Corpus ID: 210164797

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

@article{Lee2020MontageAN,
  title={Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer},
  author={Suyoung Lee and HyungSeok Han and Sang Kil Cha and Sooel Son},
  journal={ArXiv},
  year={2020},
  volume={abs/2001.04107}
}
JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs). In this paper, we present Montage, the first NNLM-guided fuzzer for finding JS engine vulnerabilities. The key aspect of our technique is to transform a JS abstract syntax tree (AST) into a sequence of AST… Expand
Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases
TLDR
Favocado is proposed, a novel fuzzing approach that focuses on fuzzing binding layers of JavaScript runtime systems and can generate syntactically and semantically correct JavaScript test cases through the use of extracted semantic information and careful maintaining of execution states. Expand
Token-Level Fuzzing
TLDR
Token-Level Fuzzing is proposed, a new fuzzing technique that applies mutations at the token level, which can find bugs that neither byte-level fuzzing nor grammarbased fuzzing can find. Expand
FREEDOM: Engineering a State-of-the-Art DOM Fuzzer
TLDR
Context-aware generation is considered the best practice to find more DOM engine bugs and expect further improvement on Coverage-guided DOM fuzzing facilitated by FreeDom, a full-fledged cluster-friendly DOM fuzzer that works with both generative and coverage-guided modes. Expand
JEST: N+1-Version Differential Testing of Both JavaScript Engines and Specification
TLDR
This paper proposes a novel N+1-version differential testing for modern JavaScript engines and ECMAScript, the language specification describing the syntax and semantics of JavaScript in a natural language and actualizes the approach for the JavaScript programming language via JEST. Expand
A systematic review of fuzzing based on machine learning techniques
TLDR
This paper reviews the research progress of using machine learning techniques for fuzz testing in recent years, analyzes how machine learning improves the fuzzing process and results, and sheds light on future work in fuzzing. Expand
A deep-RNN and meta-heuristic feature selection approach for IoT malware detection
TLDR
This research article describes how deep learning techniques are having performed to identify IoT malware and uses RNN for the study of execution process codes in ARM-based IoT frameworks to provide the best probable result in a comparative description of other machine learning methods. Expand

References

SHOWING 1-10 OF 54 REFERENCES
CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines
TLDR
A novel test case generation algorithm that is semantics-aware assembly is proposed, and implemented in a fuzz testing tool termed CodeAlchemist, which can generate arbitrary JavaScript code snippets that are both semantically and syntactically correct, and it effectively yields test cases that can crash JavaScript engines. Expand
DeepFuzz: Automatic Generation of Syntax Valid C Programs for Fuzz Testing
TLDR
This paper proposes a grammarbased fuzzing tool called DEEPFUZZ, based on a generative Sequence-to-Sequence model, which automatically and continuously generates well-formed C programs and improves the testing efficacy in regards to the line, function, and branch coverage. Expand
Compiler fuzzing through deep learning
TLDR
DeepSmith is introduced, a novel machine learning approach to accelerating compiler validation through the inference of generative models for compiler inputs that applies to the OpenCL programming language, automatically exposing bugs with little effort on the author's side. Expand
GramFuzz: Fuzzing testing of web browsers based on grammar analysis and structural mutation
TLDR
Vulnerability patterns are summarized and a new fuzzing testing method are proposed based on grammar analysis of input data and mutation of code structure, which will be more effective in the fuzzingTesting of web browsers. Expand
NAUTILUS: Fishing for Deep Bugs with Grammars
TLDR
NAUTILUS is proposed, a method to efficiently fuzz programs that require highly-structured inputs by combining the use of grammars with theUse of code coverage feedback, which significantly outperforms state-of-the-art approaches like AFL by an order of magnitude and grammar fuzzers by more than a factor of two when measuring code coverage. Expand
Model-based whitebox fuzzing for program binaries
TLDR
Modelbased Whitebox Fuzzing is called because the file format input model of blackbox fuzzers can be exploited as a constraint on the vast input space to rule out most invalid inputs during path exploration in symbolic execution. Expand
Learn&Fuzz: Machine learning for input fuzzing
TLDR
This paper shows how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques and presents a new algorithm for this learn&fuzz challenge which uses a learnt input probability distribution to intelligently guide where to fuzz inputs. Expand
IMF: Inferred Model-based Fuzzer
TLDR
This paper proposes a novel fuzzing technique for commodity OS kernels that leverages inferred dependence model between API function calls to discover deep kernel bugs. Expand
Learning to Fuzz: Application-Independent Fuzz Testing with Probabilistic, Generative Models of Input Data
TLDR
TreeFuzz is designed as a framework with an extensible set of techniques to infer generative models that create new data with properties similar to the corpus and generates mostly valid data for both JavaScript programs and HTML documents. Expand
Grammar-based whitebox fuzzing
TLDR
Results of the experiments show that grammar-based whitebox fuzzing explores deeper program paths and avoids dead-ends due to non-parsable inputs and increased coverage of the code generation module of the IE7 JavaScript interpreter from 53% to 81% while using three times fewer tests. Expand
...
1
2
3
4
5
...