FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning
Αποθηκεύτηκε σε:
| Εκδόθηκε σε: | arXiv.org (Dec 11, 2024), p. n/a |
|---|---|
| Κύριος συγγραφέας: | |
| Έκδοση: |
Cornell University Library, arXiv.org
|
| Θέματα: | |
| Διαθέσιμο Online: | Citation/Abstract Full text outside of ProQuest |
| Ετικέτες: |
Δεν υπάρχουν, Καταχωρήστε ετικέτα πρώτοι!
|
| Περίληψη: | Fuzz testing is a fundamental technique employed to identify vulnerabilities within software systems. However, the process can be protracted and resource-intensive, especially when confronted with extensive codebases. In this work, I present FuzzDistill, an approach that harnesses compile-time data and machine learning to refine fuzzing targets. By analyzing compile-time information, such as function call graphs' features, loop information, and memory operations, FuzzDistill identifies high-priority areas of the codebase that are more probable to contain vulnerabilities. I demonstrate the efficacy of my approach through experiments conducted on real-world software, demonstrating substantial reductions in testing time. |
|---|---|
| ISSN: | 2331-8422 |
| Πηγή: | Engineering Database |