| dc.contributor.author | Barredo Ferreira, Jorge | |
| dc.contributor.author | Eceiza, Maialen | |
| dc.contributor.author | Flores, Jose Luis | |
| dc.contributor.author | Iturbe Urretxa, Mikel | |
| dc.date.accessioned | 2026-07-13T09:54:57Z | |
| dc.date.available | 2026-07-13T09:54:57Z | |
| dc.date.issued | 2026 | |
| dc.identifier.isbn | 978-3-032-19539-5 | en |
| dc.identifier.other | https://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=202308 | en |
| dc.identifier.uri | https://hdl.handle.net/20.500.11984/14625 | |
| dc.description.abstract | Software vulnerabilities in critical infrastructure components can lead to severe disruptions. While fuzzing effectively identifies such weaknesses, the quality of initial seed inputs significantly impacts its effectiveness. This study evaluates how large language models (LLMs) can generate better fuzzing seeds for critical infrastructure software. We compared seven LLMs—ChatGPT-4-Turbo, Claude 3.0 Opus, Claude 3.7 Sonnet, DeepSeek-V3, Gemini 2.0 Flash, Grok 3, and Mistral 7B—with manual baselines across six programs, including industrial control libraries, routing components, and network firmware. Over 20 independent 24-h campaigns per model and program, LLM-generated seeds achieved 14.8% higher code coverage, detected 56.3% more unique crashes, and reached first crashes 373.9% faster than manual methods. Performance patterns emerged across different infrastructure protocols, with certain models excelling at complex SCADA data formats while others performed better for network security components. The 56.5% computational efficiency improvement benefits resource-constrained operational technology environments. These findings demonstrate that LLM-generated seeds can meaningfully enhance vulnerability detection in software underlying critical infrastructure systems, offering a practical approach to strengthening resilience against cyber threats . | en |
| dc.language.iso | eng | en |
| dc.publisher | Springer Nature | en |
| dc.rights | © Springer Nature | en |
| dc.subject | LLMs | en |
| dc.subject | Fuzzing | en |
| dc.subject | Vulnerability detection | en |
| dc.title | Sow Smarter, Not Harder: Evaluating LLM-Generated Seeds for Fuzzing Critical Infrastructure | en |
| dcterms.accessRights | http://purl.org/coar/access_right/c_abf2 | en |
| dcterms.source | Critical Information Infrastructures Security | en |
| local.contributor.group | Análisis de Datos y Ciberseguridad | es |
| local.description.peerreviewed | true | en |
| local.description.publicationfirstpage | 326 | en |
| local.description.publicationlastpage | 346 | en |
| local.identifier.doi | https://doi.org/10.1007/978-3-032-19540-1_17 | en |
| local.contributor.otherinstitution | https://ror.org/03hp1m080 | es |
| local.contributor.otherinstitution | https://ror.org/000xsnr85 | es |
| local.source.details | CRITIS 2025. Lecture Notes in Computer Science. Vol 16291 | en |
| oaire.format.mimetype | application/pdf | en |
| oaire.file | $DSPACE\assetstore | en |
| oaire.resourceType | http://purl.org/coar/resource_type/c_c94f | en |
| oaire.version | http://purl.org/coar/version/c_ab4af688f83e57aa | en |
| dc.unesco.tesauro | http://vocabularies.unesco.org/thesaurus/concept2214 | en |
| dc.unesco.tesauro | http://vocabularies.unesco.org/thesaurus/concept1147 | en |
| oaire.funderName | Gobierno Español | en |
| oaire.funderName | Gobierno Vasco | en |
| oaire.fundingStream | Transmisiones 2024 | en |
| oaire.fundingStream | Ikertalde Convocatoria 2022-2025 | en |
| oaire.awardNumber | PLEC2024-011222 | en |
| oaire.awardNumber | IT1676-22 | en |
| oaire.awardTitle | TeCnologías disRuptivas para la protección, evaluación y operación segura de dIsposiTivos Industriales Conectados (CRITIC) | en |
| oaire.awardTitle | Grupo de sistemas inteligentes para sistemas industriales | en |
| dc.unesco.clasificacion | http://skos.um.es/unesco6/120903 | en |