Approximate Bayesian Computation As An Informed Fuzzing-Inference System
Chris Vaisnor
TL;DR
The paper explores using Approximate Bayesian Computation (ABC) to guide fuzz testing and address the intractable input space by inferring posteriors over fuzz parameters. It implements manual Sequential Monte Carlo (SMC) and Markov Chain Monte Carlo (MCMC) procedures with a distance-based, biased synthetic likelihood to steer input generation toward 'passing' regions, evaluating on a white-box fuzz test function. Results show the SMC approach delivering a high posterior pass rate of 89.7% (out of 1000 particles) versus 23% for MCMC, highlighting promise but also convergence challenges for single-chain MCMC. The work demonstrates the feasibility of likelihood-free inference for adaptive fuzz testing and suggests directions for extending to broader cybersecurity tasks and deeper complexity analyses.
Abstract
The power of fuzz testing lies in its random, often brute-force, generation and execution of inputs to trigger unexpected behaviors and vulnerabilities in software applications. However, given the reality of infinite possible input sequences, pursuing all test combinations would not only be computationally expensive, but practically impossible. Approximate Bayesian Computation (ABC), a form of Bayesian simulation, represents a novel, probabilistic approach to addressing this problem. The parameter space for working with these types of problems is effectively infinite, and the application of these techniques is untested in relevant literature. We use a relaxed, manual implementation of two ABC methods, a Sequential Monte Carlo (SMC) simulation, and a Markov Chain Monte Carlo (MCMC) simulation. We found promising results with the SMC posterior and mixed results with MCMC posterior distributions on our white-box fuzz-test function.