ai-adaptive-fuzzer

https://github.com/hafizmuhammadsobankhan/ai-adaptive-fuzzer

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

✓
CITATION.cff file
Found CITATION.cff file
✓
codemeta.json file
Found codemeta.json file
✓
.zenodo.json file
Found .zenodo.json file
○
DOI references
○
Academic publication links
○
Academic email domains
○
Institutional organization owner
○
JOSS paper metadata
○
Scientific vocabulary similarity
Low similarity (12.6%) to scientific vocabulary

Last synced: 6 months ago · JSON representation ·

Repository

Basic Info

Host: GitHub
Owner: HafizMuhammadSobanKhan
License: apache-2.0
Language: C
Default Branch: main
Size: 32 MB

Statistics

Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Releases: 0

Created 12 months ago · Last pushed 12 months ago

Metadata Files

Readme Changelog Contributing Funding License Citation

AI-Adaptive-Fuzzer

AI-Driven Adaptive Fuzzing for Automated Vulnerability Detection

Overview

The AI-Adaptive-Fuzzer is an AI-enhanced fuzzing framework that integrates Reinforcement Learning (RL) with AFL++ to intelligently optimize mutation strategies for software security testing. The framework continuously adapts its fuzzing approach based on real-time execution feedback, improving code coverage, mutation efficiency, and vulnerability discovery in embedded systems and software applications.

This project builds upon AFL++, extending its capabilities with AI-driven mutation selection and execution feedback mechanisms. The framework has been rigorously tested on LAVA-M (synthetic vulnerability dataset) and Zephyr RTOS (real-world embedded systems).

Key Features

✅ AI-Guided Mutation Strategy: Uses Reinforcement Learning to prioritize high-impact test cases
✅ Adaptive Fuzzing Strategies: Dynamically adjusts mutation techniques based on real-time execution feedback
✅ Integration with AFL++: Utilizes an external mutator module to interact with AFL++ without modifying its core engine
✅ Real-Time Execution Feedback: Collects runtime coverage, execution performance, and crash data
✅ Scalability Across Embedded Architectures: Designed for firmware, real-time OS (RTOS) testing, and security validation

System Architecture

The AI-Adaptive-Fuzzer consists of multiple key components:

AFL++ Core Engine – Responsible for test case execution, instrumentation, and input mutation
AI-Driven Mutation Engine – A Reinforcement Learning (RL)-based decision-making module that optimizes test case selection
Execution Feedback Loop – Collects runtime execution results, coverage data, and crash reports to refine mutation strategies
External Mutator Module – A bridge between AFL++ and the AI decision-making system
Target Embedded Systems – The fuzzer is tested on LAVA-M (synthetic vulnerabilities) and Zephyr RTOS (real-world firmware testing)

Setup & Installation

1️⃣ Install Dependencies

Ensure your system has the required dependencies installed before running the AI-Adaptive-Fuzzer.

🔹 Install AFL++

bash sudo apt update && sudo apt install -y build-essential python3 python3-pip cmake clang llvm git clone https://github.com/AFLplusplus/AFLplusplus.git cd AFLplusplus make distrib && sudo make install

🔹 Install Python Libraries

bash pip install stable-baselines3 gym numpy pandas torch

🔹 Install Additional Tools

bash sudo apt install -y gdb lcov jq

2️⃣ Compile the Target Program

The target program (e.g., a Base64 vulnerability replica from LAVA-M) must be compiled with AFL++ instrumentation.

bash afl-clang-fast -o target_binary target_source.c chmod +x target_binary ✅ Ensure the binary runs before fuzzing: bash ./target_binary test_input

3️⃣ Configure Input & Output Directories

Ensure the input directory contains a set of seed test cases.
The output directory will store fuzzing results and logs.

bash mkdir -p ~/AFLplusplus/inputs echo "test" > ~/AFLplusplus/inputs/testcase1 chmod -R 777 ~/AFLplusplus/inputs mkdir -p ~/AFLplusplus/outputs

4️⃣ Run AI-Enhanced Fuzzing

The AI-enhanced fuzzer should be executed with the appropriate settings.

bash python ~/AFLplusplus/run_adaptive_fuzzing.py --target ./target_binary --input ~/AFLplusplus/inputs --output ~/AFLplusplus/outputs 🔹 What this does: - Launches the Reinforcement Learning (RL) agent to select optimal mutations. - Executes AFL++ with AI-driven mutation selection. - Logs fuzzing activity in mutation_log.txt.

5️⃣ Running Traditional AFL++ for Comparison

To benchmark against standard mutation-based fuzzing, run:

bash afl-fuzz -i inputs -o outputs -- ./target_binary

🔹 Why?
- This helps compare performance between traditional fuzzing and AI-enhanced fuzzing. - AI fuzzing should show better code coverage & vulnerability detection.

Monitoring Execution & Collecting Results

📌 AI Mutation Log

To see AI-selected mutations & rewards, run: bash cat ~/AFLplusplus/mutation_log.txt

📌 Code Coverage Analysis

To measure how much of the code was explored, run: bash cat ~/AFLplusplus/outputs/fuzzer_stats | grep "bitmap_cvg"

📌 Count Unique Crashes

To check if new crashes were found: bash ls -lh ~/AFLplusplus/outputs/crashes | wc -l

How It Works

The AI-Adaptive-Fuzzer operates in a structured, iterative process:

1️⃣ Fuzzing Initialization: AFL++ generates an initial set of baseline test cases.
2️⃣ Execution & Monitoring: The test cases are run on the target firmware/software, and execution feedback is collected.
3️⃣ AI Feedback Processing: The RL agent analyzes execution results and determines the most effective mutation strategy.
4️⃣ Mutation Application: New test cases are generated using AI-optimized mutation policies and sent back to AFL++.
5️⃣ Continuous Learning: The AI model continuously refines its mutation strategy based on fuzzing results.

Evaluation & Results

The AI-Adaptive-Fuzzer has been tested in real-world scenarios:

LAVA-M Dataset (Structured vulnerabilities for fuzz testing)
Zephyr RTOS (Real-time operating system for embedded systems)

The framework is evaluated based on the following performance metrics:

Code Coverage Analysis – Measures the effectiveness of test cases in exploring the software under test.
Vulnerability Detection Rate – Tracks how many unique vulnerabilities are discovered.
Mutation Effectiveness – Determines how efficiently AI-driven mutations improve the fuzzing process.

Future Work

🔹 Optimize AI Model Performance: Reduce training overhead for faster learning cycles.
🔹 Expand to More Targets: Apply to new embedded platforms and firmware environments.
🔹 Improve Scalability: Adapt fuzzer for distributed execution across multiple devices.
🔹 Enhance Real-Time Feedback Loop: Fine-tune AI decision-making for faster vulnerability discovery.

Contributions & Support

This project is actively maintained, and contributions are welcome! If you encounter any issues, have feature requests, or want to collaborate, feel free to open an issue or pull request.

For inquiries, reach out to Hafiz Muhammad Soban Khan.

🚀 AI-Adaptive-Fuzzer: Intelligent, scalable, and efficient fuzzing for next-generation security testing! 🚀

License

This project is released under the Apache-2.0 License. You are free to use, modify, and distribute the software with attribution.

📌 Summary

AI-Adaptive-Fuzzer is an advanced fuzzing framework integrating AI with AFL++.
It applies Reinforcement Learning (RL) to mutation selection, optimizing code coverage & vulnerability detection.
Designed for embedded systems, firmware security, and real-time OS fuzzing.
Tested on LAVA-M and Zephyr RTOS with promising performance improvements.
Future work includes expanding target environments, optimizing AI efficiency, and improving scalability.

🚀 Securing embedded systems with AI-driven fuzzing! 🚀

Owner

Name: Soban
Login: HafizMuhammadSobanKhan
Kind: user

Repositories: 1
Profile: https://github.com/HafizMuhammadSobanKhan

Citation (CITATION.cff)

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
  - given-names: Marc
    family-names: Heuse
    email: mh@mh-sec.de
  - given-names: Heiko
    family-names: Eißfeldt
    email: heiko.eissfeldt@hexco.de
  - given-names: Andrea
    family-names: Fioraldi
    email: andreafioraldi@gmail.com
  - given-names: Dominik
    family-names: Maier
    email: mail@dmnk.co
title: "AFL++"
version: 4.00c
type: software
date-released: 2022-01-26
url: "https://github.com/AFLplusplus/AFLplusplus"
keywords:
  - fuzzing
  - fuzzer
  - fuzz-testing
  - instrumentation
  - afl-fuzz
  - qemu
  - llvm
  - unicorn-emulator
  - security
license: AGPL-3.0-or-later

GitHub Events

Total

Push event: 3
Create event: 2

Last Year

Push event: 3
Create event: 2

Dependencies

.github/workflows/ci.yml actions

actions/checkout v4 composite
actions/checkout v3 composite

.github/workflows/code-format.yml actions

actions/checkout v3 composite

.github/workflows/codeql-analysis.yml actions

actions/checkout v3 composite
github/codeql-action/analyze v2 composite
github/codeql-action/init v2 composite

.github/workflows/container.yml actions

actions/checkout v4 composite
actions/checkout v3 composite
docker/build-push-action v6 composite
docker/build-push-action v3 composite
docker/login-action v2 composite
docker/setup-buildx-action v3 composite
docker/setup-buildx-action v2 composite
docker/setup-qemu-action v2 composite

.github/workflows/rust_custom_mutator.yml actions

actions-rs/toolchain v1 composite
actions/checkout v3 composite

custom_mutators/libafl_base/Cargo.toml cargo

custom_mutators/rust/Cargo.toml cargo

custom_mutators/rust/custom_mutator/Cargo.toml cargo

custom_mutators/rust/custom_mutator-sys/Cargo.toml cargo

custom_mutators/rust/example/Cargo.toml cargo

custom_mutators/rust/example_lain/Cargo.toml cargo

custom_mutators/rust/example_lain_post_process/Cargo.toml cargo

unicorn_mode/samples/speedtest/rust/Cargo.toml cargo

Dockerfile docker

ubuntu 22.04 build

frida_mode/many-linux/Dockerfile docker

fridadotre/manylinux-x86_64 latest build

frida_mode/ub1804/Dockerfile docker

ubuntu xenial build

frida_mode/ts/package-lock.json npm

@babel/code-frame 7.18.6 development
@babel/helper-validator-identifier 7.19.1 development
@babel/highlight 7.18.6 development
@types/node 14.18.36 development
ansi-styles 3.2.1 development
argparse 1.0.10 development
balanced-match 1.0.2 development
brace-expansion 1.1.11 development
builtin-modules 1.1.1 development
chalk 2.4.2 development
color-convert 1.9.3 development
color-name 1.1.3 development
commander 2.20.3 development
concat-map 0.0.1 development
diff 4.0.2 development
escape-string-regexp 1.0.5 development
esprima 4.0.1 development
fs.realpath 1.0.0 development
function-bind 1.1.1 development
get-caller-file 1.0.3 development
glob 7.2.3 development
has 1.0.3 development
has-flag 3.0.0 development
inflight 1.0.6 development
inherits 2.0.4 development
is-core-module 2.11.0 development
js-tokens 4.0.0 development
js-yaml 3.14.1 development
minimatch 3.1.2 development
minimist 1.2.7 development
mkdirp 0.5.6 development
mock-require 3.0.3 development
normalize-path 2.1.1 development
once 1.4.0 development
path-is-absolute 1.0.1 development
path-parse 1.0.7 development
remove-trailing-separator 1.1.0 development
resolve 1.22.1 development
semver 5.7.1 development
sprintf-js 1.0.3 development
supports-color 5.5.0 development
supports-preserve-symlinks-flag 1.0.0 development
tslib 1.14.1 development
tslint 6.1.3 development
tsutils 2.29.0 development
typescript 4.9.5 development
typescript-tslint-plugin 0.5.5 development
vscode-jsonrpc 4.0.0 development
vscode-languageserver 5.2.1 development
vscode-languageserver-protocol 3.14.1 development
vscode-languageserver-types 3.14.0 development
vscode-uri 1.0.8 development
wrappy 1.0.2 development
@types/frida-gum 16.5.1

frida_mode/ts/package.json npm

@types/node ^14.14.2 development
tslint ^6.1.3 development
typescript ^4.0.3 development
typescript-tslint-plugin ^0.5.5 development
@types/frida-gum ^16.2.0