{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T04:06:44Z","timestamp":1748664404822,"version":"3.41.0"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319226880"},{"type":"electronic","value":"9783319226897"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-22689-7_35","type":"book-chapter","created":{"date-parts":[[2015,8,31]],"date-time":"2015-08-31T08:25:49Z","timestamp":1441009549000},"page":"453-468","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Hermes: A Targeted Fuzz Testing Framework"],"prefix":"10.1007","author":[{"given":"Caleb","family":"Shortt","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jens","family":"Weber","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,9,1]]},"reference":[{"key":"35_CR1","doi-asserted-by":"crossref","unstructured":"Lipner, S.: The trustworthy computing security development lifecycle. In: 20th IEEE Computer Security Applications Conference, pp. 2\u201313. IEEE (2004)","DOI":"10.1109\/CSAC.2004.41"},{"key":"35_CR2","doi-asserted-by":"crossref","unstructured":"Agudo, I., Vivas, J., Lopez, J.: Security assurance during the software development cycle. In: International Conference on Computer Systems and Technologies and Workshop for PhD Students in Computing, p. 20. ACM (2009)","DOI":"10.1145\/1731740.1731763"},{"key":"35_CR3","unstructured":"Kelly, T., Weaver, R.: The goal structuring notation-a safety argument notation. In: Dependable Systems and Networks 2004 Workshop on Assurance Cases. Citeseer (2004)"},{"key":"35_CR4","unstructured":"Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: NDSS, vol. 8 (2008)"},{"key":"35_CR5","doi-asserted-by":"crossref","unstructured":"Takanen, A., Demott, J., Miller, C.: Fuzzing for software security testing and quality assurance. Artech House (2008)","DOI":"10.1016\/S1353-4858(08)70095-3"},{"key":"35_CR6","unstructured":"Sutton, M., Greene, A., Amini, P.: Fuzzing: brute force vulnerability discovery. Addison-Wesley Professional (2007)"},{"issue":"12","key":"35_CR7","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/96267.96279","volume":"33","author":"BP Miller","year":"1990","unstructured":"Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32\u201344 (1990)","journal-title":"Commun. ACM"},{"key":"35_CR8","unstructured":"DeMott, J.: The evolving art of fuzzing. Technical report, DEF CON, vol. 14 (2006)"},{"key":"35_CR9","unstructured":"Marshall, A., Howard, M., Bugher, G., et al.: Security best practices for developing windows azure applications. Technical report, Microsoft Corporation (2010)"},{"key":"35_CR10","unstructured":"Howard, M., Lipner, S.: The security development lifecycle, vol. 11. Microsoft Press (2009)"},{"key":"35_CR11","doi-asserted-by":"crossref","unstructured":"Goertzel, K.M., Winograd, T., McKinley, H.L., et al.: Software security assurance: a State-of-Art Report (SAR). DTIC Document (2007)","DOI":"10.21236\/ADA472363"},{"key":"35_CR12","doi-asserted-by":"crossref","unstructured":"Wang, T., Wei, T., Gu, G., Zou, W.: TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: IEEE Symposium on Security and Privacy (SP), pp. 497\u2013512. IEEE (2010)","DOI":"10.1109\/SP.2010.37"},{"issue":"6","key":"35_CR13","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1145\/1064978.1065036","volume":"40","author":"P Godefroid","year":"2005","unstructured":"Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. ACM Sigplan Not. 40(6), 213\u2013223 (2005)","journal-title":"ACM Sigplan Not."},{"key":"35_CR14","first-page":"209","volume":"8","author":"C Cadar","year":"2008","unstructured":"Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. OSDI 8, 209\u2013224 (2008)","journal-title":"OSDI"},{"key":"35_CR15","doi-asserted-by":"crossref","unstructured":"Ganesh, V., Leek, T., Rinard, M.: Taint-based directed whitebox fuzzing. In: IEEE 31st International Conference on Software Engineering, pp. 474\u2013484. IEEE (2009)","DOI":"10.1109\/ICSE.2009.5070546"},{"key":"35_CR16","unstructured":"Wu, Z., Atwood, J.W., Zhu, X.: A new fuzzing technique for software vulnerability mining. In: IEEE CONSEG, vol. 9. IEEE (2009)"},{"key":"35_CR17","unstructured":"Jain, L.C., Karr, C.L.: Introduction to evolutionary computing techniques. In: Electronic Technology Directions, pp. 122\u2013127 (1995)"},{"key":"35_CR18","unstructured":"Holland, J.H.: Adaptation in natural and artificial systems: an introductory analysis with applications to biology, control, and artificial intelligence. U. Michigan Press (1975)"},{"key":"35_CR19","unstructured":"Belew, R.K., McInerney, J., Schraudolph, N.N.: Evolving networks: using the genetic algorithm with connectionist learning. Citeseer (1990)"},{"issue":"2","key":"35_CR20","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/BF00175354","volume":"4","author":"D Whitley","year":"1994","unstructured":"Whitley, D.: A genetic algorithm tutorial. Stat. Comput. 4(2), 65\u201385 (1994)","journal-title":"Stat. Comput."},{"key":"35_CR21","volume-title":"Introduction to Evolutionary Computing","author":"AE Eiben","year":"2010","unstructured":"Eiben, A.E., Smith, J.E.: Introduction to Evolutionary Computing. Springer, Berlin (2010)"},{"issue":"6","key":"35_CR22","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSP.2004.111","volume":"2","author":"B Chess","year":"2004","unstructured":"Chess, B., McGraw, G.: Static analysis for security. Secur. Priv. 2(6), 76\u201379 (2004). IEEE","journal-title":"Secur. Priv."},{"issue":"5","key":"35_CR23","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MS.2008.130","volume":"25","author":"N Ayewah","year":"2008","unstructured":"Ayewah, N., Hovemeyer, D., Morgenthaler, J.D., et al.: Using static analysis to find bugs. Software 25(5), 22\u201329 (2008). IEEE","journal-title":"Software"},{"key":"35_CR24","doi-asserted-by":"crossref","unstructured":"Nagappan, N., Ball, T.: Static analysis tools as early indicators of pre-release defect density. In: ACM 27th International Conference on Software Engineering, pp. 580\u2013586. ACM (2005)","DOI":"10.1145\/1062455.1062558"},{"issue":"6","key":"35_CR25","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1145\/1041685.1029911","volume":"29","author":"M Zitser","year":"2004","unstructured":"Zitser, M., Lippmann, R., Leek, T.: Testing static analysis tools using exploitable buffer overflows from open source code. ACM SIGSOFT Softw. Eng. Not. 29(6), 97\u2013106 (2004). ACM","journal-title":"ACM SIGSOFT Softw. Eng. Not."},{"key":"35_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"216","DOI":"10.1007\/3-540-48166-4_14","volume-title":"Software Engineering - ESEC\/FSE \u201999","author":"T Ball","year":"1999","unstructured":"Ball, T.: The concept of dynamic analysis. In: Wang, J., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, pp. 216\u2013234. Springer, Heidelberg (1999)"},{"key":"35_CR27","unstructured":"Mock, M.: Dynamic analysis from the bottom up. In: WODA 2003 ICSE Workshop on Dynamic Analysis, p. 13 (2003)"},{"key":"35_CR28","unstructured":"Ernst, M.D.: Static and dynamic analysis: synergy and duality. In: WODA 2003: ICSE Workshop on Dynamic Analysis, pp. 24\u201327 (2003)"},{"key":"35_CR29","unstructured":"Clarke, T.: Fuzzing for software vulnerability discovery. Department of Mathematic, Royal Holloway, University of London. Technical report. RHUL-MA-2009-4 (2009)"},{"issue":"5","key":"35_CR30","doi-asserted-by":"publisher","first-page":"589","DOI":"10.1093\/comjnl\/bxm021","volume":"52","author":"Q Yang","year":"2005","unstructured":"Yang, Q., Li, J.J., Weiss, D.M.: A survey of coverage-based testing tools. Comput. J. 52(5), 589\u2013597 (2005)","journal-title":"Comput. J."},{"key":"35_CR31","unstructured":"Crawler4j - Open Source Web Crawler for Java. https:\/\/github.com\/yasserg\/crawler4j"},{"issue":"2","key":"35_CR32","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/MSP.2005.55","volume":"3","author":"P Oehlert","year":"2005","unstructured":"Oehlert, P.: Violating assumptions with fuzzing. IEEE Secur. Priv. 3(2), 58\u201362 (2005)","journal-title":"IEEE Secur. Priv."},{"key":"35_CR33","unstructured":"Clarke, T., Crampton, J.: Fuzzing or how to help computers cope with the unexpected. Technical report, Royal Holloway University of London (2009)"},{"key":"35_CR34","unstructured":"Aitel, D.: The advantages of block-based protocol analysis for security testing. Technical report, Immunity Inc. (2002)"},{"key":"35_CR35","unstructured":"Juranic, L.: Using fuzzing to detect security vulnerabilities. Technical report, Infigo Information Security (2006)"},{"key":"35_CR36","doi-asserted-by":"crossref","unstructured":"Goodman, E.D.: Introduction to genetic algorithms. In: GECCO Conference Companion on Genetic and Evolutionary Computation, pp. 3205\u20133224. GECCO (2007)","DOI":"10.1145\/1274000.1274111"},{"key":"35_CR37","doi-asserted-by":"crossref","unstructured":"Goldberg, D.E., Deb, K.: A comparative analysis of selection schemes used in genetic algorithms. In: Foundations of Genetic Algorithms, pp. 69\u201393 (1991)","DOI":"10.1016\/B978-0-08-050684-5.50008-2"},{"key":"35_CR38","volume-title":"Genetic Algorithms and Engineering Optimization","author":"M Gen","year":"2000","unstructured":"Gen, M., Cheng, R.: Genetic Algorithms and Engineering Optimization. Wiley, New York (2000)"},{"issue":"3","key":"35_CR39","first-page":"1","volume":"2","author":"K Deep","year":"2011","unstructured":"Deep, K., Mebrahtu, H.: Combined mutation operators of genetic algorithm for the travelling salesman problem. Int. J. Comb. Opt. Prob. Inf. 2(3), 1\u201323 (2011)","journal-title":"Int. J. Comb. Opt. Prob. Inf."},{"key":"35_CR40","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1109\/2.294849","volume":"27","author":"M Srinivas","year":"1994","unstructured":"Srinivas, M., Patnaik, L.M.: Genetic algorithms: a survey. IEEE Comput. 27, 17\u201326 (1994). IEEE","journal-title":"IEEE Comput."},{"issue":"4","key":"35_CR41","doi-asserted-by":"publisher","first-page":"656","DOI":"10.1109\/21.286385","volume":"24","author":"M Srinivas","year":"1994","unstructured":"Srinivas, M., Patnaik, L.M.: Adaptive probabilities of crossover and mutation in genetic algorithms. IEEE Trans. Syst. Man Cybern. 24(4), 656\u2013667 (1994). IEEE","journal-title":"IEEE Trans. Syst. Man Cybern."},{"issue":"1","key":"35_CR42","first-page":"2171","volume":"13","author":"F Fortin","year":"2012","unstructured":"Fortin, F., De Rainville, F., et al.: DEAP: evolutionary algorithms made easy. J. Mach. Learn. Res. 13(1), 2171\u20132175 (2012)","journal-title":"J. Mach. Learn. Res."},{"key":"35_CR43","unstructured":"Sulley: A Pure Python Fully-Automated and Unattended Fuzzing Framework. https:\/\/github.com\/OpenRCE\/sulley"},{"key":"35_CR44","unstructured":"Emma, A Free Java Code Coverage Tool. http:\/\/emma.sourceforge.net\/"},{"key":"35_CR45","unstructured":"FindBugs - Find Bugs in Java Programs. http:\/\/findbugs.sourceforge.net\/"},{"key":"35_CR46","unstructured":"Marovic, B., Wrzos, M., Lewandowski, M., et al.: GN3 quality assurance best practice guide 4.0. Technical report (2012)"},{"key":"35_CR47","doi-asserted-by":"crossref","unstructured":"Guang-Hong, L., Gang, W., Tao, Z., et al.: Vulnerability analysis for x86 executables using genetic algorithm and fuzzing. In: Third International Conference on Convergence and Hybrid Information Technology, IEEE ICCIT 2008, vol. 2, pp. 491\u2013497 (2008)","DOI":"10.1109\/ICCIT.2008.9"},{"key":"35_CR48","unstructured":"Iozzo, V.: 0-knowledge fuzzing. Technical report, Black Hat DC (2010)"}],"container-title":["Communications in Computer and Information Science","Intelligent Software Methodologies, Tools and Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-22689-7_35","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,30]],"date-time":"2025-05-30T09:23:45Z","timestamp":1748597025000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-22689-7_35"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319226880","9783319226897"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-22689-7_35","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"1 September 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}