzz: machine learning for input fuzzing
Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques. We present a detailed case study with a complex in...
متن کاملINSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing
Empowered by instrumentation, coverage-guided fuzzing monitors the program execution path taken by an input, and prioritizes inputs based on their contribution to code coverage. Although instrumenting every basic block ensures full visibility, it slows down the fuzzer and thus the speed of vulnerability discovery. This paper shows that thanks to common program structures (e.g., directed acyclic...
متن کاملHigh Dimensional Human Guided Machine Learning
Have you ever looked at a machine learning classification model and thought, I could have made that? Well, that is what we test in this project, comparing XGBoost trained on human engineered features to training directly on data. The human engineered features do not outperform XGBoost trained directly on the data, but they are comparable. This project contributes a novel method for utilizing hu...
متن کاملTheory-Guided Machine Learning in Materials Science
Materials scientists are increasingly adopting the use of machine learning tools to discover hidden trends in data and make predictions. Applying concepts from data science without foreknowledge of their limitations and the unique qualities of materials data, however, could lead to errant conclusions. The differences that exist between various kinds of experimental and calculated data require c...
متن کاملTransparency and Socially Guided Machine Learning
In this paper we advocate a paradigm of socially guided machine learning, designing agents that take better advantage of the situated aspects of learning. We augmented a standard Reinforcement Learning agent with the social mechanisms of attention direction and gaze. Experiments with an interactive computer game, deployed over the World Wide Web to over 75 players, show the positive impact of t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Dependable and Secure Computing
سال: 2022
ISSN: ['1941-0018', '1545-5971', '2160-9209']
DOI: https://doi.org/10.1109/tdsc.2022.3182373