Fuzz testing is a fundamental technique employed to identify vulnerabilities within software systems. However, the process can be protracted and resource-intensive, especially when confronted with extensive codebases. In this work, I present FuzzDistill, an approach that harnesses compile-time data and machine learning to refine fuzzing targets. By analyzing compile-time information, such as function call graphs' features, loop information, and memory operations, FuzzDistill identifies high-priority areas of the codebase that are more probable to contain vulnerabilities. I demonstrate the efficacy of my approach through experiments conducted on real-world software, demonstrating substantial reductions in testing time.
FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning
FuzzDistill uses compile-time data and machine learning to prioritize vulnerability targets in software, reducing testing time.
- Year
- 2024
- Venue
- arXiv 2024
- Authors
- 1
- Hosting
- Abstract onlyARXIV-DEFAULT
Cite
Notes
Only stored in your browser.
Attribution
- Abstract & full text
- arxiv.org/abs/2412.08100ARXIV-DEFAULT
- TL;DR
- Semantic Scholar