Título
Sow Smarter, Not Harder: Evaluating LLM-Generated Seeds for Fuzzing Critical InfrastructureOtras instituciones
https://ror.org/03hp1m080https://ror.org/000xsnr85
Versión
PostprintTipo de documento
Contribución a congresoIdioma
InglésDerechos
© Springer NatureAcceso
Acceso abiertoVersión de la editorial
https://doi.org/10.1007/978-3-032-19540-1_17Publicado en
Critical Information Infrastructures Security CRITIS 2025. Lecture Notes in Computer Science. Vol 16291Editorial
Springer NaturePalabras clave
LLMsFuzzing
Vulnerability detection
Materia (Tesauro UNESCO)
Análisis de datosProtección de datos
Resumen
Software vulnerabilities in critical infrastructure components can lead to severe disruptions. While fuzzing effectively identifies such weaknesses, the quality of initial seed inputs significantly im ... [+]
Software vulnerabilities in critical infrastructure components can lead to severe disruptions. While fuzzing effectively identifies such weaknesses, the quality of initial seed inputs significantly impacts its effectiveness. This study evaluates how large language models (LLMs) can generate better fuzzing seeds for critical infrastructure software. We compared seven LLMs—ChatGPT-4-Turbo, Claude 3.0 Opus, Claude 3.7 Sonnet, DeepSeek-V3, Gemini 2.0 Flash, Grok 3, and Mistral 7B—with manual baselines across six programs, including industrial control libraries, routing components, and network firmware. Over 20 independent 24-h campaigns per model and program, LLM-generated seeds achieved 14.8% higher code coverage, detected 56.3% more unique crashes, and reached first crashes 373.9% faster than manual methods. Performance patterns emerged across different infrastructure protocols, with certain models excelling at complex SCADA data formats while others performed better for network security components. The 56.5% computational efficiency improvement benefits resource-constrained operational technology environments. These findings demonstrate that LLM-generated seeds can meaningfully enhance vulnerability detection in software underlying critical infrastructure systems, offering a practical approach to strengthening resilience against cyber threats . [-]
Financiador
Gobierno EspañolGobierno Vasco
Programa
Transmisiones 2024Ikertalde Convocatoria 2022-2025
Número
PLEC2024-011222IT1676-22
Proyecto
TeCnologías disRuptivas para la protección, evaluación y operación segura de dIsposiTivos Industriales Conectados (CRITIC)Grupo de sistemas inteligentes para sistemas industriales
Colecciones
- Congresos - Ingeniería [563]



















