{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T10:26:18Z","timestamp":1776680778154,"version":"3.51.2"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031514753","type":"print"},{"value":"9783031514760","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51476-0_23","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:02:29Z","timestamp":1704870149000},"page":"467-486","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Intelligent Zigbee Protocol Fuzzing via\u00a0Constraint-Field Dependency Inference"],"prefix":"10.1007","author":[{"given":"Mengfei","family":"Ren","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haotian","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaolei","family":"Ren","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiang","family":"Ming","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Lei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"23_CR1","unstructured":"Allied Market Research. IoT Device Market Expected to Reach \\$413.7 Billion By 2031 (2022). https:\/\/www.globenewswire.com\/news-release\/2022\/08\/08\/2493893\/0\/en\/IoT-Device-Market-Expected-to-Reach-413-7-Billion-By-2031-Allied-Market-Research.html"},{"key":"23_CR2","unstructured":"The Connectivity Standards Alliance. Zigbee: The Full-Stack Solution for All Smart Devices (2015). https:\/\/csa-iot.org\/all-solutions\/zigbee\/"},{"key":"23_CR3","unstructured":"BusinessWire. Analysts Confirm Half a Billion Zigbee Chipsets Sold, Igniting IoT Innovation; Figures to Reach 3.8 Billion by 2023 (2018). https:\/\/www.businesswire.com\/news\/home\/20180807005170\/en\/Analysts-Confirm-Half-a-Billion-Zigbee-Chipsets-Sold-Igniting-IoT-Innovation-Figures-to-Reach-3.8-Billion-by-2023"},{"key":"23_CR4","doi-asserted-by":"crossref","unstructured":"Ronen, E., O\u2019Flynn, C., Shamir, A., Weingarten, A.O.: IoT goes nuclear: creating a ZigBee chain reaction. In: Proceedings of the 38th IEEE Symposium on Security and Privacy (S &P 2017), Piscataway, NY, USA, pp. 195\u2013212. IEEE (2017)","DOI":"10.1109\/SP.2017.14"},{"key":"23_CR5","doi-asserted-by":"crossref","unstructured":"Morgner, P., Mattejat, S., Benenson, Z., M\u00fcller, C., Armknecht, F.: Insecure to the touch: attacking ZigBee 3.0 via touchlink commissioning. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), New York, NY, USA, pp. 230\u2013240. Association for Computing Machinery (2017)","DOI":"10.1145\/3098243.3098254"},{"key":"23_CR6","doi-asserted-by":"crossref","unstructured":"Wang, J., Li, Z., Sun, M., Lui, J.C.S.: Zigbee\u2019s network rejoin procedure for IoT systems: vulnerabilities and implications. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022), New York, NY, USA. Association for Computing Machinery (2022)","DOI":"10.1145\/3545948.3545953"},{"key":"23_CR7","unstructured":"Common Vulnerabilities and Exposures. Zigbee CVE Records (2022). https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=zigbee"},{"key":"23_CR8","doi-asserted-by":"crossref","unstructured":"Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Proceedings of the 23rd Network and Distributed Systems Security Symposium (NDSS 2016), San Diego, CA, USA, pp. 1\u201316 (2016)","DOI":"10.14722\/ndss.2016.23368"},{"key":"23_CR9","doi-asserted-by":"crossref","unstructured":"Cho, M., Kim, S., Kwon, T.: Intriguer: field-level constraint solving for hybrid fuzzing. In: Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), New York, NY, USA, pp. 515\u2013530. Association for Computing Machinery (2019)","DOI":"10.1145\/3319535.3354249"},{"key":"23_CR10","doi-asserted-by":"crossref","unstructured":"Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: Proceedings of the 24th Network and Distributed Systems Security Symposium (NDSS 2017), San Diego, CA, USA, vol. 17, pp. 1\u201314. Network and Distributed Systems Security Symposium (2017)","DOI":"10.14722\/ndss.2017.23404"},{"key":"23_CR11","unstructured":"Gan, S., et al.: GREYONE: data flow sensitive fuzzing. In: Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020), Berkeley, CA, USA, pp. 2577\u20132594. USENIX Association (2020)"},{"key":"23_CR12","doi-asserted-by":"crossref","unstructured":"Chen, P., Chen, H.: Angora: efficient fuzzing by principled search. In: Proceedings of the 39th IEEE Symposium on Security and Privacy (S &P 2018), Piscataway, NJ, USA, pp. 711\u2013725. IEEE (2018)","DOI":"10.1109\/SP.2018.00046"},{"key":"23_CR13","doi-asserted-by":"crossref","unstructured":"Liang, J., et al.: PATA: fuzzing with path aware taint analysis. In: Proceedings of the 43rd IEEE Symposium on Security and Privacy (S &P 2022), Piscataway, NJ, USA, pp. 154\u2013170. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833594"},{"key":"23_CR14","doi-asserted-by":"crossref","unstructured":"Aschermann, C., Schumilo, S., Blazytko, T., Gawlik, R., Holz, T.: REDQUEEN: fuzzing with input-to-state correspondence. In: Proceedings of the 26th Network and Distributed Systems Security Symposium (NDSS 2019), San Diego, CA, USA, vol. 19, pp. 1\u201315. Network and Distributed Systems Security Symposium (2019)","DOI":"10.14722\/ndss.2019.23371"},{"key":"23_CR15","unstructured":"Texas Instruments. A fully compliant ZigBee 3.x solution: Z-Stack (2018). http:\/\/www.ti.com\/tool\/Z-STACK"},{"key":"23_CR16","doi-asserted-by":"crossref","unstructured":"Ren, M., Ren, X., Feng, H., Ming, J., Lei, Y.: Z-fuzzer: device-agnostic fuzzing of zigbee protocol implementation. In: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021), New York, NY, USA, pp. 347\u2013358. Association for Computing Machinery (2021)","DOI":"10.1145\/3448300.3468296"},{"key":"23_CR17","volume-title":"Zigbee Wireless Networking","author":"D Gislason","year":"2008","unstructured":"Gislason, D.: Zigbee Wireless Networking, 1st edn. Newnes, London (2008)","edition":"1"},{"key":"23_CR18","unstructured":"Clements, A.A., et al.: HALucinator: firmware re-hosting through abstraction layer emulation. In: Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020), Berkeley, CA, USA, pp. 1201\u20131218. USENIX Association (2020)"},{"key":"23_CR19","unstructured":"IAR System. IAR Embedded Workbench. https:\/\/www.iar.com\/products\/architectures\/arm\/iar-embedded-workbench-for-arm\/"},{"key":"23_CR20","unstructured":"Peach Tech. Peach Fuzzer: Discover unknown vulnerabilities. https:\/\/www.peach.tech\/"},{"key":"23_CR21","unstructured":"Pereyda, J.: Boofuzz: Network Protocol Fuzzing for Humans (2020). https:\/\/boofuzz.readthedocs.io\/en\/latest\/"},{"key":"23_CR22","unstructured":"Zigbee Alliance. Zigbee Specification. https:\/\/zigbeealliance.org\/wp-content\/uploads\/2019\/11\/docs-05-3474-21-0csg-zigbee-specification.pdf. Accessed 5 Aug 2015"},{"key":"23_CR23","unstructured":"BusinessWire. ZigBee Alliance Accelerates IoT Unification with 20 ZigBee 3.0 Platform Certifications From Eight Silicon Providers (2016). https:\/\/www.businesswire.com\/news\/home\/20161206005020\/en\/ZigBee-Alliance-Accelerates-IoT-Unification-with-20-ZigBee-3.0-Platform-Certifications-From-Eight-Silicon-Providers"},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Mikulskis, J., Becker, J.K., Gvozdenovic, S., Starobinski, D.: Snout - an extensible IoT pen-testing tool. In: Poster presented at: the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019) (2019)","DOI":"10.1145\/3319535.3363248"},{"key":"23_CR25","unstructured":"Morgner, P., Mattejat, S., Benenson, Z.: All your bulbs are belong to us: investigating the Current State of Security in Connected Lighting Systems. CoRR arxiv:1608.03732 (2016)"},{"key":"23_CR26","unstructured":"Beyond Security. Dynamic, Black Box Testing on the ZigBee (2021). https:\/\/beyondsecurity.com\/dynamic-fuzzing-testing-zigbee.html?cn-reloaded=1"},{"key":"23_CR27","doi-asserted-by":"crossref","unstructured":"Akestoridis, D.G., Harishankar, M., Weber, M., Tague, P.: Zigator: analyzing the security of zigbee-enabled smart homes. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2020), New York, NY, USA, pp. 77\u201388. Association for Computing Machinery (2020)","DOI":"10.1145\/3395351.3399363"},{"key":"23_CR28","unstructured":"IoTcube. Blackbox-testing zfuzz (2021). https:\/\/iotcube.net\/userguide\/manual\/zfuzz"},{"key":"23_CR29","unstructured":"Zalewski, M.: American fuzzy lop (2015). http:\/\/lcamtuf.coredump.cx\/afl"},{"issue":"1","key":"23_CR30","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/762891","volume":"10","author":"B Cui","year":"2014","unstructured":"Cui, B., Liang, S., Chen, S., Zhao, B., Liang, X.: A novel fuzzing method for zigbee based on finite state machine. Int. J. Distrib. Sens. Netw. 10(1), 762891 (2014)","journal-title":"Int. J. Distrib. Sens. Netw."},{"issue":"3\u20134","key":"23_CR31","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1504\/IJAHUC.2016.079267","volume":"23","author":"B Cui","year":"2016","unstructured":"Cui, B., Wang, Z., Zhao, B., Liang, X.: CG-fuzzing: a comprehensive fuzzy algorithm for zigbee. Int. J. Ad Hoc Ubiquitous Comput. 23(3\u20134), 203\u2013215 (2016)","journal-title":"Int. J. Ad Hoc Ubiquitous Comput."},{"key":"23_CR32","unstructured":"Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: $${QSYM}$$: a practical concolic execution engine tailored for hybrid fuzzing. In: Proceedings of the 27th USENIX Security Symposium (USENIX Security 2018), Berkeley, CA, USA, pp. 745\u2013761. USENIX Association (2018)"},{"key":"23_CR33","doi-asserted-by":"crossref","unstructured":"Chen, P., Liu, J., Chen, H.: Matryoshka: fuzzing deeply nested branches. In: Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), New York, NY, USA, pp. 499\u2013513. Association for Computing Machinery (2019)","DOI":"10.1145\/3319535.3363225"},{"key":"23_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, K., Xiao, X., Zhu, X., Sun, R., Xue, M., Wen, S.: Path transitions tell more: optimizing fuzzing schedules via runtime program states. In: Proceedings of the 44th International Conference on Software Engineering (ICSE 2022) (2022)","DOI":"10.1145\/3510003.3510063"},{"key":"23_CR35","unstructured":"Boofuzz. Boofuzz Protocol Definition (2020). https:\/\/boofuzz.readthedocs.io\/en\/stable\/user\/protocol-definition.html"},{"issue":"3","key":"23_CR36","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1007\/s00165-014-0326-7","volume":"27","author":"F Kirchner","year":"2015","unstructured":"Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Aspects Comput. 27(3), 573\u2013609 (2015)","journal-title":"Formal Aspects Comput."},{"key":"23_CR37","unstructured":"IAR Systems. C-SPY Debugging Guide for Amr cores (2015). https:\/\/wwwfiles.iar.com\/arm\/webic\/doc\/EWARM_DebuggingGuide.ENU.pdf"},{"key":"23_CR38","unstructured":"Devarajan, G.: Unraveling SCADA protocols: using sulley fuzzer. In: Defon 15 Hacking Conference (2007)"},{"key":"23_CR39","doi-asserted-by":"crossref","unstructured":"Luo, Z., Zuo, F., Shen, Y., Jiao, X., Chang, W., Jiang, Y.: ICS protocol fuzzing: coverage guided packet crack and generation. In: The 57th ACM\/IEEE Design Automation Conference (DAC 2020), New York, NY, USA, pp. 1\u20136. ACM\/IEEE (2020)","DOI":"10.1109\/DAC18072.2020.9218603"},{"key":"23_CR40","doi-asserted-by":"crossref","unstructured":"Yu, B., Wang, P., Yue, T., Tang, Y.: Poster: fuzzing IoT firmware via multi-stage message generation. In: Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), CCS 2019, New York, NY, USA, pp. 2525\u20132527. Association for Computing Machinery (2019)","DOI":"10.1145\/3319535.3363247"},{"key":"23_CR41","doi-asserted-by":"crossref","unstructured":"Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based Iot deployments. In: Proceedings of the 40th IEEE Symposium on Security and Privacy (S &P 2019), Piscataway, NJ, USA, pp. 1362\u20131380. IEEE (2019)","DOI":"10.1109\/SP.2019.00013"},{"key":"23_CR42","unstructured":"Zigbee Alliance. Zigbee Cluster Library Specification. https:\/\/zigbeealliance.org\/wp-content\/uploads\/2019\/12\/07-5123-06-zigbee-cluster-library-specification.pdf. Accessed 14 Jan 2016"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51476-0_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:07:47Z","timestamp":1704870467000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51476-0_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514753","9783031514760"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51476-0_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}