Enhancing Software Vulnerability Detection Through Adaptive Test Input Generation Using Genetic Algorithm

TL;DR

This paper presents an adaptive genetic algorithm approach for software vulnerability detection that significantly improves code coverage and vulnerability discovery by dynamically guiding test input generation.

Contribution

The study introduces a novel adaptive, feedback-driven genetic algorithm method that enhances vulnerability detection by exploring a broader input space and guiding test generation more effectively.

Findings

39.8% increase in class coverage

62.4% increase in method coverage

166.0% increase in branch coverage

Abstract

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based method for test input generation that innovatively integrates genetic operators and adaptive learning to enhance software vulnerability detection. A key contribution is the application of the crossover operator, which facilitates exploration by searching across a broader space of potential test inputs. Complementing this, an adaptive feedback mechanism continuously learns from the system's execution behavior and dynamically guides input generation toward promising areas of the input space. Rather than relying on fixed or randomly selected inputs, the approach evolves a population of structurally valid test cases using feedback-driven selection, enabling deeper and more effective code traversal. This strategic integration of exploration and exploitation ensures that both diverse and targeted test inputs are developed over time. Evaluation was conducted across nine open-source JSON-processing libraries. The proposed method achieved substantial improvements in coverage compared to a benchmark evolutionary fuzzing method, with average gains of 39.8% in class coverage, 62.4% in method coverage, 105.0% in line coverage, 114.0% in instruction coverage, and 166.0% in branch coverage. These results highlight the method's capacity to detect deeper and more complex vulnerabilities, offering a scalable and adaptive solution to software security testing.