BertRLFuzzer: A BERT and Reinforcement Learning Based Fuzzer
This addresses the challenge of efficiently detecting vulnerabilities in web applications for security researchers, though it is an incremental improvement over existing fuzzing methods.
The paper tackles the problem of finding security vulnerabilities in web applications by introducing BertRLFuzzer, a tool that uses BERT and reinforcement learning to guide mutation operations, resulting in a 54% reduction in time to first attack, discovery of 17 new vulnerabilities, and a 4.4% higher attack rate compared to the nearest competitor.
We present a novel tool BertRLFuzzer, a BERT and Reinforcement Learning (RL) based fuzzer aimed at finding security vulnerabilities for Web applications. BertRLFuzzer works as follows: given a set of seed inputs, the fuzzer performs grammar-adhering and attack-provoking mutation operations on them to generate candidate attack vectors. The key insight of BertRLFuzzer is the use of RL with a BERT model as an agent to guide the fuzzer to efficiently learn grammar-adhering and attack-provoking mutation operators. In order to establish the efficacy of BertRLFuzzer we compare it against a total of 13 black box and white box fuzzers over a benchmark of 9 victim websites with over 16K LOC. We observed a significant improvement relative to the nearest competing tool in terms of time to first attack (54% less), new vulnerabilities found (17 new vulnerabilities), and attack rate (4.4% more attack vectors generated).