FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning

Сохранить в:

Библиографические подробности
Опубликовано в::	arXiv.org (Dec 11, 2024), p. n/a
Главный автор:	Upadhyay, Saket
Опубликовано:	Cornell University Library, arXiv.org
Предметы:	Testing time Machine learning Harnesses Computer programming Software testing
Online-ссылка:	Citation/Abstract Full text outside of ProQuest
Метки:	Добавить метку Нет меток, Требуется 1-ая метка записи!

MARC


LEADER	00000nab a2200000uu 4500
001	3143450942
003	UK-CbPIL
022			\|a 2331-8422
035			\|a 3143450942
045	0		\|b d20241211
100	1		\|a Upadhyay, Saket
245	1		\|a FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning
260			\|b Cornell University Library, arXiv.org \|c Dec 11, 2024
513			\|a Working Paper
520	3		\|a Fuzz testing is a fundamental technique employed to identify vulnerabilities within software systems. However, the process can be protracted and resource-intensive, especially when confronted with extensive codebases. In this work, I present FuzzDistill, an approach that harnesses compile-time data and machine learning to refine fuzzing targets. By analyzing compile-time information, such as function call graphs' features, loop information, and memory operations, FuzzDistill identifies high-priority areas of the codebase that are more probable to contain vulnerabilities. I demonstrate the efficacy of my approach through experiments conducted on real-world software, demonstrating substantial reductions in testing time.
653			\|a Testing time
653			\|a Machine learning
653			\|a Harnesses
653			\|a Computer programming
653			\|a Software testing
773	0		\|t arXiv.org \|g (Dec 11, 2024), p. n/a
786	0		\|d ProQuest \|t Engineering Database
856	4	1	\|3 Citation/Abstract \|u https://www.proquest.com/docview/3143450942/abstract/embedded/6A8EOT78XXH2IG52?source=fedsrch
856	4	0	\|3 Full text outside of ProQuest \|u http://arxiv.org/abs/2412.08100