摘要
现有浏览器JavaScript引擎Fuzz工具在检测非崩溃类漏洞时存在不足。为此,提出一种结合内存检测与大语言模型的增强型漏洞检测方法。该方法改进Fuzz工具对潜在漏洞的判别能力,降低漏报率。同时,将大语言模型与常规变异器相结合,在PoC集激励下生成更复杂且具针对性的测试用例,有效探索深层代码路径,提升代码覆盖率。实验结果显示,改进后的工具在分支覆盖率和漏洞检测能力上较现有工具有效提升。
Existing Fuzz tools for browser JavaScript engines are insufficient in detecting non-crashing vulnerabilities.To address this issue,an enhanced vulnerability detection method combining memory detection and large language models(LLMs)is proposed.This method improves the Fuzz tool's ability to identify potential vulnerabilities and reduces the false-negative rate.Additionally,the integration of LLMs with conventional mutators generates more complex and targeted test cases under the stimulus of Proof-of-Concept(PoC)sets,effectively exploring deeper code paths and increasing code coverage.Experimental results show that the improved tool significantly enhances branch coverage and vulnerability detection capabilities compared to existing tools.
作者
丁加宇
沙乐天
潘家晔
Ding Jiayu;Sha Letian;Pan Jiaye(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
出处
《电子技术应用》
2026年第2期66-70,共5页
Application of Electronic Technique
基金
2024年度江苏省前沿技术研发项目(BF2024071)。
