中文
相关论文

相关论文: Agentic Fuzzing: Opportunities and Challenges

200 篇论文

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have…

密码学与安全 · 计算机科学 2025-05-02 Junjie Wang , Yuhan Ma , Xiaofei Xie , Xiaoning Du , Xiangwei Zhang

Compilers constitute the foundational root-of-trust in software supply chains; however, their immense complexity inevitably conceals critical defects. Recent research has attempted to leverage historical bugs to design new mutation…

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API…

软件工程 · 计算机科学 2026-05-15 Yunlong Lyu , Peng Chen , Fengyi Wu , Junzhe Yu , Kit Long Hon , Hao Chen

Fuzzing has become a commonly used approach to identifying bugs in complex, real-world programs. However, interpreters are notoriously difficult to fuzz effectively, as they expect highly structured inputs, which are rarely produced by most…

密码学与安全 · 计算机科学 2023-04-06 Christopher Salls , Chani Jindal , Jake Corina , Christopher Kruegel , Giovanni Vigna

Fuzzing is highly effective in detecting bugs due to the key contribution of randomness. However, randomness significantly reduces the efficiency of fuzzing, causing it to cost days or weeks to expose bugs. Even though directed fuzzing…

软件工程 · 计算机科学 2025-07-31 Xiaotao Feng , Xiaogang Zhu , Kun Hu , Jincheng Wang , Yingjie Cao , Guang Gong , Jianfeng Pan

Software bugs cost technology providers (e.g., AT&T) billions annually and cause developers to spend roughly 50% of their time on bug resolution. Traditional methods for bug localization often analyze the suspiciousness of code components…

软件工程 · 计算机科学 2026-02-17 Asif Mohammed Samir , Mohammad Masudur Rahman

Directed fuzzing aims to find program inputs that lead to specified target program states. It has broad applications, such as debugging system crashes, confirming reported bugs, and generating exploits for potential vulnerabilities. This…

密码学与安全 · 计算机科学 2025-12-10 Jie Zhu , Chihao Shen , Ziyang Li , Jiahao Yu , Yizheng Chen , Kexin Pei

The SZZ algorithm is the dominant technique for identifying bug-inducing commits and underpins many software engineering tasks, such as defect prediction and vulnerability analysis. Despite numerous variants, including recent LLM-based…

Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of…

密码学与安全 · 计算机科学 2023-07-06 Tai D. Nguyen , Long H. Pham , Jun Sun

Fuzzing, a widely-used technique for bug detection, has seen advancements through Large Language Models (LLMs). Despite their potential, LLMs face specific challenges in fuzzing. In this paper, we identified five major challenges of…

Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to…

密码学与安全 · 计算机科学 2021-12-15 Shunkai Zhu , Jingyi Wang , Jun Sun , Jie Yang , Xingwei Lin , Liyi Zhang , Peng Cheng

Modern agentic frameworks (e.g., CrewAI and AutoGen) have evolved into complex, autonomous multi-agent systems, introducing unique reliability challenges beyond earlier pipeline-based LLM libraries. However, existing empirical studies focus…

软件工程 · 计算机科学 2026-04-13 Xiaowen Zhang , Hannuo Zhang , Shin Hwei Tan

Fuzz testing has been used to find bugs in programs since the 1990s, but despite decades of dedicated research, there is still no consensus on which fuzzing techniques work best. One reason for this is the paucity of ground truth: bugs in…

密码学与安全 · 计算机科学 2022-08-24 Joshua Bundt , Andrew Fasano , Brendan Dolan-Gavitt , William Robertson , Tim Leek

Software fuzzing has become a cornerstone in automated vulnerability discovery, yet existing mutation strategies often lack semantic awareness, leading to redundant test cases and slow exploration of deep program states. In this work, I…

密码学与安全 · 计算机科学 2025-11-07 Shiyin Lin

Deep Learning (DL) library bugs affect downstream DL applications, emphasizing the need for reliable systems. Generating valid input programs for fuzzing DL libraries is challenging due to the need for satisfying both language…

软件工程 · 计算机科学 2023-04-05 Yinlin Deng , Chunqiu Steven Xia , Chenyuan Yang , Shizhuo Dylan Zhang , Shujing Yang , Lingming Zhang

Proof-of-Vulnerability (PoV) input generation is a critical task in software security and supports downstream applications such as path generation and validation. Generating a PoV input requires solving two sets of constraints: (1)…

密码学与安全 · 计算机科学 2025-12-05 Haochen Zeng , Andrew Bao , Jiajun Cheng , Chengyu Song

Deep learning (DL) frameworks serve as the backbone for a wide range of artificial intelligence applications. However, bugs within DL frameworks can cascade into critical issues in higher-level applications, jeopardizing reliability and…

软件工程 · 计算机科学 2025-10-20 Shiwen Ou , Yuwei Li , Lu Yu , Chengkun Wei , Tingke Wen , Qiangpu Chen , Yu Chen , Haizhi Tang , Zulie Pan

Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as…

密码学与安全 · 计算机科学 2025-08-21 Youssef Maklad , Fares Wael , Ali Hamdi , Wael Elsersy , Khaled Shaban

Fuzzing is a highly-scalable software testing technique that uncovers bugs in a target program by executing it with mutated inputs. Over the life of a fuzzing campaign, the fuzzer accumulates inputs inducing new and interesting target…

密码学与安全 · 计算机科学 2023-12-11 Simon Luo , Adrian Herrera , Paul Quirk , Michael Chase , Damith C. Ranasinghe , Salil S. Kanhere

Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies. However, directly applying grey-box fuzzing to…

软件工程 · 计算机科学 2020-08-03 Hongxu Chen , Shengjian Guo , Yinxing Xue , Yulei Sui , Cen Zhang , Yuekang Li , Haijun Wang , Yang Liu
‹ 上一页 1 2 3 10 下一页 ›