English
Related papers

Related papers: Montage: A Neural Network Language Model-Guided Ja…

200 papers

Large Language Model (LLM) based agents integrated into web browsers (often called agentic AI browsers) offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions…

Cryptography and Security · Computer Science 2025-10-16 Avihay Cohen

Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits…

Software Engineering · Computer Science 2025-09-25 Mengdi Lu , Steven Ding , Furkan Alaca , Philippe Charland

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional…

Cryptography and Security · Computer Science 2026-04-23 Ronghao Ni , Mihai Christodorescu , Limin Jia

Fuzzing is a well-established technique for detecting bugs and vulnerabilities. With the surge of fuzzers and fuzzer platforms being developed such as AFL and OSSFuzz rises the necessity to benchmark these tools' performance. A common…

Software Engineering · Computer Science 2025-03-26 Timothée Riom , Sabine Houy , Bruno Kreyssig , Alexandre Bartel

In recent years, the programming capabilities of large language models (LLMs) have garnered significant attention. Fuzz testing, a highly effective technique, plays a key role in enhancing software reliability and detecting vulnerabilities.…

Software Engineering · Computer Science 2024-12-23 Hanxiang Xu , Wei Ma , Ting Zhou , Yanjie Zhao , Kai Chen , Qiang Hu , Yang Liu , Haoyu Wang

Deep Learning (DL) frameworks have served as fundamental components in DL systems over the last decade. However, bugs in DL frameworks could lead to catastrophic consequences in critical scenarios. A simple yet effective way to find bugs in…

Software Engineering · Computer Science 2026-01-21 Shaoyu Yang , Chunrong Fang , Haifeng Lin , Xiang Chen , Jia Liu , Zhenyu Chen

Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency. However, by…

Cryptography and Security · Computer Science 2017-01-18 Rock Stevens , Octavian Suciu , Andrew Ruef , Sanghyun Hong , Michael Hicks , Tudor Dumitraş

Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of…

Cryptography and Security · Computer Science 2023-07-06 Tai D. Nguyen , Long H. Pham , Jun Sun

In the modern era where software plays a pivotal role, software security and vulnerability analysis are essential for secure software development. Fuzzing test, as an efficient and traditional software testing method, has been widely…

Software Engineering · Computer Science 2025-05-20 Linghan Huang , Peizhou Zhao , Huaming Chen , Lei Ma

Fuzzing is a popular vulnerability automated testing method utilized by professionals and broader community alike. However, despite its abilities, fuzzing is a time-consuming, computationally expensive process. This is problematic for the…

Software Engineering · Computer Science 2023-07-25 Michael Wang , Michael Robinson

Domain Name System (DNS) is a critical component of the Internet. DNS resolvers, which act as the cache between DNS clients and DNS nameservers, are the central piece of the DNS infrastructure, essential to the scalability of DNS. However,…

Cryptography and Security · Computer Science 2023-10-06 Qifan Zhang , Xuesong Bai , Xiang Li , Haixin Duan , Qi Li , Zhou Li

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an…

Cryptography and Security · Computer Science 2025-05-05 Gianpietro Castiglione , Marcello Maugeri , Giampaolo Bella

Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance…

Cryptography and Security · Computer Science 2019-07-16 Dongdong She , Kexin Pei , Dave Epstein , Junfeng Yang , Baishakhi Ray , Suman Jana

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues

As machine learning gains prominence in various sectors of society for automated decision-making, concerns have risen regarding potential vulnerabilities in machine learning (ML) frameworks. Nevertheless, testing these frameworks is a…

Software Engineering · Computer Science 2023-07-13 Zhao Liu , Quanchen Zou , Tian Yu , Xuan Wang , Guozhu Meng , Kai Chen , Deyue Zhang

We present a novel tool BertRLFuzzer, a BERT and Reinforcement Learning (RL) based fuzzer aimed at finding security vulnerabilities for Web applications. BertRLFuzzer works as follows: given a set of seed inputs, the fuzzer performs…

Software Engineering · Computer Science 2024-10-02 Piyush Jha , Joseph Scott , Jaya Sriram Ganeshna , Mudit Singh , Vijay Ganesh

Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to…

Cryptography and Security · Computer Science 2021-12-15 Shunkai Zhu , Jingyi Wang , Jun Sun , Jie Yang , Xingwei Lin , Liyi Zhang , Peng Cheng

Continuous fuzzing is an increasingly popular technique for automated quality and security assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source software. We conduct the first empirical study of OSS-Fuzz,…

Software Engineering · Computer Science 2021-03-23 Zhen Yu Ding , Claire Le Goues

Modern computing systems heavily rely on hardware as the root of trust. However, their increasing complexity has given rise to security-critical vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware vulnerability…

Software Engineering · Computer Science 2024-04-11 Mohamadreza Rostami , Marco Chilese , Shaza Zeitouni , Rahul Kande , Jeyavijayan Rajendran , Ahmad-Reza Sadeghi

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos