Ebookmaster - logo Ebookmaster - icon
Login Register
  • Home
  • Reports
  • IEEE DataPort : BDFuzz Source Code - 2026

Download Report IEEE DataPort : BDFuzz Source Code - 2026

SH, PKL, PY, XML by Yilin Zhou
Information
Format: SH, PKL, PY, XML Publisher: IEEE DataPort Publication Date of the Electronic Edition: 02/25/2026
?
ISBN: 10.21227/s64d-k209
Description
Fuzzing is a pivotal technique for discovering software vulnerabilities. Existing fuzzing techniques can be broadly categorized into two main paradigms: coverage-guided fuzzing and directed fuzzing. Coverage-guided fuzzing prioritizes broad code coverage but may miss vulnerabilities hidden behind complex conditional checks, while directed fuzzing can penetrate deeply into predetermined target sites but suffers from local optimization dilemma and limited adaptability. Therefore, existing approaches struggle to balance breadth-first exploration (coverage-guided fuzzing) and depth-first exploitation (directed fuzzing). To address these limitations, we propose BDFuzz, a bidirectional fuzzer that dynamically applies both fuzzing strategies using reinforcement learning. BDFuzz utilizes a hybrid instrumentation method to simultaneously support coverage-guided fuzzing engine and multi-objective directed fuzzing engine, and employs a decision engine to autonomously switch between them based on real-time fuzzing feedback, such as bitmap size or vulnerability scores of execution trace. This dynamic switching mechanism allows BDFuzz to intelligently find a balance between exploration (cover more basic blocks) and exploitation (focus on fuzzing specific code trace), thereby extending the fuzzing convergence time and fuzzing convergence upper limit of crash generation capability.We implement BDFuzz as an open-source framework and evaluate it on Magma benchmark. Experimental results demonstrate that BDFuzz outperforms SOTA fuzzers in 1-day vulnerability triggering ability. BDFuzz can increase the crash generation upper limit by an average of 45.92\% at the cost of approximately 16.48\% execution speed. BDFuzz discovered 13 previously unknown vulnerabilities in 5 real-world software projects. Our work bridges the gap between breadth and depth in fuzzing, offering a generalized solution for efficient and robust vulnerability detection.
$15 $3Discount Coupon Delivery time: Instant