We present a novel tool BertRLFuzzer, a BERT and Reinforcement Learning (RL) based fuzzer aimed at finding security vulnerabilities for Web applications. BertRLFuzzer works as follows: given a set of seed inputs, the fuzzer performs grammar-adhering and attack-provoking mutation operations on them to generate candidate attack vectors. The key insight of BertRLFuzzer is the use of RL with a BERT model as an agent to guide the fuzzer to efficiently learn grammar-adhering and attack-provoking mutation operators. In order to establish the efficacy of BertRLFuzzer we compare it against a total of 13 black box and white box fuzzers over a benchmark of 9 victim websites with over 16K LOC. We observed a significant improvement, relative to the nearest competing tool, in terms of time to first attack (54% less), new vulnerabilities found (17 new vulnerabilities), and attack rate (4.4% more attack vectors generated).

翻译：我们提出了一种新型工具BertRLFuzzer，这是一种基于BERT和强化学习的模糊测试工具，旨在发现Web应用程序的安全漏洞。BertRLFuzzer的工作原理如下：给定一组种子输入，该模糊测试工具对其实施符合语法规范的、可诱发攻击的变异操作，以生成候选攻击向量。BertRLFuzzer的核心创新在于，将强化学习与作为智能体的BERT模型相结合，引导模糊测试工具高效学习符合语法规范并能诱发攻击的变异算子。为验证BertRLFuzzer的有效性，我们将其与总计13个黑盒和白盒模糊测试工具进行了对比，基准测试涵盖9个目标网站（含超过16K行代码）。相对于性能最接近的竞品工具，我们观察到显著提升：首次攻击时间减少54%，新发现漏洞数量增加17个，攻击率提升（生成的攻击向量多出4.4%）。