Authors:
Kento Hasegawa
1
;
Hibiki Nakanishi
2
;
Seira Hidano
1
;
Kazuhide Fukushima
1
;
Kazuo Hashimoto
2
and
Nozomu Togawa
2
Affiliations:
1
KDDI Research, Inc., 2-1-15, Ohara, Fujimino-shi, Saitama, Japan
;
2
Waseda University, 3-4-1, Okubo, Shinjuku-ku, Tokyo, Japan
Keyword(s):
Internet of Things, Cybersecurity, Large Language Models, Fuzzing, User Interfaces.
Abstract:
The detailed implementation of IoT devices is often opaque, necessitating the use of a black-box model for verification. A challenge in fuzzing for the diverse types of IoT devices is generating initial test inputs (i.e., initial seeds for fuzzing) that fit the specific functions of the target. In this paper, we propose an automatic test input generation method for fuzzing the management interfaces of IoT devices. First, the automated web UI navigation function identifies the input fields. Next, the test input generation function creates appropriate test inputs for these input fields by analyzing the surrounding information of each field. By leveraging these functions, we establish a method for automatically generating test inputs specifically for the web user interfaces of IoT devices. The experimental results demonstrate that test inputs that are suitable for the input fields are successfully generated.