English
Related papers

Related papers: Montage: A Neural Network Language Model-Guided Ja…

200 papers

Fuzzing is an increasingly popular technique for verifying software functionalities and finding security vulnerabilities. However, current mutation-based fuzzers cannot effectively test database management systems (DBMSs), which strictly…

Cryptography and Security · Computer Science 2020-06-04 Rui Zhong , Yongheng Chen , Hong Hu , Hangfan Zhang , Wenke Lee , Dinghao Wu

Jailbreaking large-language models (LLMs) involves testing their robustness against adversarial prompts and evaluating their ability to withstand prompt attacks that could elicit unauthorized or malicious responses. In this paper, we…

Cryptography and Security · Computer Science 2025-06-06 Aman Goel , Xian Carrie Wu , Zhe Wang , Dmitriy Bespalov , Yanjun Qi

For better or worse, JavaScript is the cornerstone of modern Web. Prototype-based languages like JavaScript are susceptible to prototype pollution vulnerabilities, enabling an attacker to inject arbitrary properties into an object's…

Cryptography and Security · Computer Science 2023-11-08 Mikhail Shcherbakov , Paul Moosbrugger , Musard Balliu

Fuzzing -- whether generating or mutating inputs -- has found many bugs and security vulnerabilities in a wide range of domains. Stateful and highly structured web APIs present significant challenges to traditional fuzzing techniques, as…

Cryptography and Security · Computer Science 2021-12-21 Zac Hatfield-Dodds , Dmitry Dygalo

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Fuzzing is highly effective in detecting bugs due to the key contribution of randomness. However, randomness significantly reduces the efficiency of fuzzing, causing it to cost days or weeks to expose bugs. Even though directed fuzzing…

Software Engineering · Computer Science 2025-07-31 Xiaotao Feng , Xiaogang Zhu , Kun Hu , Jincheng Wang , Yingjie Cao , Guang Gong , Jianfeng Pan

High scalability and low running costs have made fuzz testing the de facto standard for discovering software bugs. Fuzzing techniques are constantly being improved in a race to build the ultimate bug-finding tool. However, while fuzzing…

Cryptography and Security · Computer Science 2020-10-26 Ahmad Hazimeh , Adrian Herrera , Mathias Payer

Text-to-image (T2I) generative models have revolutionized content creation by transforming textual descriptions into high-quality images. However, these models are vulnerable to jailbreaking attacks, where carefully crafted prompts bypass…

Cryptography and Security · Computer Science 2025-06-26 Yingkai Dong , Xiangtao Meng , Ning Yu , Zheng Li , Shanqing Guo

The Language Server Protocol (LSP) has revolutionized the integration of code intelligence in modern software development. There are approximately 300 LSP server implementations for various languages and 50 editors offering LSP integration.…

Software Engineering · Computer Science 2026-01-29 Hengcheng Zhu , Songqiang Chen , Valerio Terragni , Lili Wei , Yepang Liu , Jiarong Wu , Shing-Chi Cheung

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering…

Cryptography and Security · Computer Science 2019-04-09 Valentin J. M. Manes , HyungSeok Han , Choongwoo Han , Sang Kil Cha , Manuel Egele , Edward J. Schwartz , Maverick Woo

Detecting bugs in Deep Learning (DL) libraries (e.g., TensorFlow/PyTorch) is critical for almost all downstream DL systems in ensuring effectiveness/safety for end users. Meanwhile, traditional fuzzing techniques can be hardly effective for…

Software Engineering · Computer Science 2023-03-08 Yinlin Deng , Chunqiu Steven Xia , Haoran Peng , Chenyuan Yang , Lingming Zhang

A fuzzer provides randomly generated inputs to a targeted software to expose erroneous behavior. To efficiently detect defects, generated inputs should conform to the structure of the input format and thus, grammars can be used to generate…

Software Engineering · Computer Science 2020-08-05 Martin Eberlein , Yannic Noller , Thomas Vogel , Lars Grunske

Coverage-guided fuzz testing has received significant attention from the research community, with a strong focus on binary applications, greatly disregarding other targets, such as web applications. The importance of the World Wide Web in…

Cryptography and Security · Computer Science 2024-07-02 Sebastian Neef , Lorenz Kleissner , Jean-Pierre Seifert

Large Language Models (LLMs) have become integral to various software engineering tasks, including code generation, bug detection, and repair. To evaluate model performance in these domains, numerous bug benchmarks containing real-world…

Software Engineering · Computer Science 2025-04-01 Daniel Ramos , Claudia Mamede , Kush Jain , Paulo Canelas , Catarina Gamboa , Claire Le Goues

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

Deep learning (DL) libraries are widely used in critical applications, where even subtle silent bugs can lead to serious consequences. While existing DL fuzzing techniques have made progress in detecting crashes, they inherently struggle to…

Software Engineering · Computer Science 2026-03-02 Kunpeng Zhang , Dongwei Xiao , Daoyuan Wu , Shuai Wang , Jiali Zhao , Yuanyi Lin , Tongtong Xu , Shaohua Wang

Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs and executing them against the target program. However, fuzzing large and complex programs remains challenging due to difficulties…

Cryptography and Security · Computer Science 2024-06-10 Dongdong She , Adam Storek , Yuchong Xie , Seoyoung Kweon , Prashast Srivastava , Suman Jana

Compilers constitute the foundational root-of-trust in software supply chains; however, their immense complexity inevitably conceals critical defects. Recent research has attempted to leverage historical bugs to design new mutation…

Software Engineering · Computer Science 2026-01-28 Xingbang He , Yuanwei Chen , Hao Wu , Jikang Zhang , Zicheng Wang , Ligeng Chen , Junjie Peng , Haiyang Wei , Yi Qian , Tiantai Zhang , Linzhang Wang , Bing Mao

Large Language Models (LLMs) have shown promise in tasks like code translation, prompting interest in their potential for automating software vulnerability detection (SVD) and patching (SVP). To further research in this area, establishing a…

Software Engineering · Computer Science 2024-09-18 Arastoo Zibaeirad , Marco Vieira

Implementations of network protocols are often prone to vulnerabilities caused by developers' mistakes when accessing memory regions and dealing with arithmetic operations. Finding practical approaches for checking the security of network…

Cryptography and Security · Computer Science 2020-01-28 Kaled Alshmrany , Lucas Cordeiro