Fuzz testing, a technique for detecting critical software vulnerabil-ities, combines various methodologies from previous research to improve its effectiveness. For fuzzing practitioners, it is imperative to comprehend the effects of distinct techniques and select the ideal configuration customized to the program they need to test. However, evaluating the individual contributions of these tech-niques is often very difficult. Prior research compared assembled fuzzers and studied their affinity with different programs. Nev-ertheless, assembled fuzzers cannot be easily broken down into independent components, and therefore, the evaluation does not clarify which technique explains the performance of the fuzzer. Without understanding the potential impact of integrating different fuzzing techniques, it becomes even more challenging to adjust the fuzzer configuration for different programs under test.
Our research tackles this challenge by introducing a novel ap-proach that correlates static analysis features extracted at compile time with the performance results of various fuzzing techniques. Our method uses diverse metrics to uncover the relationship be-tween the static attributes of a program and the dynamic runtime performance of fuzzers. The correlation analysis performed on 23 target applications reveals interesting relationships, such as power schedulers performing better with larger programs and context-sensitive feedback struggling with a large number of inputs.
This approach not only enhances our analytical understand-ing of fuzzing techniques, but also enables predictive capabilities. We show how a simple machine learning model can propose a fuzzer configuration customized for a particular program using information collected through static analysis. In 11 of our bench-mark programs, fuzzers using the suggested configuration achieved the best improvement over the baseline compared to AFLplusplus, LibFuzzer and Honggfuzz.
