ISC4DGF: Enhancing Directed Grey-Box Fuzzing with LLM-Driven Initial Seed Corpus Generation

Fuzz testing is crucial for identifying software vulnerabilities, with coverage-guided grey-box fuzzers like AFL and Angora excelling in broad detection. However, as the need for targeted detection grows, directed grey-box fuzzing (DGF) has become essential, focusing on specific vulnerabilities. The initial seed corpus, which consists of carefully selected input samples that the fuzzer uses as a starting point, is fundamental in determining the paths that the fuzzer explores. A well-designed seed corpus can guide the fuzzer more effectively towards critical areas of the code, improving the efficiency and success of the fuzzing process. Even with its importance, many works concentrate on refining guidance mechanisms while paying less attention to optimizing the initial seed corpus. In this paper, we introduce ISC4DGF, the first approach to generating optimized initial seed corpus for DGF using Large Language Models (LLMs). By leveraging LLMs' deep understanding of software and refined user inputs, ISC4DGF creates a precise seed corpus that efficiently triggers specific vulnerabilities through a multi-round validation process. Implemented on AFL and tested against state-of-the-art fuzzers such as Titan, BEACON, AFLGo, FairFuzz, and Entropic using the Magma benchmark, ISC4DGF achieved a 25.03x speedup with fewer target reaches. Moreover, ISC4DGF improves its ability to detect target vulnerabilities while narrowing the detection scope and reducing code coverage.