Towards Smart Hybrid Fuzzing for Smart Contracts

Smart contracts are Turing-complete programs that are executed across a blockchain network. Unlike traditional programs, once deployed they cannot be modified. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In recent years, smart contracts suffered major exploits, costing millions of dollars, due to programming errors. As a result, a variety of tools for detecting bugs has been proposed. However, majority of these tools often yield many false positives due to over-approximation or poor code coverage due to complex path constraints. Fuzzing or fuzz testing is a popular and effective software testing technique. However, traditional fuzzers tend to be more effective towards finding shallow bugs and less effective in finding bugs that lie deeper in the execution. In this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary fuzzing with constraint solving in order to execute more code and find more bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts of a smart contract, while constraint solving is used to generate inputs which satisfy complex conditions that prevent the evolutionary fuzzing from exploring deeper paths. Moreover, we use data dependency analysis to efficiently generate sequences of transactions, that create specific contract states in which bugs may be hidden. We evaluate the effectiveness of our fuzzing strategy, by comparing CONFUZZIUS with state-of-the-art symbolic execution tools and fuzzers. Our evaluation shows that our hybrid fuzzing approach produces significantly better results than state-of-the-art symbolic execution tools and fuzzers

Iterative Joint Channel Estimation and Multi-User Detection for Multiple-Antenna Aided OFDM Systems

Multiple-Input-Multiple-Output (MIMO) Orthogonal Frequency Division Multiplexing (OFDM) systems have recently attracted substantial research interest. However, compared to Single-Input-Single-Output (SISO) systems, channel estimation in the MIMO scenario becomes more challenging, owing to the increased number of independent transmitter-receiver links to be estimated. In the context of the Bell LAyered Space-Time architecture (BLAST) or Space Division Multiple Access (SDMA) multi-user MIMO OFDM systems, none of the known channel estimation techniques allows the number of users to be higher than the number of receiver antennas, which is often referred to as a “rank-deficient” scenario, owing to the constraint imposed by the rank of the MIMO channel matrix. Against this background, in this paper we propose a new Genetic Algorithm (GA) assisted iterative Joint Channel Estimation and Multi-User Detection (GA-JCEMUD) approach for multi-user MIMO SDMA-OFDM systems, which provides an effective solution to the multi-user MIMO channel estimation problem in the above-mentioned rank-deficient scenario. Furthermore, the GAs invoked in the data detection literature can only provide a hard-decision output for the Forward Error Correction (FEC) or channel decoder, which inevitably limits the system’s achievable performance. By contrast, our proposed GA is capable of providing “soft” outputs and hence it becomes capable of achieving an improved performance with the aid of FEC decoders. A range of simulation results are provided to demonstrate the superiority of the proposed scheme. Index Terms—Channel estimation, genetic algorithm, multiple-input-multiple-output, multi-user detection, orthogonal frequency division multiplexing, space division multiple access

Differential evolution algorithm aided minimum symbol error rate multi-user detection for multi-user OFDM/SDMA systems

A Differential Evolution (DE) algorithm assisted Minimum Symbol Error Ratio (MSER) Multi-User Detection (MUD) scheme is proposed for multi-user Multiple-Input Multiple-Output (MIMO) aided Orthogonal Frequency-Division Multiplexing / Space Division Multiple Access (OFDM/SDMA) systems. Quadrature Amplitude Modulation (QAM) is employed in most wireless standards by virtue of providing a high throughput. The MSER Cost Function (CF) may be deemed to be the most relevant one for QAM, but finding its minimum is challenging. Hence we propose a sophisticated DE assisted MSER-MUD scheme, which directly minimizes the SER CF of multi-user OFDM/SDMA systems employing QAM. Furthermore, the effects of the DE assisted MSER-MUD’s algorithmic parameters, namely those of the population size Ps, of the scaling factor ? and of the crossover probability Cr on the number of DE generations required for attaining convergence were investigated in our simulations. This allowed us to directly quantify their complexity. The simulation results also demonstrate that the proposed DE assisted MSER-MUD scheme significantly outperforms the conventional MMSE-MUD in term of the system’s overall BER and it is capable of narrowing its BER performance discrepancy with respect to the optimal Maximum Likelihood (ML) MUD to about 4dB, while requiring about 200 times less CF evaluations compared to the optimal ML-MUD scheme

The design of an evolutionary algorithm for artificial immune system based failure detector generation and optimization

The development of an evolutionary algorithm and accompanying software for the generation and optimization of artificial immune system-based failure detectors is presented in this thesis. These detectors use the Artificial Immune System-based negative selection strategy. The utility is a part of an integrated set of methodologies for the detection, identification, and evaluation of a wide variety of aircraft sub-system abnormal conditions. The evolutionary algorithm and accompanying software discussed in this document is concerned with the creation, optimization, and testing of failure detectors based on the negative selection strategy. A preliminary phase consists of processing data from flight tests for self definition including normalization, duplicate removal, and clustering. A first phase of the evolutionary algorithm produces, through an iterative process, a set of detectors that do not overlap with the self and achieve a prescribed level of coverage of the non-self. A second phase consists of a classic evolutionary algorithm that attempts to optimize the number of detectors, overlapping between detectors, and coverage of the non-self while maintaining no overlapping with the self. For this second phase, the initial population is composed of sets of detectors, called individuals, obtained in the first phase. Specific genetic operators have been defined to accommodate different detector shapes, such as hyper-rectangles, hyper-spheres, hyper-ellipsoids and hyper-rotational-ellipsoids. The output of this evolutionary algorithm consists of an optimized set of detectors which is intended for later use as a part of a detection, identification, and evaluation scheme for aircraft sub-system failure.;An interactive design environment has been developed in MATLAB that relies on an advanced user-friendly graphical interface and on a substantial library of alternative algorithms to allow maximum flexibility and effectiveness in the design of detector sets for artificial immune system-based abnormal condition detection. This user interface is designed for use with Windows and MATLAB 7.6.0, although measures have been taken to maintain compatibility with MATLAB version 7.0.4 and higher, with limited interface compatibility. This interface may also be used with UNIX versions of MATLAB, version 7.0.4 or higher.;The results obtained show the feasibility of optimizing the various shapes in 2, 3, and 6 dimensions. Hyper-spheres are generally faster than the other three shapes, though they do not necessarily exhibit the best detection results. Hyper-ellipsoids and hyper-rotational-ellipsoids generally show somewhat better detection performance than hyper-spheres, but at a higher calculation cost. Calculation time for optimization of hyper-rectangles seems to be highly susceptible to dimensionality, taking increasingly long in higher dimensions. In addition, hyper-rectangles tend to need a higher number of detectors to achieve adequate coverage of the solution space, though they exhibit very little overlapping among detectors. However, hyper-rectangles are consistently and considerably quicker to calculate detection for than the other shapes, which may make them a promising candidate for online detection schemes