Results 311 to 320 of about 22,224 (372)

Fuzzing JavaScript Interpreters with Coverage-Guided Reinforcement Learning for LLM-Based Mutation

International Symposium on Software Testing and Analysis
JavaScript interpreters, crucial for modern web browsers, require an effective fuzzing method to identify security-related bugs. However, the strict grammatical requirements for input present significant challenges.
Jueon Eom, Seyeon Jeong, Taekyoung Kwon
semanticscholar   +1 more source

Titan : Efficient Multi-target Directed Greybox Fuzzing

IEEE Symposium on Security and Privacy
Modern directed fuzzing often faces scalability issues when analyzing multiple targets in a program simultaneously. We observe that the root cause is that directed fuzzers are unaware of the correlations among the targets, thereby could degenerate into a
Heqing Huang, Peisen Yao, Hung-Chun Chiu, Yiyuan Guo, Charles Zhang   +4 more
semanticscholar   +1 more source

Magneto: A Step-Wise Approach to Exploit Vulnerabilities in Dependent Libraries via LLM-Empowered Directed Fuzzing

International Conference on Automated Software Engineering
The wide adoption of open source third-party libraries can propagate vulnerabilities that originally exist in third-party libraries through dependency chains to downstream projects.
Zhuotong Zhou, Yongzhuo Yang, Susheng Wu, Yiheng Huang, Bihuan Chen, Xin Peng   +5 more
semanticscholar   +1 more source

WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors

USENIX Security Symposium
Timing vulnerabilities in processors have emerged as a potent threat. As processors are the foundation of any computing system, identifying these flaws is imperative. Recently fuzzing techniques, traditionally used for detecting software vulnerabilities,
Pallavi Borkar, Chen Chen, Mohamadreza Rostami, Nikhilesh Singh, Rahul Kande, A. Sadeghi, Chester Rebeiro, Jeyavijayan Rajendran   +7 more
semanticscholar   +1 more source

LLM4Fuzz: Guided Fuzzing of Smart Contracts with Large Language Models

arXiv.org
As blockchain platforms grow exponentially, millions of lines of smart contract code are being deployed to manage extensive digital assets. However, vulnerabilities in this mission-critical code have led to significant exploitations and asset losses ...
Chaofan Shou, Jing Liu, Doudou Lu, Koushik Sen   +3 more
semanticscholar   +1 more source

A Survey of Protocol Fuzzing

ACM Computing Surveys
Communication protocols form the bedrock of our interconnected world, yet vulnerabilities within their implementations pose significant security threats.
Xiaohan Zhang, Cen Zhang, Xinghua Li, Zhengjie Du, Yuekang Li, Yaowen Zheng, Yeting Li, Yang Liu, Robert H. Deng   +8 more
semanticscholar   +1 more source

RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic Support

International Conference on Software Engineering
Rust libraries are ubiquitous in Rust-based software development. Guaranteeing their correctness and reliability requires thorough analysis and testing.
Zhiwu Xu, Bohao Wu, Cheng Wen, Bin Zhang, Shengchao Qin, Mengda He   +5 more
semanticscholar   +1 more source

When Fuzzing Meets LLMs: Challenges and Opportunities

SIGSOFT FSE Companion
Fuzzing, a widely-used technique for bug detection, has seen advancements through Large Language Models (LLMs). Despite their potential, LLMs face specific challenges in fuzzing. In this paper, we identified five major challenges of LLM-assisted fuzzing.
Yu Jiang, Jie Liang, Fuchen Ma, Yuanliang Chen, Chijin Zhou, Yuheng Shen, Zhiyong Wu, Jingzhou Fu, Mingzhe Wang, Shanshan Li, Quan Zhang   +10 more
semanticscholar   +1 more source

Labrador: Response Guided Directed Fuzzing for Black-box IoT Devices

IEEE Symposium on Security and Privacy
Fuzzing is a popular solution to finding vulnerabilities in software including IoT firmware. However, due to the challenges of emulating or rehosting firmware, some IoT devices (e.g., enterprise-level devices) can only be fuzzed in a black-box manner ...
Hangtian Liu, Shuitao Gan, Chao Zhang, Zicong Gao, Hongqi Zhang, Xiang Wang, Guangming Gao   +6 more
semanticscholar   +1 more source

LLAMAFUZZ: Large Language Model Enhanced Greybox Fuzzing

arXiv.org
Greybox fuzzing has achieved success in revealing bugs and vulnerabilities in programs. However, randomized mutation strategies have limited the fuzzer's performance on structured data.
Hongxiang Zhang, Yuyang Rong, Yifeng He, Hao Chen   +3 more
semanticscholar   +1 more source