FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning
This addresses efficiency in software security testing for developers and testers, though it appears incremental as it builds on existing fuzzing techniques with new prioritization methods.
The paper tackles the problem of fuzz testing being slow and resource-intensive for large codebases by presenting FuzzDistill, which uses compile-time analysis and machine learning to prioritize fuzzing targets, resulting in substantial reductions in testing time in experiments on real-world software.
Fuzz testing is a fundamental technique employed to identify vulnerabilities within software systems. However, the process can be protracted and resource-intensive, especially when confronted with extensive codebases. In this work, I present FuzzDistill, an approach that harnesses compile-time data and machine learning to refine fuzzing targets. By analyzing compile-time information, such as function call graphs' features, loop information, and memory operations, FuzzDistill identifies high-priority areas of the codebase that are more probable to contain vulnerabilities. I demonstrate the efficacy of my approach through experiments conducted on real-world software, demonstrating substantial reductions in testing time.