GeniFuzz: Optimisation of Generative Protocol Fuzzing Based on Large Language Models

ABSTRACT Generative black‐box fuzzing techniques have been demonstrated to offer distinct advantages when confronted with closed‐source systems. However, testers have been shown to lack efficiency in developing fuzzing templates for emerging increasingly complex protocols. To address this challenge, we develop GeniFuzz and construct a proprietary knowledge database for generative fuzzing. This database is designed to refine and contextualise the large language models, thereby enabling it to substitute for the experts' function in generating fuzzing templates. Thus, a generative fuzzing framework based on large language models has been established. The experimental results demonstrate that GeniFuzz's composite score in the fuzzing template generation task is enhanced by 37.41% on average compared to the expert‐written templates, and by 22.48% over the expert‐written templates in terms of path coverage, and by 17.22% on average in efficiency of triggering crashes. Furthermore, the experiments demonstrate that the enhancement in the efficacy of fuzz testing, as implemented by the GeniFuzz framework, exhibits robustness and independence from the particular large language model utilised.