View article

Fuzzing is a state-of-the-art technique for finding bugs in software, especially for large projects. Fuzzing consists of the automatic, or semi-automatic generation of program inputs in order to find unexpected behaviours in software. While there are multiple styles of fuzzers, the most widely used are greybox fuzzers. Greybox fuzzers use indirect analysis or lightweight indicators to perform semi-guided input generation, offering a balance between speed and accurate generation of inputs. One of the most used greybox fuzzers is American Fuzzy Lop (Zalewski 2016a). We based our research on previous work by Martin 2018, who showed the potential of adding machine learning techniques to guide the fuzzing process. Specifically, this work focused on using Principal Components Analysis (PCA) and resulted in a tool called PCA2FL. We aim to extend this work and implement a second version of PCA2FL in C/C++ and …