TY - GEN
T1 - GRFuzz
T2 - 26th IEEE International Conference on Information Reuse and Integration and Data Science, IRI 2025
AU - Le-Minh, Viet Anh
AU - Tran, Hai Anh
AU - Nguyen, Huy Hieu
AU - Hoang, Nam Thang
AU - Tran, Truong X.
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - In the digital realm, ensuring the security and reliability of systems and software is of paramount importance. Fuzzing has emerged as one of the most effective testing techniques for uncovering vulnerabilities by systematically generating and executing test cases to explore unexpected software behaviors. While numerous studies have explored machine learningenhanced fuzzing for C libraries, research on applying machine learning techniques to fuzzing Python libraries remains limited. Given Python's widespread adoption in critical applications such as web development, data science, and cybersecurity, improving fuzzing efficiency for Python libraries is crucial for strengthening software security. In this paper, we propose a novel approach to fuzzing Python libraries using deep reinforcement learning (DRL), specifically leveraging the Group Relative Policy Optimization (GRPO) algorithm. Unlike traditional fuzzing methods that rely on random or heuristic-based input generation, our method dynamically learns and prioritizes test cases that maximize code coverage. To further enhance fuzzing effectiveness, we employ a greedy optimization strategy to fine-tune key hyperparameters, ensuring optimal performance. Our results demonstrate a 2.27% - 10.24% improvement in code coverage compared to both PPO-based fuzzing and the traditional Pythonfuzz, and a 28.50% - 33.25% reduction in memory consumption compared to PPO-based fuzzing. These results show that GRPO-based fuzzing can improve vulnerability detection while maintaining lower resource consumption.
AB - In the digital realm, ensuring the security and reliability of systems and software is of paramount importance. Fuzzing has emerged as one of the most effective testing techniques for uncovering vulnerabilities by systematically generating and executing test cases to explore unexpected software behaviors. While numerous studies have explored machine learningenhanced fuzzing for C libraries, research on applying machine learning techniques to fuzzing Python libraries remains limited. Given Python's widespread adoption in critical applications such as web development, data science, and cybersecurity, improving fuzzing efficiency for Python libraries is crucial for strengthening software security. In this paper, we propose a novel approach to fuzzing Python libraries using deep reinforcement learning (DRL), specifically leveraging the Group Relative Policy Optimization (GRPO) algorithm. Unlike traditional fuzzing methods that rely on random or heuristic-based input generation, our method dynamically learns and prioritizes test cases that maximize code coverage. To further enhance fuzzing effectiveness, we employ a greedy optimization strategy to fine-tune key hyperparameters, ensuring optimal performance. Our results demonstrate a 2.27% - 10.24% improvement in code coverage compared to both PPO-based fuzzing and the traditional Pythonfuzz, and a 28.50% - 33.25% reduction in memory consumption compared to PPO-based fuzzing. These results show that GRPO-based fuzzing can improve vulnerability detection while maintaining lower resource consumption.
UR - https://www.scopus.com/pages/publications/105017851752
UR - https://www.scopus.com/inward/citedby.url?scp=105017851752&partnerID=8YFLogxK
U2 - 10.1109/IRI66576.2025.00011
DO - 10.1109/IRI66576.2025.00011
M3 - Conference contribution
AN - SCOPUS:105017851752
T3 - Proceedings - 2025 IEEE International Conference on Information Reuse and Integration and Data Science, IRI 2025
SP - 13
EP - 18
BT - Proceedings - 2025 IEEE International Conference on Information Reuse and Integration and Data Science, IRI 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 6 August 2025 through 8 August 2025
ER -