Gavin Black

Date of Award

Fall 10-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)

First Advisor

Varghese Vaidyan

Second Advisor

Austin O'Brien

Third Advisor

Yong Wang

Abstract

Modern computer security is greatly enhanced through the use of fuzzing to uncover problems in underlying program logic. Traditional fuzzing primarily targets code coverage and crashing error conditions, which are inadequate for detecting other non-desired behaviors. This dissertation introduces a comprehensive, multi-dimensional fuzzing framework that extends conventional approaches to include resource usage metrics. By integrating rigorous statistical methods and leveraging multiple sources of fuzzing data, this framework offers a novel and theoretically robust means of identifying and evaluating complex program behaviors that impact system performance and security. The contributions of this dissertation include a generalized framework for resource usage fuzzing, statistical testing mechanisms for fuzzing corpora, and an assessment of LLM-generated program samples. We demonstrate that the chosen metrics are independent and able to identify different sources of fuzzing samples. To accomplish this, over 5 million labeled samples across 50 Python programs are included to provide evidence of effectiveness. The results offer guidelines for practical applications and future studies, contributing to the development of more resilient software systems and considerations when using LLMs for fuzzing.

Download

Share

COinS