English

FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning

Software Engineering 2024-12-12 v1 Cryptography and Security Machine Learning

Abstract

Fuzz testing is a fundamental technique employed to identify vulnerabilities within software systems. However, the process can be protracted and resource-intensive, especially when confronted with extensive codebases. In this work, I present FuzzDistill, an approach that harnesses compile-time data and machine learning to refine fuzzing targets. By analyzing compile-time information, such as function call graphs' features, loop information, and memory operations, FuzzDistill identifies high-priority areas of the codebase that are more probable to contain vulnerabilities. I demonstrate the efficacy of my approach through experiments conducted on real-world software, demonstrating substantial reductions in testing time.

Keywords

Cite

@article{arxiv.2412.08100,
  title  = {FuzzDistill: Intelligent Fuzzing Target Selection using Compile-Time Analysis and Machine Learning},
  author = {Saket Upadhyay},
  journal= {arXiv preprint arXiv:2412.08100},
  year   = {2024}
}
R2 v1 2026-06-28T20:30:31.137Z