Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

• URL: http://arxiv.org/abs/2001.04107v2
• Date: Tue, 14 Jan 2020 08:28:37 GMT
• Title: Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
• Authors: Suyoung Lee, HyungSeok Han, Sang Kil Cha, Sooel Son
• Abstract summary: We present Montage, the first NNLM-guided fuzzer for finding JS engine vulnerabilities. Montage found 37 real-world bugs, including three CVEs, in the latest JS engines.
• Score: 18.908548472588976
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs). In this paper, we present Montage, the first NNLM-guided fuzzer for finding JS engine vulnerabilities. The key aspect of our technique is to transform a JS abstract syntax tree (AST) into a sequence of AST subtrees that can directly train prevailing NNLMs. We demonstrate that Montage is capable of generating valid JS tests, and show that it outperforms previous studies in terms of finding vulnerabilities. Montage found 37 real-world bugs, including three CVEs, in the latest JS engines, demonstrating its efficacy in finding JS engine bugs.

Related papers

• Mutation-Based Deep Learning Framework Testing Method in JavaScript Environment [16.67312523556796]
  We propose a mutation-based JavaScript DL framework testing method named DLJSFuzzer. DLJSFuzzer successfully detects 21 unique crashes and unique 126 NaN & Inconsistency bugs. DLJSFuzzer has improved by over 47% in model generation efficiency and over 91% in bug detection efficiency compared to all baselines.
  arXiv  Detail & Related papers  (2024-09-23T12:37:56Z)
• GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes [5.852467142337343]
  Prototype pollution is a recent vulnerability that affects JavaScript code. It is rooted in JavaScript's prototype-based inheritance, enabling attackers to inject arbitrary properties into an object's prototype at runtime. We study gadgets in V8-based JavaScript runtimes with prime focus on Node.js and Deno.
  arXiv  Detail & Related papers  (2024-07-15T15:30:00Z)
• Stealth edits to large language models [76.53356051271014]
  We show that a single metric can be used to assess a model's editability. We also reveal the vulnerability of language models to stealth attacks.
  arXiv  Detail & Related papers  (2024-06-18T14:43:18Z)
• FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques [53.288368877654705]
  FV8 is a modified V8 JavaScript engine designed to identify evasion techniques in JavaScript code. It selectively enforces code execution on APIs that conditionally inject dynamic code. It identifies 1,443 npm packages and 164 (82%) extensions containing at least one type of evasion.
  arXiv  Detail & Related papers  (2024-05-21T19:54:19Z)
• A Study of Vulnerability Repair in JavaScript Programs with Large Language Models [2.4622939109173885]
  Large Language Models (LLMs) have demonstrated substantial advancements across multiple domains. Our experiments on real-world software vulnerabilities show that while LLMs are promising in automatic program repair of JavaScript code, achieving a correct bug fix often requires an appropriate amount of context in the prompt.
  arXiv  Detail & Related papers  (2024-03-19T23:04:03Z)
• CovRL: Fuzzing JavaScript Engines with Coverage-Guided Reinforcement Learning for LLM-based Mutation [2.5864634852960444]
  This paper presents a novel technique called CovRL (Coverage-guided Reinforcement Learning) that combines Large Language Models (LLMs) with reinforcement learning from coverage feedback. CovRL-Fuzz identifies 48 real-world security-related bugs in the latest JavaScript engines, including 39 previously unknown vulnerabilities and 11 CVEs.
  arXiv  Detail & Related papers  (2024-02-19T15:30:40Z)
• SoK: Analysis techniques for WebAssembly [0.0]
  WebAssembly is a low-level bytecode language that allows languages like C, C++, and Rust to be executed in the browser at near-native performance. Vulnerabilities in memory-unsafe languages, like C and C++, can translate into vulnerabilities in WebAssembly binaries. WebAssembly has been used for malicious purposes like cryptojacking.
  arXiv  Detail & Related papers  (2024-01-11T14:28:13Z)
• Static Semantics Reconstruction for Enhancing JavaScript-WebAssembly Multilingual Malware Detection [51.15122099046214]
  WebAssembly allows attackers to hide the malicious functionalities of JavaScript malware in cross-language interoperations. The detection of JavaScript-WebAssembly multilingual malware (JWMM) is challenging due to the complex interoperations and semantic diversity between JavaScript and WebAssembly. We present JWBinder, the first technique aimed at enhancing the static detection of JWMM.
  arXiv  Detail & Related papers  (2023-10-26T10:59:45Z)
• Backdoor Attack with Sparse and Invisible Trigger [57.41876708712008]
  Deep neural networks (DNNs) are vulnerable to backdoor attacks. backdoor attack is an emerging yet threatening training-phase threat. We propose a sparse and invisible backdoor attack (SIBA)
  arXiv  Detail & Related papers  (2023-05-11T10:05:57Z)
• Trojaning Language Models for Fun and Profit [53.45727748224679]
  TROJAN-LM is a new class of trojaning attacks in which maliciously crafted LMs trigger host NLP systems to malfunction. By empirically studying three state-of-the-art LMs in a range of security-critical NLP tasks, we demonstrate that TROJAN-LM possesses the following properties.
  arXiv  Detail & Related papers  (2020-08-01T18:22:38Z)
• Adversarial Attacks and Defenses on Graphs: A Review, A Tool and Empirical Studies [73.39668293190019]
  Adversary attacks can be easily fooled by small perturbation on the input. Graph Neural Networks (GNNs) have been demonstrated to inherit this vulnerability. In this survey, we categorize existing attacks and defenses, and review the corresponding state-of-the-art methods.
  arXiv  Detail & Related papers  (2020-03-02T04:32:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.