Using artificial intelligence to augment bug fuzzing
Fuzz testing is a wide-use technique to test for bugs and vulnerabilities in software programs. The process leading up to the actual fuzzing is labour-intensive and time-consuming as it requires the tester to manually scope the software-under-test for fuzz-able files and functions in addition to man...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/166097 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-166097 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1660972023-04-21T15:37:20Z Using artificial intelligence to augment bug fuzzing Tay, Zhixuan Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Fuzz testing is a wide-use technique to test for bugs and vulnerabilities in software programs. The process leading up to the actual fuzzing is labour-intensive and time-consuming as it requires the tester to manually scope the software-under-test for fuzz-able files and functions in addition to manually crafting a fuzzing harness before the fuzzing can begin. This study explores the use of generative artificial intelligence, specifically ChatGPT to automate the generation of fuzzing harnesses. The goal of this study is to successfully generate a working fuzzing harness using ChatGPT and ultimately discover vulnerabilities in a software program. This paper presents a Proof-Of-Concept of AI fuzzing harness generation and provides detailed step-by-step guide and analysis of the whole fuzz testing process. The vulnerability found using the ChatGPT-generated fuzzing harness was responsibly disclosed to the developers and is pending review. Bachelor of Engineering (Computer Science) 2023-04-21T06:16:26Z 2023-04-21T06:16:26Z 2023 Final Year Project (FYP) Tay, Z. (2023). Using artificial intelligence to augment bug fuzzing. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/166097 https://hdl.handle.net/10356/166097 en SCSE22-0586 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Tay, Zhixuan Using artificial intelligence to augment bug fuzzing |
| description |
Fuzz testing is a wide-use technique to test for bugs and vulnerabilities in software programs. The process leading up to the actual fuzzing is labour-intensive and time-consuming as it requires the tester to manually scope the software-under-test for fuzz-able files and functions in addition to manually crafting a fuzzing harness before the fuzzing can begin. This study explores the use of generative artificial intelligence, specifically ChatGPT to automate the generation of fuzzing harnesses. The goal of this study is to successfully generate a working fuzzing harness using ChatGPT and ultimately discover vulnerabilities in a software program. This paper presents a Proof-Of-Concept of AI fuzzing harness generation and provides detailed step-by-step guide and analysis of the whole fuzz testing process. The vulnerability found using the ChatGPT-generated fuzzing harness was responsibly disclosed to the developers and is pending review. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Tay, Zhixuan |
| format |
Final Year Project |
| author |
Tay, Zhixuan |
| author_sort |
Tay, Zhixuan |
| title |
Using artificial intelligence to augment bug fuzzing |
| title_short |
Using artificial intelligence to augment bug fuzzing |
| title_full |
Using artificial intelligence to augment bug fuzzing |
| title_fullStr |
Using artificial intelligence to augment bug fuzzing |
| title_full_unstemmed |
Using artificial intelligence to augment bug fuzzing |
| title_sort |
using artificial intelligence to augment bug fuzzing |
| publisher |
Nanyang Technological University |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/166097 |
| _version_ |
1764208174871609344 |