Internet Archive Scholar

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer [article]

Suyoung Lee, HyungSeok Han, Sang Kil Cha, Sooel Son
<span title="2020-01-14">2020</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>

Preserved Fulltext

Web Archive Capture PDF (1.9 MB)
https://web.archive.org/web/20200321053126/https://arxiv.org/pdf/2001.04107v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit <a rel="external noopener" href="https://arxiv.org/pdf/2001.04107v2.pdf">the original URL</a>. The file type is <code>application/pdf</code>.

Other Versions

<span title="2020-01-13">2020</span> <span class="release-stage" >pre-print</span>
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2001.04107v1">arXiv:2001.04107v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/4plsmvmfnffyzoyngy4sam7iiq">fatcat:4plsmvmfnffyzoyngy4sam7iiq</a> </span>
JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs). In this paper, we present Montage, the first NNLM-guided fuzzer for finding JS engine vulnerabilities. The key aspect of our technique is to transform a JS abstract syntax tree (AST) into a sequence of AST
more &raquo; ... s that can directly train prevailing NNLMs. We demonstrate that Montage is capable of generating valid JS tests, and show that it outperforms previous studies in terms of finding vulnerabilities. Montage found 37 real-world bugs, including three CVEs, in the latest JS engines, demonstrating its efficacy in finding JS engine bugs.
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2001.04107v2">arXiv:2001.04107v2</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/22cptrylmrfthh6sua3jqnzaxy">fatcat:22cptrylmrfthh6sua3jqnzaxy</a> </span>
<span class="ui label basic blue small">Multiple Versions</span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200321053126/https://arxiv.org/pdf/2001.04107v2.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2001.04107v2" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>
Citation

Suyoung Lee, HyungSeok Han, Sang Kil Cha, Sooel Son. "Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer." arXiv (2020)