CONFUZZIUS: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

10.36227/techrxiv.14192459 ◽

2021 ◽

Author(s):

Christof Ferreira Torres ◽

Antonio Ken Iannillo ◽

Arthur Gervais ◽

Radu State

Keyword(s):

State Of The Art ◽

Symbolic Execution ◽

Hybrid Approach ◽

Data Dependency ◽

Smart Contracts ◽

Dependency Analysis ◽

Bug Detection ◽

Code Coverage ◽

Traditional Programs ◽

Turing Complete

<div> <div> <p>Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for attackers. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes. As a result, a variety of tools for detecting bugs have been proposed. Most of these tools rely on symbolic execution, which may yield false positives due to over-approximation. Recently, many fuzzers have been proposed to detect bugs in smart contracts. However, these tend to be more effective in finding shallow bugs and less effective in finding bugs that lie deep in the execution, therefore achieving low code coverage and many false negatives. An alternative that has proven to achieve good results in traditional programs is hybrid fuzzing, a combination of symbolic execution and fuzzing. In this work, we study hybrid fuzzing on smart contracts and present ConFuzzius, the first hybrid fuzzer for smart contracts. ConFuzzius uses evolutionary fuzzing to exercise shallow parts of a smart contract and constraint solving to generate inputs that satisfy complex conditions that prevent evolutionary fuzzing from exploring deeper parts. Moreover, ConFuzzius leverages dynamic data dependency analysis to efficiently generate sequences of transactions that are more likely to result in contract states in which bugs may be hidden. We evaluate the effectiveness of ConFuzzius by comparing it with state-of-the-art symbolic execution tools and fuzzers for smart contracts. Our evaluation on a curated dataset of 128 contracts and a dataset of 21K real-world contracts shows that our hybrid approach detects more bugs than state-of-the-art tools (up to 23%) and that it outperforms existing tools in terms of code coverage (up to 69%). We also demonstrate that data dependency analysis can boost bug detection up to 18%.</p> </div> </div>

Download Full-text

Dynamic Symbolic Execution Guided by Data Dependency Analysis for High Structural Coverage

Communications in Computer and Information Science - Evaluation of Novel Approaches to Software Engineering ◽

10.1007/978-3-642-45422-6_1 ◽

2013 ◽

pp. 3-15 ◽

Cited By ~ 2

Author(s):

TheAnh Do ◽

A. C. M. Fong ◽

Russel Pears

Keyword(s):

Symbolic Execution ◽

Data Dependency ◽

Dependency Analysis ◽

Dynamic Symbolic Execution ◽

Structural Coverage

Download Full-text

An Optimized Approach for Breast Cancer Classification for Histopathological Images Based on Hybrid Feature Set

Current Medical Imaging Formerly Current Medical Imaging Reviews ◽

10.2174/1573405616666200423085826 ◽

2020 ◽

Vol 16 ◽

Cited By ~ 1

Author(s):

Inzamam Mashood Nasir ◽

Muhammad Rashid ◽

Jamal Hussain Shah ◽

Muhammad Sharif ◽

Muhammad Yahiya Haider Awan ◽

...

Keyword(s):

Breast Cancer ◽

Cancer Detection ◽

State Of The Art ◽

Hybrid Approach ◽

Classification Performance ◽

Diagnose Breast Cancer ◽

Histopathological Images ◽

And Performance ◽

Learned Features ◽

Intelligent Healthcare

Background: Breast cancer is considered as the most perilous sickness among females worldwide and the ratio of new cases is expanding yearly. Many researchers have proposed efficient algorithms to diagnose breast cancer at early stages, which have increased the efficiency and performance by utilizing the learned features of gold standard histopathological images. Objective: Most of these systems have either used traditional handcrafted features or deep features which had a lot of noise and redundancy, which ultimately decrease the performance of the system. Methods: A hybrid approach is proposed by fusing and optimizing the properties of handcrafted and deep features to classify the breast cancer images. HOG and LBP features are serially fused with pretrained models VGG19 and InceptionV3. PCR and ICR are used to evaluate the classification performance of proposed method. Results: The method concentrates on histopathological images to classify the breast cancer. The performance is compared with state-of-the-art techniques, where an overall patient-level accuracy of 97.2% and image-level accuracy of 96.7% is recorded. Conclusion: The proposed hybrid method achieves the best performance as compared to previous methods and it can be used for the intelligent healthcare systems and early breast cancer detection.

Download Full-text

Target Localization via Integrated and Segregated Ranging Based on RSS and TOA Measurements

Sensors ◽

10.3390/s19020230 ◽

2019 ◽

Vol 19 (2) ◽

pp. 230 ◽

Cited By ~ 5

Author(s):

Slavisa Tomic ◽

Marko Beko

Keyword(s):

State Of The Art ◽

Hybrid Approach ◽

Critical Distance ◽

Heuristic Approach ◽

Target Localization ◽

Line Of Sight ◽

Time Of Arrival ◽

Individual Measurement ◽

New Approach ◽

Non Line Of Sight

This work addresses the problem of target localization in adverse non-line-of-sight (NLOS) environments by using received signal strength (RSS) and time of arrival (TOA) measurements. It is inspired by a recently published work in which authors discuss about a critical distance below and above which employing combined RSS-TOA measurements is inferior to employing RSS-only and TOA-only measurements, respectively. Here, we revise state-of-the-art estimators for the considered target localization problem and study their performance against their counterparts that employ each individual measurement exclusively. It is shown that the hybrid approach is not the best one by default. Thus, we propose a simple heuristic approach to choose the best measurement for each link, and we show that it can enhance the performance of an estimator. The new approach implicitly relies on the concept of the critical distance, but does not assume certain link parameters as given. Our simulations corroborate with findings available in the literature for line-of-sight (LOS) to a certain extent, but they indicate that more work is required for NLOS environments. Moreover, they show that the heuristic approach works well, matching or even improving the performance of the best fixed choice in all considered scenarios.

Download Full-text

A Combined Approach to Predicting Rest in Dogs Using Accelerometers

Sensors ◽

10.3390/s18082649 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2649 ◽

Cited By ~ 6

Author(s):

Cassim Ladha ◽

Christy Hoffman

Keyword(s):

Resting State ◽

State Of The Art ◽

Hybrid Approach ◽

Well Being ◽

Housing Conditions ◽

Combined Approach ◽

Current State ◽

Healthy Dogs ◽

State Of Rest ◽

Health And Well Being

The ability to objectively measure episodes of rest has clear application for assessing health and well-being. Accelerometers afford a sensitive platform for doing so and have demonstrated their use in many human-based trials and interventions. Current state of the art methods for predicting sleep from accelerometer signals are either based on posture or low movement. While both have proven to be sensitive in humans, the methods do not directly transfer well to dogs, possibly because dogs are commonly alert but physically inactive when recumbent. In this paper, we combine a previously validated low-movement algorithm developed for humans and a posture-based algorithm developed for dogs. The hybrid approach was tested on 12 healthy dogs of varying breeds and sizes in their homes. The approach predicted state of rest with a mean accuracy of 0.86 (SD = 0.08). Furthermore, when a dog was in a resting state, the method was able to distinguish between head up and head down posture with a mean accuracy of 0.90 (SD = 0.08). This approach can be applied in a variety of contexts to assess how factors, such as changes in housing conditions or medication, may influence a dog’s resting patterns.

Download Full-text

Legally Enforceable Smart-Contract Languages

ACM Computing Surveys ◽

10.1145/3453475 ◽

2021 ◽

Vol 54 (5) ◽

pp. 1-34

Author(s):

Vimal Dwivedi ◽

Vishwajeet Pattanaik ◽

Vipin Deval ◽

Abhishek Dixit ◽

Alex Norta ◽

...

Keyword(s):

Literature Review ◽

Systematic Literature Review ◽

State Of The Art ◽

Grey Literature ◽

Smart Contracts ◽

Smart Contract ◽

Decentralized Autonomous Organizations

Smart contracts are a key component of today’s blockchains. They are critical in controlling decentralized autonomous organizations (DAO). However, smart contracts are not yet legally binding nor enforceable; this makes it difficult for businesses to adopt the DAO paradigm. Therefore, this study reviews existing Smart Contract Languages (SCL) and identifies properties that are critical to any future SCL for drafting legally binding contracts. This is achieved by conducting a Systematic Literature Review (SLR) of white- and grey literature published between 2015 and 2019. Using the SLR methodology, 45 Selected and 28 Supporting Studies detailing 45 state-of-the-art SCLs are selected. Finally, 10 SCL properties that enable legally compliant DAOs are discovered, and specifications for developing SCLs are explored.

Download Full-text

Solving Mono- and Multi-Objective Problems Using Hybrid Evolutionary Algorithms and Nelder-Mead Method

International Journal of Applied Metaheuristic Computing ◽

10.4018/ijamc.2021100106 ◽

2021 ◽

Vol 12 (4) ◽

pp. 98-116

Author(s):

Noureddine Boukhari ◽

Fatima Debbat ◽

Nicolas Monmarché ◽

Mohamed Slimane

Keyword(s):

Convergence Rate ◽

Optimization Problem ◽

Optimization Problems ◽

State Of The Art ◽

Hybrid Approach ◽

Optimization Methods ◽

Global Optimum ◽

Stochastic Methods ◽

Local Optima ◽

Portfolio Optimization Problem

Evolution strategies (ES) are a family of strong stochastic methods for global optimization and have proved their capability in avoiding local optima more than other optimization methods. Many researchers have investigated different versions of the original evolution strategy with good results in a variety of optimization problems. However, the convergence rate of the algorithm to the global optimum stays asymptotic. In order to accelerate the convergence rate, a hybrid approach is proposed using the nonlinear simplex method (Nelder-Mead) and an adaptive scheme to control the local search application, and the authors demonstrate that such combination yields significantly better convergence. The new proposed method has been tested on 15 complex benchmark functions and applied to the bi-objective portfolio optimization problem and compared with other state-of-the-art techniques. Experimental results show that the performance is improved by this hybridization in terms of solution eminence and strong convergence.

Download Full-text

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Fundamental Approaches to Software Engineering - Lecture Notes in Computer Science ◽

10.1007/978-3-030-71500-7_19 ◽

2021 ◽

pp. 363-367 ◽

Cited By ~ 1

Author(s):

Kaled M. Alshmrany ◽

Rafael S. Menezes ◽

Mikhail R. Gadelha ◽

Lucas C. Cordeiro

Keyword(s):

Model Checking ◽

Symbolic Execution ◽

Bounded Model Checking ◽

Test Cases ◽

Security Vulnerabilities ◽

C Programs ◽

Code Coverage

AbstractWe describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

Download Full-text

Decentralized data dependency analysis for concurrent process execution

2009 13th Enterprise Distributed Object Computing Conference Workshops ◽

10.1109/edocw.2009.5332013 ◽

2009 ◽

Cited By ~ 6

Author(s):

Susan D. Urban ◽

Ziao Liu ◽

Le Gao ◽

Edward E. Whitaker

Keyword(s):

Data Dependency ◽

Dependency Analysis ◽

Concurrent Process ◽

Process Execution

Download Full-text

An Algorithm for Learning the Skeleton of Large Bayesian Network

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213015500128 ◽

2015 ◽

Vol 24 (04) ◽

pp. 1550012

Author(s):

Yanying Li ◽

Youlong Yang ◽

Wensheng Wang ◽

Wenming Yang

Keyword(s):

Bayesian Network ◽

Structure Learning ◽

State Of The Art ◽

Large Network ◽

Dependency Analysis ◽

Learning From Data ◽

Bayesian Network Structure ◽

Bayesian Network Structure Learning ◽

Np Hard Problem ◽

Key Steps

It is well known that Bayesian network structure learning from data is an NP-hard problem. Learning a correct skeleton of a DAG is the foundation of dependency analysis algorithms for this problem. Considering the unreliability of the high order condition independence (CI) tests and the aim to improve the efficiency of a dependency analysis algorithm, the key steps are to use less number of CI tests and reduce the sizes of condition sets as many as possible. Based on these analyses and inspired by the algorithm HPC, we present an algorithm, named efficient hybrid parents and child (EHPC), for learning the adjacent neighbors of every variable. We proof the validity of the algorithm. Compared with state-of-the-art algorithms, the experimental results show that EHPC can handle large network and has better accuracy with fewer number of condition independence tests and smaller size of conditioning set.

Download Full-text