Content area
Fuzz testing is a fundamental technique employed to identify vulnerabilities within software systems. However, the process can be protracted and resource-intensive, especially when confronted with extensive codebases. In this work, I present FuzzDistill, an approach that harnesses compile-time data and machine learning to refine fuzzing targets. By analyzing compile-time information, such as function call graphs' features, loop information, and memory operations, FuzzDistill identifies high-priority areas of the codebase that are more probable to contain vulnerabilities. I demonstrate the efficacy of my approach through experiments conducted on real-world software, demonstrating substantial reductions in testing time.
Details
Identifier / keyword
Title
FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning
Author
arXiv.org; Ithaca
Publication year
2024
Publication date
Dec 11, 2024
Section
Computer Science
Source
arXiv.org
Place of publication
Ithaca
Country of publication
United States
University/institution
Cornell University Library arXiv.org
Publication subject
e-ISSN
2331-8422
Source type
Working Paper
Language of publication
English
Document type
Working Paper
Publication history
Online publication date
2024-12-12
Milestone dates
2024-12-11 (Submission v1)
Publication history
First posting date
12 Dec 2024
ProQuest document ID
3143450942
Document URL
https://www.proquest.com/working-papers/fuzzdistill-intelligent-fuzzing-target-selection/docview/3143450942/se-2?accountid=208611
Full text outside of ProQuest
Copyright
© 2024. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Last updated
2024-12-13
Database
ProQuest One Academic