中文
相关论文

相关论文: Agentic Fuzzing: Opportunities and Challenges

200 篇论文

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

软件工程 · 计算机科学 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code…

密码学与安全 · 计算机科学 2019-01-07 Yuwei Li , Shouling Ji , Chenyang Lv , Yuan Chen , Jianhai Chen , Qinchen Gu , Chunming Wu

Greybox fuzzing is one of the most useful and effective techniques for the bug detection in large scale application programs. It uses minimal amount of instrumentation. American Fuzzy Lop (AFL) is a popular coverage based evolutionary…

人工智能 · 计算机科学 2018-06-12 Ketan Patil , Aditya Kanade

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program to discover unhandled exceptions and crashes. In…

软件工程 · 计算机科学 2021-09-20 Yifan Wang , Yuchen Zhang , Chengbin Pang , Peng Li , Nikolaos Triandopoulos , Jun Xu

Large Language Model (LLM) based agents integrated into web browsers (often called agentic AI browsers) offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions…

密码学与安全 · 计算机科学 2025-10-16 Avihay Cohen

Fuzzing is widely used for detecting bugs and vulnerabilities, with various techniques proposed to enhance its effectiveness. To combine the advantages of multiple technologies, researchers proposed ensemble fuzzing, which integrates…

软件工程 · 计算机科学 2025-07-31 Yukai Zhao , Shaohua Wang , Jue Wang , Xing Hu , Xin Xia

Critical open source software systems undergo significant validation in the form of lengthy fuzz campaigns. The fuzz campaigns typically conduct a biased random search over the domain of program inputs, to find inputs which crash the…

密码学与安全 · 计算机科学 2024-11-22 Yuntong Zhang , Jiawei Wang , Dominic Berzin , Martin Mirchev , Dongge Liu , Abhishek Arya , Oliver Chang , Abhik Roychoudhury

Fault Localization (FL) is an essential step during the debugging process. With the strong capabilities of code comprehension, the recent Large Language Models (LLMs) have demonstrated promising performance in diagnosing bugs in the code.…

软件工程 · 计算机科学 2025-02-25 Yihao Qin , Shangwen Wang , Yiling Lou , Jinhao Dong , Kaixin Wang , Xiaoling Li , Xiaoguang Mao

Collaborative fuzzing combines multiple individual fuzzers and dynamically chooses appropriate combinations for different programs. Unlike individual fuzzers that rely on specific assumptions, collaborative fuzzing relaxes assumptions on…

密码学与安全 · 计算机科学 2025-07-23 Wenxuan Shi , Hongwei Li , Jiahao Yu , Xinqian Sun , Wenbo Guo , Xinyu Xing

Static analyzers play a critical role in identifying bugs early in the software development lifecycle, but their rule implementations are often under-tested and prone to inconsistencies. To address this, we propose StaAgent, an agentic…

软件工程 · 计算机科学 2025-07-23 Elijah Nnorom , Md Basim Uddin Ahmed , Jiho Shin , Hung Viet Pham , Song Wang

Seed scheduling is a prominent factor in determining the yields of hybrid fuzzing. Existing hybrid fuzzers schedule seeds based on fixed heuristics that aim to predict input utilities. However, such heuristics are not generalizable as there…

密码学与安全 · 计算机科学 2020-07-23 Yaohui Chen , Mansour Ahmadi , Reza Mirzazade farkhani , Boyu Wang , Long Lu

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

软件工程 · 计算机科学 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Fuzzing is an effective bug-finding technique but it struggles with complex systems like JavaScript engines that demand precise grammatical input. Recently, researchers have adopted language models for context-aware mutation in fuzzing to…

密码学与安全 · 计算机科学 2024-02-20 Jueon Eom , Seyeon Jeong , Taekyoung Kwon

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models (LLMs) show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated…

密码学与安全 · 计算机科学 2026-05-22 Ze Sheng , Zhicheng Chen , Qingxiao Xu , Kewen Zhu , Jeff Huang

Context: Exhaustive fuzzing of modern JavaScript engines is infeasible due to the vast number of program states and execution paths. Coverage-guided fuzzers waste effort on low-risk inputs, often ignoring vulnerability-triggering ones that…

软件工程 · 计算机科学 2025-12-23 Kishan Kumar Ganguly , Tim Menzies

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

密码学与安全 · 计算机科学 2023-07-04 Chaitanya Rahalkar

Greybox fuzzing has achieved success in revealing bugs and vulnerabilities in programs. However, randomized mutation strategies have limited the fuzzer's performance on structured data. Specialized fuzzers can handle complex structured…

密码学与安全 · 计算机科学 2026-03-18 Hongxiang Zhang , Yuyang Rong , Yifeng He , Hao Chen

Fuzz testing (fuzzing) is a well-known method for exposing bugs/vulnerabilities in software systems. Popular fuzzers, such as AFL, use a biased random search over the domain of program inputs, where 100s or 1000s of inputs (test cases) are…

软件工程 · 计算机科学 2023-08-02 Yuntong Zhang , Ridwan Shariffdeen , Gregory J. Duck , Jiaqi Tan , Abhik Roychoudhury

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic…

软件工程 · 计算机科学 2026-02-13 Ziyi Yang , Kalit Inani , Keshav Kabra , Vima Gupta , Anand Padmanabha Iyer

Fuzzing is an important method to discover vulnerabilities in programs. Despite considerable progress in this area in the past years, measuring and comparing the effectiveness of fuzzers is still an open research question. In software…

软件工程 · 计算机科学 2023-07-26 Philipp Görz , Björn Mathis , Keno Hassler , Emre Güler , Thorsten Holz , Andreas Zeller , Rahul Gopinath