Automatic Library Fuzzing through API Relation Evolvement
Jiayi Lin
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Fuzzing 2
Software libraries form the foundational components of countless applications, yet they often harbor complex vulnerabilities that are difficult to uncover through traditional testing methods. This talk introduces Nexer, an innovative fuzzing tool designed to automatically identify vulnerabilities within these critical software libraries by addressing a long-standing challenge: balancing input diversity with API usage accuracy. Presented by Jiayi Lin from the University of Hong Kong, this research highlights the limitations of existing library fuzzing approaches which often sacrifice one for the other, leading to either limited bug discovery or a deluge of false positives from API misuses.
AI review
Competent academic fuzzing research with real results — 27 bugs, 5 CVEs, 93% misuse filtering — but the core ideas (static+dynamic API learning, modular driver decomposition) are evolutionary refinements of a well-trodden space rather than a conceptual leap. Solid NDSS-tier work that belongs in the literature; whether it belongs on a conference stage depends entirely on what else is in the program.