English
Related papers

Related papers: Corpus Distillation for Effective Fuzzing: A Compa…

200 papers

Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively…

Cryptography and Security · Computer Science 2020-05-22 Van-Thuan Pham , Marcel Böhme , Andrew E. Santosa , Alexandru Răzvan Căciulescu , Abhik Roychoudhury

Recent research has sought to improve fuzzing performance via parallel computing. However, researchers focus on improving efficiency while ignoring the increasing cost of testing resources. Parallel fuzzing in the distributed environment…

Cryptography and Security · Computer Science 2022-11-16 Xu Zhou , Pengfei Wang , Chenyifan Liu , Tai Yue , Yingying Liu , Congxi Song , Kai Lu , Qidi Yin , Xu Han

Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few…

Software Engineering · Computer Science 2025-06-19 Miao Miao

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API…

Software Engineering · Computer Science 2026-05-15 Yunlong Lyu , Peng Chen , Fengyi Wu , Junzhe Yu , Kit Long Hon , Hao Chen

Fuzzing is one of the key techniques for evaluating the robustness of programs against attacks. Fuzzing has to be effective in producing inputs that cover functionality and find vulnerabilities. But it also has to be efficient in producing…

Software Engineering · Computer Science 2019-11-19 Rahul Gopinath , Andreas Zeller

The rapidly developing deep learning (DL) techniques have been applied in software systems with various application scenarios. However, they could also pose new safety threats with potentially serious consequences, especially in…

Software Engineering · Computer Science 2024-05-14 Pin Ji , Yang Feng , Duo Wu , Lingyue Yan , Pengling Chen , Jia Liu , Zhihong Zhao

Ability to test firmware on embedded devices is critical to discovering vulnerabilities prior to their adversarial exploitation. State-of-the-art automated testing methods rehost firmware in emulators and attempt to facilitate inputs from a…

Cryptography and Security · Computer Science 2023-08-16 Guy Farrelly , Paul Quirk , Salil S. Kanhere , Seyit Camtepe , Damith C. Ranasinghe

This paper introduces Pythia, the first fuzzer that augments grammar-based fuzzing with coverage-guided feedback and a learning-based mutation strategy for stateful REST API fuzzing. Pythia uses a statistical model to learn common usage…

Software Engineering · Computer Science 2020-05-26 Vaggelis Atlidakis , Roxana Geambasu , Patrice Godefroid , Marina Polishchuk , Baishakhi Ray

The widespread application of large language models (LLMs) underscores the importance of deep learning (DL) technologies that rely on foundational DL libraries such as PyTorch and TensorFlow. Despite their robust features, these libraries…

Software Engineering · Computer Science 2024-12-12 Zhiyuan Li , Jingzheng Wu , Xiang Ling , Tianyue Luo , Zhiqing Rui , Yanjun Wu

Large Language Models (LLMs) have gained widespread use in various applications due to their powerful capability to generate human-like text. However, prompt injection attacks, which involve overwriting a model's original instructions with…

Cryptography and Security · Computer Science 2025-04-07 Jiahao Yu , Yangguang Shao , Hanwen Miao , Junzheng Shi

Continuous fuzzing is an increasingly popular technique for automated quality and security assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source software. We conduct the first empirical study of OSS-Fuzz,…

Software Engineering · Computer Science 2021-03-23 Zhen Yu Ding , Claire Le Goues

Modern software often accepts inputs with highly complex grammars. Recent advances in large language models (LLMs) have shown that they can be used to synthesize high-quality natural language text and code that conforms to the grammar of a…

Software Engineering · Computer Science 2025-02-03 Kunpeng Zhang , Zongjie Li , Daoyuan Wu , Shuai Wang , Xin Xia

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Modern embedded Linux devices, such as routers, IP cameras, and IoT gateways, rely on complex software stacks where numerous daemons interact to provide services. Testing these devices is crucial from a security perspective since vendors…

Cryptography and Security · Computer Science 2025-09-23 Alessio Izzillo , Riccardo Lazzeretti , Emilio Coppa

Clustering is an extensive research area in data science. The aim of clustering is to discover groups and to identify interesting patterns in datasets. Crisp (hard) clustering considers that each data point belongs to one and only one…

Machine Learning · Computer Science 2018-08-02 Aybükë Oztürk , Stéphane Lallich , Jérôme Darmont , Sylvie Yona Waksman

Directed greybox fuzzing (DGF) can quickly discover or reproduce bugs in programs by seeking to reach a program location or explore some locations in order. However, due to their static stage division and coarse-grained energy scheduling,…

Cryptography and Security · Computer Science 2022-07-01 Hongliang Liang , Xianglin Cheng , Jie Liu , Jin Li

CPUs are becoming more complex with every generation, at both the logical and the physical levels. This potentially leads to more logic bugs and electrical defects in CPUs being overlooked during testing, which causes data corruption or…

Hardware Architecture · Computer Science 2021-10-25 Kostya Serebryany , Maxim Lifantsev , Konstantin Shtoyk , Doug Kwan , Peter Hochschild

Deep learning (DL) systems are increasingly applied to safety-critical domains such as autonomous driving cars. It is of significant importance to ensure the reliability and robustness of DL systems. Existing testing methodologies always…

Software Engineering · Computer Science 2018-08-29 Jianmin Guo , Yu Jiang , Yue Zhao , Quan Chen , Jiaguang Sun

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar…

Artificial Intelligence · Computer Science 2017-01-26 Patrice Godefroid , Hila Peleg , Rishabh Singh

Software testing is becoming a critical part of the development cycle of embedded devices, enabling vulnerability detection. A well-studied approach of software testing is fuzz-testing (fuzzing), during which mutated input is sent to an…

Cryptography and Security · Computer Science 2019-08-15 Philip Sperl , Konstantin Böttinger