A Directed Grey-box Fuzz Testing Method Based on Potential Vulnerabilities of Program Basic Blocks

This manuscript proposes an approach to fuzzing test based on basic block vulnerabilities. Existing directed fuzzing test techniques rely on manual intervention to identify vulnerabilities and lack automated localization methods or are not efficient enough for localization. We predict the vulnerability of basic blocks by further refining the basic block units and then extracting features from both semantic and structural information, combined with a deep learning approach, and then determine the target points for directed fuzzy testing to guide fuzzing test through the vulnerability of basic blocks in relation to their topology. Our approach achieves automated analysis of programs while outperforming existing methods, with specific algorithmic descriptions and experimental data presented in the manuscript.