Intelligent Graybox Fuzzing via ATPG-Guided Seed Generation and Submodule Analysis

• URL: http://arxiv.org/abs/2509.20808v1
• Date: Thu, 25 Sep 2025 06:46:19 GMT
• Title: Intelligent Graybox Fuzzing via ATPG-Guided Seed Generation and Submodule Analysis
• Authors: Raghul Saravanan, Sudipta Paria, Aritra Dasgupta, Swarup Bhunia, Sai Manoj P D,
• Abstract summary: Hardware fuzzing is one of the crucial techniques for finding security flaws in modern hardware designs.<n>Coverage-Guided Fuzzing (CGF) methods help explore designs more effectively, but they struggle to focus on specific parts of the hardware.<n>Existing Directed Gray-box Fuzzing (DGF) techniques like DirectFuzz try to solve this by generating targeted tests.<n>We introduce a novel framework, PROFUZZ, that follows the DGF approach and combines fuzzing with Automatic Test Pattern Generation (ATPG) for more efficient fuzzing.
• Score: 5.029193774082768
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize coverage and speed up verification. Coverage-Guided Fuzzing (CGF) methods help explore designs more effectively, but they struggle to focus on specific parts of the hardware. Existing Directed Gray-box Fuzzing (DGF) techniques like DirectFuzz try to solve this by generating targeted tests, but it has major drawbacks, such as supporting only limited hardware description languages, not scaling well to large circuits, and having issues with abstraction mismatches. To address these problems, we introduce a novel framework, PROFUZZ, that follows the DGF approach and combines fuzzing with Automatic Test Pattern Generation (ATPG) for more efficient fuzzing. By leveraging ATPG's structural analysis capabilities, PROFUZZ can generate precise input seeds that target specific design regions more effectively while maintaining high fuzzing throughput. Our experiments show that PROFUZZ scales 30x better than DirectFuzz when handling multiple target sites, improves coverage by 11.66%, and runs 2.76x faster, highlighting its scalability and effectiveness for directed fuzzing in complex hardware systems.

Related papers

• Enhancing Fuzz Testing Efficiency through Automated Fuzz Target Generation [0.0]
  We introduce an approach to improving fuzz target generation through static analysis of library source code.<n>Our findings are demonstrated through the application of this approach to the generation of fuzz targets for C/C++ libraries.
  arXiv  Detail & Related papers  (2026-01-17T09:08:11Z)
• GoldenFuzz: Generative Golden Reference Hardware Fuzzing [13.434848597658215]
  Existing hardware fuzzers suffer from limited semantic awareness, inefficient test refinement, and high computational overhead.<n>We present GoldenFuzz, a novel two-stage hardware fuzzing framework that partially decouples test case refinement from coverage and vulnerability exploration.<n>GoldenFuzz uncovers all known vulnerabilities and discovers five new ones, four of which are classified as highly severe with CVSS v3 severity scores exceeding seven out of ten.
  arXiv  Detail & Related papers  (2025-12-25T06:16:55Z)
• LLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation [56.84049855266145]
  We propose a Multi-feedback Smart Contract Fuzzing framework (LLAMA) that integrates evolutionary mutation strategies, and hybrid testing techniques.<n>LLAMA achieves 91% instruction coverage and 90% branch coverage, while detecting 132 out of 148 known vulnerabilities.<n>These results highlight LLAMA's effectiveness, adaptability, and practicality in real-world smart contract security testing scenarios.
  arXiv  Detail & Related papers  (2025-07-16T09:46:58Z)
• Directed Greybox Fuzzing via Large Language Model [5.667013605202579]
  HGFuzzer is an automatic framework that transforms path constraint problems into targeted code generation tasks.<n>We evaluate HGFuzzer on 20 real-world vulnerabilities, successfully triggering 17, including 11 within the first minute.<n>HGFuzzer discovered 9 previously unknown vulnerabilities, all of which were assigned CVE IDs.
  arXiv  Detail & Related papers  (2025-05-06T11:04:07Z)
• FuzzWiz -- Fuzzing Framework for Efficient Hardware Coverage [2.1626093085892144]
  We create an automated hardware fuzzing framework called FuzzWiz. It includes parsing the RTL design module, converting it into C/C++ models, creating generic testbench with assertions, linking, and fuzzing. Our benchmarking results show that we could achieve around 90% of the coverage 10 times faster than traditional simulation regression based approach.
  arXiv  Detail & Related papers  (2024-10-23T10:06:08Z)
• ISC4DGF: Enhancing Directed Grey-box Fuzzing with LLM-Driven Initial Seed Corpus Generation [32.6118621456906]
  directed grey-box fuzzing (DGF) has become essential, focusing on specific vulnerabilities. ISC4DGF generates optimized initial seed corpus for DGF using Large Language Models (LLMs) ISC4DGF achieved a 35.63x speedup and 616.10x fewer target reaches.
  arXiv  Detail & Related papers  (2024-09-22T06:27:28Z)
• G-Fuzz: A Directed Fuzzing Framework for gVisor [48.85077340822625]
  G-Fuzz is a directed fuzzing framework for gVisor. G-Fuzz has been deployed in industry and has detected multiple serious vulnerabilities.
  arXiv  Detail & Related papers  (2024-09-20T01:00:22Z)
• FuzzCoder: Byte-level Fuzzing Test via Large Language Model [46.18191648883695]
  We propose to adopt fine-tuned large language models (FuzzCoder) to learn patterns in the input files from successful attacks. FuzzCoder can predict mutation locations and strategies locations in input files to trigger abnormal behaviors of the program.
  arXiv  Detail & Related papers  (2024-09-03T14:40:31Z)
• MoE-FFD: Mixture of Experts for Generalized and Parameter-Efficient Face Forgery Detection [54.545054873239295]
  Deepfakes have recently raised significant trust issues and security concerns among the public.<n>ViT-based methods take advantage of the expressivity of transformers, achieving superior detection performance.<n>This work introduces Mixture-of-Experts modules for Face Forgery Detection (MoE-FFD), a generalized yet parameter-efficient ViT-based approach.
  arXiv  Detail & Related papers  (2024-04-12T13:02:08Z)
• Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing [16.22481369547266]
  Hardware fuzzing is an effective approach to exploring and detecting security vulnerabilities in large-scale designs like modern processors. We propose a novel ML-based hardware fuzzer, ChatFuzz, to address this challenge. ChatFuzz achieves condition coverage rate of 75% in just 52 minutes compared to a state-of-the-art fuzzer.
  arXiv  Detail & Related papers  (2024-04-10T09:28:54Z)
• JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing [12.338137154105034]
  We investigate fuzzing for 7-Series and UltraScale(+) FPGA configuration engines. Our goal is to examine the effectiveness of fuzzing to analyze and document the inner workings of FPGA configuration engines.
  arXiv  Detail & Related papers  (2024-02-15T10:03:35Z)
• Joint Attention-Guided Feature Fusion Network for Saliency Detection of Surface Defects [69.39099029406248]
  We propose a joint attention-guided feature fusion network (JAFFNet) for saliency detection of surface defects based on the encoder-decoder network. JAFFNet mainly incorporates a joint attention-guided feature fusion (JAFF) module into decoding stages to adaptively fuse low-level and high-level features. Experiments conducted on SD-saliency-900, Magnetic tile, and DAGM 2007 indicate that our method achieves promising performance in comparison with other state-of-the-art methods.
  arXiv  Detail & Related papers  (2024-02-05T08:10:16Z)
• ASFD: Automatic and Scalable Face Detector [129.82350993748258]
  We propose a novel Automatic and Scalable Face Detector (ASFD) ASFD is based on a combination of neural architecture search techniques as well as a new loss design. Our ASFD-D6 outperforms the prior strong competitors, and our lightweight ASFD-D0 runs at more than 120 FPS with Mobilenet for VGA-resolution images.
  arXiv  Detail & Related papers  (2020-03-25T06:00:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.