Proving the security and robustness of software systems is a longstanding challenge in computer science and cybersecurity, particularly when programs are exposed to unexpected or invalid inputs that could trigger vulnerabilities. Fuzz testing has become an effective method to evaluate software resilience by generating arbitrary inputs. However, traditional fuzzing approaches require substantial manual effort, including selecting a fuzzing framework, crafting suitable targets, and optimizing input generation to achieve desired coverage levels. This research investigates the potential of large language models (LLMs) as a generative tool to automate key fuzz testing processes, reducing manual overhead while enhancing coverage and effectiveness. By analyzing the applicability of LLMs to fuzz testing, this study highlights emerging trends, presents successful methodologies, and discusses the opportunities for improving software reliability and security through a more adaptive, intelligent approach to input generation. Additionally, this work explores the integration of multiple LLMs, the use of prompt engineering, and the potential for LLM-driven bug detection and remediation, offering new insights into advancing fuzz testing practices.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Towards Intelligent Fuzzing: Leveraging Large Language Models for Improved Software Security

  • Ian Hardgrove,
  • Shengjie Xu

摘要

Proving the security and robustness of software systems is a longstanding challenge in computer science and cybersecurity, particularly when programs are exposed to unexpected or invalid inputs that could trigger vulnerabilities. Fuzz testing has become an effective method to evaluate software resilience by generating arbitrary inputs. However, traditional fuzzing approaches require substantial manual effort, including selecting a fuzzing framework, crafting suitable targets, and optimizing input generation to achieve desired coverage levels. This research investigates the potential of large language models (LLMs) as a generative tool to automate key fuzz testing processes, reducing manual overhead while enhancing coverage and effectiveness. By analyzing the applicability of LLMs to fuzz testing, this study highlights emerging trends, presents successful methodologies, and discusses the opportunities for improving software reliability and security through a more adaptive, intelligent approach to input generation. Additionally, this work explores the integration of multiple LLMs, the use of prompt engineering, and the potential for LLM-driven bug detection and remediation, offering new insights into advancing fuzz testing practices.