{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:40:03Z","timestamp":1750502403518,"version":"3.41.0"},"reference-count":24,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,5,21]],"date-time":"2025-05-21T00:00:00Z","timestamp":1747785600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,5,21]],"date-time":"2025-05-21T00:00:00Z","timestamp":1747785600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372096"],"award-info":[{"award-number":["62372096"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01042-y","type":"journal-article","created":{"date-parts":[[2025,5,21]],"date-time":"2025-05-21T19:45:25Z","timestamp":1747856725000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A conflict-aware active BLE state machine learning and state coverage-guided gray-box fuzz testing method"],"prefix":"10.1007","volume":"24","author":[{"given":"Long","family":"Yin","sequence":"first","affiliation":[]},{"given":"Jian","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Heqiu","family":"Chai","sequence":"additional","affiliation":[]},{"given":"Zhongsheng","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Chunyu","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,21]]},"reference":[{"key":"1042_CR1","doi-asserted-by":"publisher","unstructured":"Aichernig, B.K., Mu\u0161kardin, E., Pferscher, A.: Learning-based fuzzing of IoT message brokers. IEEE Conf. Softw. Test. Verif. Valid. 2021, 47\u201358 (2021). https:\/\/doi.org\/10.1109\/ICST49551.2021.00017","DOI":"10.1109\/ICST49551.2021.00017"},{"key":"1042_CR2","unstructured":"Betouin, P.: Bluetooth stack smasher, release v0.6. Available: http:\/\/www.secuobs.com\/news\/05022006-bluetooth10.shtml, last accessed March 25, (2025)"},{"key":"1042_CR3","doi-asserted-by":"crossref","unstructured":"Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., Zhang, K.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. NDSS (2018). https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2018\/02\/ndss2018_01A-1_Chen_paper.pdf","DOI":"10.14722\/ndss.2018.23159"},{"key":"1042_CR4","doi-asserted-by":"publisher","first-page":"337","DOI":"10.48550\/arXiv.2105.05445","volume":"2021","author":"X Feng","year":"2021","unstructured":"Feng, X., Sun, R., Zhu, X., Xue, M., Wen, S., Liu, D., Xiang, Y.: Snipuzz: black-box fuzzing of IoT firmware via message snippet inference. ACM SIGSAC Conf. Comput. Commun. Secur 2021, 337\u2013350 (2021). https:\/\/doi.org\/10.48550\/arXiv.2105.05445","journal-title":"ACM SIGSAC Conf. Comput. Commun. Secur"},{"key":"1042_CR5","unstructured":"Fiterau-Brostean, P., Jonsson, B., Merget, R., De Ruiter, J., Sagonas, K., Somorovsky, J.: Analysis of DTLS implementations using protocol state fuzzing. USENIX Secur. Symp. 2020, 2523-2540 (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/fiterau-brostean"},{"key":"1042_CR6","unstructured":"Garbelini, M.E., Bedi, V., Chattopadhyay, S., Sun, S., Kurniawan, E.: BrakTooth: causing havoc on Bluetooth link manager via directed fuzzing. USENIX Secur. Symp. 2022, 1025-1042 (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/garbelini"},{"key":"1042_CR7","unstructured":"Garbelini, M.E., Wang, C., Chattopadhyay, S., Sumei, S., Kurniawan, E.: SweynTooth: unleashing mayhem over Bluetooth low energy. USENIX Annu. Tech. Conf. 2020, 911-925 (2020). https:\/\/www.usenix.org\/conference\/atc20\/presentation\/garbelini"},{"key":"1042_CR8","doi-asserted-by":"publisher","unstructured":"IW, F.: SAGE: whitebox fuzzing for security testing. SAGE 10(1) (2012).https:\/\/doi.org\/10.1145\/2090147.2094081","DOI":"10.1145\/2090147.2094081"},{"key":"1042_CR9","doi-asserted-by":"publisher","unstructured":"Isberner, M., Howar, F.M., Steffen, B.: The TTT Algorithm: A Redundancy-Free Approach to Active Automata Learning. Runtime Verif. (2014). https:\/\/doi.org\/10.1007\/978-3-319-11164-3_26","DOI":"10.1007\/978-3-319-11164-3_26"},{"key":"1042_CR10","doi-asserted-by":"publisher","first-page":"3209","DOI":"10.1109\/SP46215.2023.10179330","volume":"2023","author":"I Karim","year":"2023","unstructured":"Karim, I., Al Ishtiaq, A., Hussain, S.R., Bertino, E.: Blediff: scalable and property-agnostic noncompliance checking for BLE implementations. IEEE Symp. Secur. Priv. 2023, 3209\u20133227 (2023). https:\/\/doi.org\/10.1109\/SP46215.2023.10179330","journal-title":"IEEE Symp. Secur. Priv."},{"key":"1042_CR11","unstructured":"Kim, S., Woo, S., Lee, H., Oh, H.: IoTCube: an automated analysis platform for finding security vulnerabilities. IEEE Symp. Secur. Priv. Poster (2017). https:\/\/wooseunghoon.github.io\/assets\/papers\/SNP17_Poster.pdf"},{"key":"1042_CR12","doi-asserted-by":"publisher","first-page":"1195","DOI":"10.1109\/ICCASIT55263.2022.9987150","volume":"2022","author":"J Lei","year":"2022","unstructured":"Lei, J., Wang, Y., Zhou, X., Yan, K.: BTFuzz: accurately fuzzing Bluetooth host with a simulated non-compliant controller. IEEE Int. Conf. Civil Aviat. Safety Inf. Technol 2022, 1195\u20131201 (2022). https:\/\/doi.org\/10.1109\/ICCASIT55263.2022.9987150","journal-title":"IEEE Int. Conf. Civil Aviat. Safety Inf. Technol"},{"issue":"3","key":"1042_CR13","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1109\/TST.2016.7488746","volume":"21","author":"R Ma","year":"2016","unstructured":"Ma, R., Wang, D., Hu, C., Ji, W., Xue, J.: Test data generation for stateful network protocol fuzzing using a rule-based state machine. Tsinghua Sci. Technol. 21(3), 352\u2013360 (2016). https:\/\/doi.org\/10.1109\/TST.2016.7488746","journal-title":"Tsinghua Sci. Technol."},{"key":"1042_CR14","doi-asserted-by":"publisher","unstructured":"Park, H., Nkuba, C.K., Woo, S., Lee, H.: L2Fuzz: discovering Bluetooth L2CAP vulnerabilities using stateful fuzz testing. IEEE\/IFIP Int. Conf. Dependable Syst. Netw 2022, 343\u2013354 (2022). https:\/\/doi.org\/10.48550\/arXiv.2208.00110","DOI":"10.48550\/arXiv.2208.00110"},{"key":"1042_CR15","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/978-3-031-06773-0_20","volume":"2022","author":"A Pferscher","year":"2022","unstructured":"Pferscher, A., Aichernig, B.K.: Stateful black-box fuzzing of Bluetooth devices using automata learning. NASA Form. Methods Symp. 2022, 373\u2013392 (2022). https:\/\/doi.org\/10.1007\/978-3-031-06773-0_20","journal-title":"NASA Form. Methods Symp."},{"key":"1042_CR16","unstructured":"Ruge, J., Classen, J., Gringoli, F., Hollick, M.: Frankenstein: advanced wireless fuzzing to exploit new Bluetooth escalation targets. USENIX Secur. Symp. 2020, 19-36 (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/ruge"},{"key":"1042_CR17","unstructured":"Seri, B., Vishnepolsky, G., Zusman, D.: BLEEDINGBIT: the hidden attack surface within BLE chips. Technical Report (2019). https:\/\/i.blackhat.com\/eu-18\/Thu-Dec-6\/eu-18-Seri-BleedingBit-wp.pdf"},{"key":"1042_CR18","unstructured":"Synopsys: Defensics fuzz testing. Available: https:\/\/www.synopsys.com\/software-integrity\/security-testing\/fuzz-testing.html, last accessed March 25, 2025"},{"key":"1042_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/IWSSIP58668.2023.10180264","volume":"2023","author":"D Verde","year":"2023","unstructured":"Verde, D., Paiva, S., Lopes, S.: Assessing cybersecurity risks in BLE-based asset management systems. IEEE Int. Conf. Syst. Signals Image Process 2023, 1\u20135 (2023). https:\/\/doi.org\/10.1109\/IWSSIP58668.2023.10180264","journal-title":"IEEE Int. Conf. Syst. Signals Image Process"},{"key":"1042_CR20","unstructured":"Wu, J., Nan, Y., Kumar, V., Tian, D.J., Bianchi, A., Payer, M., Xu, D.: BLESA: spoofing attacks against reconnections in Bluetooth low energy. USENIX Workshop Offens. Technol. 2020 (2020). https:\/\/www.usenix.org\/conference\/woot20\/presentation\/wu"},{"key":"1042_CR21","doi-asserted-by":"publisher","unstructured":"Wu, J., Wu, R., Xu, D., Tian, D.J., Bianchi, A.: Formal model-driven discovery of Bluetooth protocol design vulnerabilities. IEEE Symp. Secur. Priv. 2022, 2285\u20132303 (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833777","DOI":"10.1109\/SP46214.2022.9833777"},{"key":"1042_CR22","unstructured":"Zalewski, M.: AFL (American Fuzzy Lop). Available: https:\/\/github.com\/google\/AFL, last accessed March 25, (2025)"},{"key":"1042_CR23","unstructured":"Zhao, B., Li, Z., Qin, S., Ma, Z., Yuan, M., Zhu, W., Zhang, C.: StateFuzz: system call-based state-aware Linux driver fuzzing. USENIX Secur. Symp. 2022, 3273-3289 (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/zhao-bodong"},{"key":"1042_CR24","unstructured":"Zou, Y.H., Bai, J.J., Zhou, J., Tan, J., Qin, C., Hu, S.M.: TCP-Fuzz: detecting memory and semantic bugs in TCP stacks with fuzzing. USENIX Annu. Tech. Conf. 2021, 489-502 (2021). https:\/\/www.usenix.org\/conference\/atc21\/presentation\/zou"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01042-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01042-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01042-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:13Z","timestamp":1750500673000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01042-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,21]]},"references-count":24,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1042"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01042-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,5,21]]},"assertion":[{"value":"21 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"135"}}