TL;DR
This paper provides a comprehensive analysis of target selection methods in directed fuzzing, revealing that simple software metrics outperform complex heuristics and highlighting the potential of language models for target prioritization.
Contribution
It introduces a systematic comparison of target selection methods in fuzzing, modeling them as scoring functions and evaluating their effectiveness on a large crash dataset.
Findings
Simple software metrics outperform other heuristics.
Language models show promise for target selection.
Target selection is an orthogonal dimension to fuzzing performance.
Abstract
A common paradigm for improving fuzzing performance is to focus on selected regions of a program rather than its entirety. While previous work has largely explored how these locations can be reached, their selection, that is, the where, has received little attention so far. A common paradigm for improving fuzzing performance is to focus on selected regions of a program rather than its entirety. While previous work has largely explored how these locations can be reached, their selection, that is, the where, has received little attention so far. In this paper, we fill this gap and present the first comprehensive analysis of target selection methods for fuzzing. To this end, we examine papers from leading security and software engineering conferences, identifying prevalent methods for choosing targets. By modeling these methods as general scoring functions, we are able to compare and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
