SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.
Citation: | Ling-Yun Situ, Zhi-Qiang Zuo, Le Guan, Lin-Zhang Wang, Xuan-Dong Li, Jin Shi, Peng Liu. Vulnerable Region-Aware Greybox Fuzzing[J]. Journal of Computer Science and Technology, 2021, 36(5): 1212-1228. DOI: 10.1007/s11390-021-1196-0 |
[1] |
Miller B P, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities. Communications of the ACM, 1990, 33(12):32-44. DOI: 10.1145/96267.96279.
|
[2] |
Li J, Zhao B, Zhang C. Fuzzing:A survey. Cybersecurity, 2018, 1(1):Article No. 6. DOI: 10.1186/s42400-018-0002-y.
|
[3] |
Sutton M, Greene A, Amini P. Fuzzing:Brute Force Vulnerability Discovery (1st edition). Addison-Wesley Professional, 2007.
|
[4] |
Chen C, Cui B, Ma J, Wu R, Guo J, Liu W. A systematic review of fuzzing techniques. Computers & Security, 2018, 75:118-137. DOI: 10.1016/j.cose.2018.02.002.
|
[5] |
Man`es V J M, Han H S, Han C, Cha S K, Egele M, Schwartz E J, Woo M. The art, science, and engineering of fuzzing:A survey. IEEE Trans. Software Engineering. DOI: 10.1109/TSE.2019.2946563.
|
[6] |
Devarajan G. Unraveling SCADA protocols:Using sulley fuzzer. In Proc. the DEF CON 15 Hacking Conf., August 2007.
|
[7] |
Gascon H, Wressnegger C, Yamaguchi F, Arp D, Rieck K. Pulsar:Stateful black-box fuzzing of proprietary network protocols. In Proc. the 11th International Conference on Security and Privacy in Communication Networks, October 2015, pp.330-347. DOI: 10.1007/978-3-319-28865-918.
|
[8] |
Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing. In Proc. the 31st Int. Software Engineering, May 2009, pp.474-484. DOI: 10.1109/ICSE.2009.5070546.
|
[9] |
Wang T, Wei T, Gu G, Zou W. TaintScope:A checksumaware directed fuzzing tool for automatic software vulnerability detection. In Proc. the 2010 IEEE Symposium on Security and Privacy, May 2010, pp.497-512. DOI: 10.1109/SP.2010.37.
|
[10] |
Stephens N, Grosen J, Salls C, Dutcher A, Wang R, Corbetta J, Shoshitaishvili Y, Kruegel C, Vingna G. Driller:Augmenting fuzzing through selective symbolic execution. In Proc. the 23rd Annual Network and Distributed System Security Symposium, February 2016. DOI: 10.14722/ndss.2016.23368.
|
[11] |
Godefroid P, Levin M Y, Molnar D. SAGE:Whitebox fuzzing for security testing. Communications of the ACM, 2012, 55(3):40-44. DOI: 10.1145/2093548.2093564.
|
[12] |
Situ L, Wang L, Li X, Guan L, Zhang W, Liu P. Energy distribution matters in greybox fuzzing. In Proc. the 41st Int. Software Engineering:Companion Proceedings, May 2019, pp.270-271. DOI: 10.1109/ICSE-Companion.2019.00109.
|
[13] |
B?hme M, Pham V T, Roychoudhury A. Coveragebased greybox fuzzing as Markov chain. IEEE Trans. Software Engineering, 2017, 45(5):489-506. DOI: 10.1109/TSE.2017.2785841.
|
[14] |
Pham V T, B?hme M, Santosa A E, Caciulescu A R, Roychoudhury A. Smart greybox fuzzing. IEEE Transactions on Software Engineering. DOI: 10.1109/TSE.2019.2941681.
|
[15] |
Du X, Chen B, Li Y, Guo J, Zhou Y, Liu Y, Jiang Y. Leopard:Identifying vulnerable code for vulnerability assessment through program metrics. In Proc. the 41st Int. Software Engineering, May 2019, pp.60-71. DOI: 10.1109/ICSE.2019.00024.
|
[16] |
Li Y, Su Z, Wang L, Li L. Steering symbolic execution to less traveled paths. ACM SIGPLAN Notices, 2013, 48(10):19-32. DOI: 10.1145/2544173.2509553.
|
[17] |
Wang X, Sun J, Chen Z, Zhang P, Wang J, Lin Y. Towards optimal concolic testing. In Proc. the 40th Int. Conf. Software Engineering, May 2018, pp.291-302. DOI: 10.1145/3180155.3180177.
|
[18] |
Inozemtseva L, Holmes R. Coverage is not strongly correlated with test suite effectiveness. In Proc. the 36th Int. Conf. Software Engineering, May 2014, pp.435-445. DOI: 10.1145/2568225.2568271.
|
[19] |
Petsios T, Zhao J, Keromytis A D, Jana S. SlowFuzz:Automated domain-independent detection of algorithmic complexity vulnerabilities. In Proc. the 2017 ACM SIGSAC Conference on Computer and Communications Security, October 2017, pp.2155-2168. DOI: 10.1145/3133956.3134073.
|
[20] |
Lemieux C, Sen K. FairFuzz:A targeted mutation strategy for increasing greybox fuzz testing coverage. In Proc. the 33rd ACM/IEEE Int. Automated Software Engineering, September 2018, pp.475-485. DOI: 10.1145/3238147.3238176.
|
[21] |
B?hme M, Pham V T, Nguyen M D, Roychoudhury A. Directed greybox fuzzing. In Proc. the 2017 ACM SIGSAC Conference on Computer and Communications Security, October 2017, pp.2329-2344. DOI: 10.1145/3133956.3134020.
|
[22] |
Gan S, Zhang C, Qin X, Tu X, Li K, Pei Z, Chen Z. CollAFL:Path sensitive fuzzing. In Proc. the 2018 IEEE Symposium on Security and Privacy, May 2018, pp.679-696. DOI: 10.1109/SP.2018.00040.
|
[23] |
Chen P, Chen H. Angora:Efficient fuzzing by principled search. In Proc. the 2018 IEEE Symposium on Security and Privacy, May 2018, pp.711-725. DOI: 10.1109/SP.2018.00046.
|
[24] |
Dolan-Gavitt B, Hulin P, Kirda E, Lee T, Mambretti A, Robertson W, Ulrich F, Whelan R. LAVA:Large-scale automated vulnerability addition. In Proc. the 2016 IEEE Symposium on Security and Privacy, May 2016, pp.110-121. DOI: 10.1109/SP.2016.15.
|
[25] |
Woo M, Cha S K, Gottlieb S, Brumley D. Scheduling blackbox mutational fuzzing. In Proc. the 2013 ACM SIGSAC Conference on Computer & Communications Security, November 2013, pp.511-522. DOI: 10.1145/2508859.2516736.
|
[26] |
B?hme M. STADS:Software testing as species discovery. ACM Transactions on Software Engineering and Methodology, 2018, 27(2):Article No. 7. DOI: 10.1145/3210309.
|
[27] |
Situ L Y, Wang L Z, Liu Y, Mao B, Li X. Automatic detection and repair recommendation for missing checks. Journal of Computer Science and Technology, 2019, 34(5):972-992. DOI: 10.1007/s11390-019-1955-3.
|
[28] |
Rawat S, Jain V, Kumar A, Cojocar L, Giuffrida C, Bos H. VUzzer:Application-aware evolutionary fuzzing. In Proc. the 24th Annual Network and Distributed System Security Symposium, February 26-March 1, 2017. DOI: 10.14722/ndss.2017.23404.
|
[29] |
Klees G, Ruef A, Cooper B, Wei S, Hichk M. Evaluating fuzz testing. In Proc. the 2018 ACM SIGSAC Conference on Computer and Communications Security, October 2018, pp.2123-2138. DOI: 10.1145/3243734.3243804.
|
[30] |
Wang Y, Jia X, Liu Y, Zeng K, Bao T, Wu D, Su P. Not all coverage measurements are equal:Fuzzing by coverage accounting for input prioritization. In Proc. the 27th Annual Network and Distributed System Security Symposium, February 2020. DOI: 10.14722/ndss.2020.24422.
|
[31] |
Chen H, Xue Y, Li Y, Chen B, Xie X, Wu X, Liu Y. Hawkeye:Towards a desired directed grey-box fuzzer. In Proc. the 2018 ACM SIGSAC Conference on Computer and Communications Security, October 2018, pp.2095-2108. DOI: 10.1145/3243734.3243849.
|
[32] |
Vargha A, Delaney H D. A critique and improvement of the CL common language effect size statistics of McGraw and Wong. Journal of Educational and Behavioral Statistics, 2000, 25(2):101-132. DOI: 10.3102/10769986025002101.
|
[33] |
Arcuri A, Briand L. A hitchhiker's guide to statistical tests for assessing randomized algorithms in software engineering. Software Testing, Verification and Reliability, 2014, 24(3):219-250. DOI: 10.1002/stvr.1486.
|
[34] |
Li Y, Chen B, Chandramohan M, Lin S W, Liu Y, Tiu A. Steelix:Program-state based binary fuzzing. In Proc. the 11th Joint Meeting on Foundations of Software Engineering, August 2017, pp.627-637. DOI: 10.1145/3106237.3106295.
|
[35] |
Serebryany K, Bruening D, Potapenko A, Vyukov D. AddressSanitizer:A fast address sanity checker. In Proc. the 2012 USENIX Annual Technical Conference, June 2012, pp.309-318.
|
[36] |
Stepanov E, Serebryany K. MemorySanitizer:Fast detector of uninitialized memory use in C++. In Proc. the 13th Annual IEEE/ACM International Symposium on Code Generation and Optimization, February 2015, pp.46-55. DOI: 10.1109/CGO.2015.7054186.
|
[37] |
Serebryany K, Iskhodzhanov T. ThreadSanitizer:Data race detection in practice. In Proc. the Workshop on Binary Instrumentation and Applications, December 2009, pp.62-71. DOI: 10.1145/1791194.1791203.
|
[38] |
Li Y, Xue Y, Chen H, Wu, X, Zhang C, Xie X, Wang H, Liu Y. Cerebro:Context-aware adaptive fuzzing for effective vulnerability detection. In Proc. the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, August 2019, pp.533-544. DOI: 10.1145/3338906.3338975.
|
[1] | Chen-Xi Wang, Yi-Zhou Shan, Peng-Fei Zuo, Hui-Min Cui. Reinvent Cloud Software Stacks for Resource Disaggregation[J]. Journal of Computer Science and Technology, 2023, 38(5): 949-969. DOI: 10.1007/s11390-023-3272-0 |
[2] | Sa Wang, Yan-Hai Zhu, Shan-Pei Chen, Tian-Ze Wu, Wen-Jie Li, Xu-Sheng Zhan, Hai-Yang Ding, Wei-Song Shi, Yun-Gang Bao. A Case for Adaptive Resource Management in Alibaba Datacenter Using Neural Networks[J]. Journal of Computer Science and Technology, 2020, 35(1): 209-220. DOI: 10.1007/s11390-020-9732-x |
[3] | Ze-Wei Chen, Hang Lei, Mao-Lin Yang, Yong Liao, Jia-Li Yu. Improved Task and Resource Partitioning Under the Resource-Oriented Partitioned Scheduling[J]. Journal of Computer Science and Technology, 2019, 34(4): 839-853. DOI: 10.1007/s11390-019-1945-5 |
[4] | Sheng Zhang, Zhu-Zhong Qian, Jie Wu, Sang-Lu Lu. Service-Oriented Resource Allocation in Clouds: Pursuing Flexibility and Efficiency[J]. Journal of Computer Science and Technology, 2015, 30(2): 421-436. DOI: 10.1007/s11390-015-1533-2 |
[5] | Jie-Fan Qiu, Dong Li, Hai-Long Shi, Chen-Da Hou, Li Cui. EasiSMP:A Resource-Oriented Programming Framework Supporting Runtime Propagation of RESTful Resources[J]. Journal of Computer Science and Technology, 2014, 29(2): 194-204. DOI: 10.1007/s11390-014-1422-0 |
[6] | Hao-Ran Xie, Qing Li, Yi Cai. Community-Aware Resource Profiling for Personalized Search in Folksonomy[J]. Journal of Computer Science and Technology, 2012, 27(3): 599-610. DOI: 10.1007/s11390-012-1247-7 |
[7] | Donggeon Noh, Heonshik Shin. URECA: Efficient Resource Location Middleware for Ubiquitous Environment[J]. Journal of Computer Science and Technology, 2008, 23(6): 929-943. |
[8] | Yi-Ci Cai, Bin Liu, Yan Xiong, Qiang Zhou, Xian-Long Hong. Priority-Based Routing Resource Assignment Considering Crosstalk[J]. Journal of Computer Science and Technology, 2006, 21(6): 913-921. |
[9] | HONG Jinwei, CHEN Guoliang, ZHANG Zhaoqing. Supporting Flexible Data Distribution in Software DSMs[J]. Journal of Computer Science and Technology, 2000, 15(5): 445-452. |
[10] | Wang Jian, Christine Eisenbeis, Su Bogong. Using Timed Petri Net to Model Instruction-Level Loop Scheduling with Resource Constraints[J]. Journal of Computer Science and Technology, 1994, 9(2): 128-143. |
1. | Pritpal Singh, T.W. Liao. Multi-criteria group decision-making using ambiguous sets, Weibull distribution, and aggregation operators: A case study in optimal vendor selection for office supplies. Systems and Soft Computing, 2025, 7: 200283. DOI:10.1016/j.sasc.2025.200283 |
2. | N. N. Samarin, A. V. Tulinova. Intelligent Method for Mutation of Input Cases with Feedback. Proceedings of Telecommunication Universities, 2024, 10(4): 142. DOI:10.31854/1813-324X-2024-10-4-142-148 |
3. | Xiaoqi Zhao, Haipeng Qu, Jiaohong Yi, et al. A Fuzzer for Detecting Use-After-Free Vulnerabilities. Mathematics, 2024, 12(21): 3431. DOI:10.3390/math12213431 |
4. | Xiaoqi Zhao, Haipeng Qu, Jianliang Xu, et al. A systematic review of fuzzing. Soft Computing, 2024, 28(6): 5493. DOI:10.1007/s00500-023-09306-2 |
5. | Deepak Narayan Gadde, Aman Kumar, Djones Lettnin, et al. FuzzWiz - Fuzzing Framework for Efficient Hardware Coverage. 2024 International Symposium on Electronics and Telecommunications (ISETC), DOI:10.1109/ISETC63109.2024.10797245 |
6. | Hua Dai, Yifeng Wang, Changhua Sun. Directed Greybox Fuzzing Method for Power System Terminal Firmware Based on Vulnerability Prediction. Proceedings of the 2024 8th International Conference on Electronic Information Technology and Computer Engineering, DOI:10.1145/3711129.3711353 |