How to Train Your Llama – Efficient Grammar-Based Application Fuzzing Using Large Language Models

Authors

Ibrahim Mhiri, Matthias Börsig, Akim Stark, and Ingmar Baumgart

Abstract

Fuzzing is an automated testing technique that generates random input to identify software bugs and vulnerabilities by provoking unexpected behavior. Although effective, traditional fuzzing lacks input generation guidance, which often leads to inefficiency and wasted time, especially for complex programs, because many inputs are invalid and are rejected. Grammar-based fuzzers address this problem by generating inputs that match the syntactic structure of the program, although they require expert knowledge to define accurate grammars.
Large Language Models (LLMs) show remarkable capabilities in Natural Language Processing (NLP), improving efficiency in various domains. These models can be used to generate input for fuzzers, as they can quickly learn or already have familiarity with the required input formats. This paper explores the integration of LLMs with fuzzing methods to streamline directed input generation and thereby increase fuzzing efficiency. We specifically adapt Llama2 for use with American Fuzzy Lop (AFL), focusing on Extensible Markup Language (XML) due to its commonality as a structured file format. Our approach demonstrates the potential of LLMs to enhance traditional fuzzing by providing targeted, intelligent input generation. Experimental results show that our approach can achieve up to six times more code coverage after 24 hours compared to using AFL alone. Furthermore, in our tests, our method provides up to 50% more coverage than a grammar-based fuzzer.

Keywords

Grammar-Based Fuzzing, XML, Fuzzing, Large Language Models, Llama2, Fine-Tuning, Prompt-Tuning

Copyright

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025
L. Horn Iwaya et al. (Eds.): NordSec 2024, LNCS 15396, pp. 1--19, 2025.
https://doi.org/10.1007/978-3-031-79007-2_13

This version of the contribution has been accepted for publication, after peer review but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: https://dx.doi.org/10.1007/978-3-031-79007-2_13. Use of this Accepted Version is subject to the publisher's Accepted Manuscript terms of use https://www.springernature.com/gp/open-science/policies/accepted-manuscript-terms

Publication

Secure IT Systems: 29th Nordic Conference, NordSec 2024 Karlstad, Sweden, November 6-7, 2024 Proceedings

DOI: 10.1007/978-3-031-79007-2_13
BibTeX: Download
PDF: Download

@inproceedings{Mhiri2025,
  author = {Ibrahim Mhiri and Matthias Börsig and Akim Stark and Ingmar Baumgart},
  title  = {{How to Train Your Llama – Efficient Grammar-Based Application Fuzzing Using Large Language Models}},
  booktitle = {Secure IT Systems: 29th Nordic Conference, NordSec 2024 Karlstad, Sweden, November 6–7, 2024 Proceedings},
  month = {1},
  year = {2025},
  isbn = {978-3-031-79006-5},
  editor= {Leonardo Horn Iwaya and Liina Kamm and Leonardo Martucci and Tobias Pulls},
  publisher = {Springer-Verlag},
  address = {Berlin, Heidelberg},
  location = {Karlstad, Sweden},
  pages = {239–257},
  series = {Lecture Notes in Computer Science},
  volume = {15396},
  doi = {10.1007/978-3-031-79007-2_13},
  url = {https://dx.doi.org/10.1007/978-3-031-79007-2_13}
}