US 12,462,037 B2
Directed fuzzing for vulnerability detection
Tom Ganz, Karlsruhe (DE); Martin Haerterich, Wiesloch (DE); and Philipp Rall, Darmstadt (DE)
Assigned to SAP SE, Walldorf (DE)
Filed by SAP SE, Walldorf (DE)
Filed on Dec. 12, 2022, as Appl. No. 18/079,611.
Claims priority of provisional application 63/419,079, filed on Oct. 25, 2022.
Prior Publication US 2024/0184891 A1, Jun. 6, 2024
Int. Cl. G06F 21/57 (2013.01); G06F 11/3698 (2025.01); G06F 21/56 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 11/3698 (2025.01); G06F 21/563 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a memory that stores instructions; and
one or more processors configured by the instructions to perform operations comprising:
generating, using a machine-learning model, a probability of a vulnerability existing in source code;
identifying, using one or more explanation methods, one or more locations in the source code that may cause the vulnerability;
based on the probability of the vulnerability existing, using random fuzzing, providing input to the source code to empirically measure whether the vulnerability exists in the source code, wherein the providing of the input to the source code comprises running the source code in a debugger with breakpoints set at the one or more locations; and
training the machine-learning model based on the source code and the empirical measurement.