SOK LLM-Enhanced Fuzzing for Vulnerability Detection
SOK LLM-Enhanced Fuzzing for Vulnerability Detection
Supervisor(s): | Marius Momeu Manuel Andreas |
Status: | finished |
Topic: | Others |
Author: | Alexiy Zhandarov |
Submission: | 2025-06-02 |
Type of Thesis: | Bachelorthesis |
DescriptionThe recent emergence of large language models (LLMs) has introduced new opportunities in software testing, particularly in the automation of tasks traditionally requiring human-crafted components such as inputs, grammars, and test drivers. This thesis systematically explores the integration of LLMs into fuzzing workflows - a process known as LLM-enhanced or LLM-based fuzzing. Covering 20 state-of-the-art papers published between 2023 and early 2025, this work categorizes LLM applications into four core roles: initial seed generation, seed/input mutation, driver/generator & analysis assistance, and full-pipeline integration. Through this taxonomy, the thesis identifies trends in model usage, effectiveness in increasing code coverage and bug discovery, and the growing reliance on modular, feedback-driven architectures. While results show clear improvements in several areas, challenges remain. Drawing from both from academic literature and practitioner surveys, this thesis highlights the strengths and shortcomings of current approaches, and contributes a practical recreation of one of the techniques evaluated to test its performance under real world constraints. This thesis concludes with a discussion of future directions for LLM-assisted fuzzing and its role in scalable, intelligent vulnerability discovery. |