IDFuzz: Intelligent Directed Grey-box Fuzzing
Yiyang Chen
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Software Security 3: Fuzzing
This talk introduces **IDFuzz**, an innovative approach to **intelligent directed grey-box fuzzing**. Presented by Yiyang Chen, a PhD student from Chinua University, the work addresses a significant inefficiency in traditional directed fuzzing methods: the blind and often random nature of input mutation. Directed fuzzing is a critical technique used to test specific target code segments within larger programs, with applications ranging from crash reproduction and candidate vulnerability confirmation to comprehensive patch testing. The primary goal is to reach these target code paths as quickly and efficiently as possible.
AI review
Solid academic fuzzing research with a genuine technical contribution: gradient-guided mutation selection for directed grey-box fuzzing, backed by concrete benchmark results and real CVEs. The neural network integration is non-trivial and the three enabling techniques (branch encoding, adaptive dataset generation, gradient filtering) are well-motivated. Not a paradigm shift, but this is honest, careful work that advances the state of the art.