5 Hits in 2.5 sec

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer [article]

Suyoung Lee, HyungSeok Han, Sang Kil Cha, Sooel Son
2020 arXiv   pre-print
While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs).  ...  In this paper, we present Montage, the first NNLM-guided fuzzer for finding JS engine vulnerabilities.  ...  For this research question, we propose the first approach that leverages a neural network language model (NNLM) to conduct fuzz testing on a target JS engine.  ... 
arXiv:2001.04107v2 fatcat:22cptrylmrfthh6sua3jqnzaxy

Fuzzing With Optimized Grammar-Aware Mutation Strategies

Jiale Deng, Xiaogang Zhu, Xi Xiao, Sheng Wen, Qing Li, Shutao Xia
2021 IEEE Access  
Specifically, we first translate input files into ASTs, and extract subtrees from ASTs into a subtree pool. Then, we optimize the power schedule on AST nodes based on a probabilistic model.  ...  However, for programs requiring highly structured inputs, the byte-based mutation strategies in existing fuzzers have difficulties in generating valid inputs.  ...  Some learning-based approaches, like Montage [36] , use a sequence of subtrees transformed from ASTs to train a Neural Network Language Model and then use it for test input generation. VI.  ... 
doi:10.1109/access.2021.3093904 fatcat:r7qytyst4zcjxk5ofgjadmcpki

A systematic review of fuzzing based on machine learning techniques

Yan Wang, Peng Jia, Luping Liu, Cheng Huang, Zhonglin Liu, Tao Song
2020 PLoS ONE  
Security vulnerabilities play a vital role in network security system. Fuzzing technology is widely used as a vulnerability discovery technology to reduce damage in advance.  ...  Finally, the capability of discovering vulnerabilities both traditional fuzzers and machine learning-based fuzzers is analyzed.  ...  For JavaScript(JS) engine, Lee et al.  ... 
doi:10.1371/journal.pone.0237749 pmid:32810156 fatcat:j33n55wjg5hmvndnu2payv3zfy

Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases

Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doupe, Yan Shoshitaishvili
2021 Proceedings 2021 Network and Distributed System Security Symposium   unpublished
Due to the wide adoption of JavaScript (and JavaScript engines) in the entire computing ecosystem, discovering bugs in JavaScript binding layers is critical.  ...  We demonstrate the effectiveness of Favocado in our experiments and show that Favocado outperforms a stateof-the-art DOM fuzzer.  ...  Montage [34] is a JavaScript engine fuzzer guided by a neural network language model (NNLM).  ... 
doi:10.14722/ndss.2021.24224 fatcat:44gpxfofunhx5hzck3d23e4hx4

AKWI Nr. 6 (2017)

C. Müller, K. Marfurt, N. Ketterer, F. Herrmann
2017 Zenodo  
Therefore, a dedicated modeling language seems more reasonable than an integration in BPMN.  ...  (Design) The third part will be the creation of a modeling tool for the extension of the BPMN and the sensor modeling language.  ... 
doi:10.5281/zenodo.1110205 fatcat:fkckcbgytvbqjnblgynj4vwdrq