Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

  • 2020-01-13 08:45:56
  • Suyoung Lee, HyungSeok Han, Sang Kil Cha, Sooel Son
  • 4


JavaScript (JS) engine vulnerabilities pose significant security threatsaffecting billions of web browsers. While fuzzing is a prevalent technique forfinding such vulnerabilities, there have been few studies that leverage therecent advances in neural network language models (NNLMs). In this paper, wepresent Montage, the first NNLM-guided fuzzer for finding JS enginevulnerabilities. The key aspect of our technique is to transform a JS abstractsyntax tree (AST) into a sequence of AST subtrees that can directly trainprevailing NNLMs. We demonstrate that Montage is capable of generating valid JStests, and show that it outperforms previous studies in terms of findingvulnerabilities. Montage found 37 real-world bugs, including three CVEs, in thelatest JS engines, demonstrating its efficacy in finding JS engine bugs.


Quick Read (beta)

loading the full paper ...