DeFuzz: Deep Learning Guided Directed Fuzzing
This addresses the lack of directedness in fuzzing for software security, offering a domain-specific incremental improvement.
The paper tackles the problem of directed fuzzing for software vulnerability detection by proposing DeFuzz, a deep learning-guided approach that identifies vulnerable functions and locations, then fuzzes them directly. The result shows DeFuzz discovers coverage more and faster than AFL and exposes 43 more bugs on real-world applications.
Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this paper, we proposed a deep learning (DL) guided directed fuzzing for software vulnerability detection, named DeFuzz. DeFuzz includes two main schemes: (1) we employ a pre-trained DL prediction model to identify the potentially vulnerable functions and the locations (i.e., vulnerable addresses). Precisely, we employ Bidirectional-LSTM (BiLSTM) to identify attention words, and the vulnerabilities are associated with these attention words in functions. (2) then we employ directly fuzzing to fuzz the potential vulnerabilities by generating inputs that tend to arrive the predicted locations. To evaluate the effectiveness and practical of the proposed DeFuzz technique, we have conducted experiments on real-world data sets. Experimental results show that our DeFuzz can discover coverage more and faster than AFL. Moreover, DeFuzz exposes 43 more bugs than AFL on real-world applications.