LLMCluster – Fuzzing crash triage using generative AI
Fuzzing is a common security and testing technique using mutated input against systems under test to identify crashes that could be exploited against the program. Fuzzing campaigns can run over long timespans and generate significant data. Crash triage, the analysis of fuzzing crash data, is a human-intensive endeavor following the fuzzing campaign. Triage requires the analyst to deduplicate or bucket similar crashes and to explore the impact that a given bucket of crashes has on the system under test. In our work, we explore the usage of large language models hosted on NARWHAL and NAUTILUS to simplify the bucketing of crashes in API Fuzzers. We present LLMCluster, a novel framework for crash bucketing and compare it to previous bucketing algorithms.
IMPACT
Accomplishment: Led a team of 3 engineers to develop a framework to analyze crash data using LLM.  Result: Provided insights into further usage of LLMs in the software engineering/software security lifecycle. Applied research necessary to integrate further algorithms into fuzzing capabilities.
PRESENTER
Pack, Derik
derik.l.pack.civ@us.navy.mil
843-218-5015
Naval Information Warfare Center Atlantic
CO-AUTHOR(S)
Leclerc, Anthony
anthony.p.leclerc.civ@us.navy.mil
CATEGORY
GPU usage for HPC
SECONDARY CATEGORY
AI/ML for HPC
SYSTEM(S) USED
NARWHAL NAUTILUS