Directed Fuzzing seems to be a current hot research topic. This repository aims to provide a curated list of research papers focusing on directed greybox fuzzing (see more directed whitebox fuzzing and miscellaneous).
[DSN'19] 1dVul: Discovering 1-day Vulnerabilities through Binary Patches [paper]
[ICPC'19] Sequence coverage directed greybox fuzzing [paper]
[CCS'19] Poster: Directed Hybrid Fuzzing on Binary Code [paper]
[ICSE'19] LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics [paper] [project]
[arxiv'19] V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing [paper]
[SANER'20] Sequence directed hybrid fuzzing [paper]
[SEC'20] FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning [paper] [project] [slides] [talk]
[arxiv'20] TOFU: Target-Oriented FUzzer [paper]
- Command-line flags: TOFU augments the input space that it explores to include command-line flags, so that users do not have to select such flags manually.
- Distance metric: the number of correct branching decisions needed to reach the target, and does not use a complicated relationship to the history of the annealing that has taken place (e.g., min-max normalized values)
- Input-structure aware: TOFU leverages knowledge of the program’s input structure in the form of a protobuf specification.