{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T21:07:19Z","timestamp":1774472839528,"version":"3.50.1"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"7-8","license":[{"start":{"date-parts":[[2025,1,17]],"date-time":"2025-01-17T00:00:00Z","timestamp":1737072000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,17]],"date-time":"2025-01-17T00:00:00Z","timestamp":1737072000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Mach. Learn. & Cyber."],"published-print":{"date-parts":[[2025,8]]},"DOI":"10.1007\/s13042-024-02527-3","type":"journal-article","created":{"date-parts":[[2025,1,17]],"date-time":"2025-01-17T08:07:56Z","timestamp":1737101276000},"page":"4577-4598","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["ChatHTTPFuzz: large language model-assisted IoT HTTP fuzzing"],"prefix":"10.1007","volume":"16","author":[{"given":"Zhe","family":"Yang","sequence":"first","affiliation":[]},{"given":"Hao","family":"Peng","sequence":"additional","affiliation":[]},{"given":"Yanling","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Xingwei","family":"Li","sequence":"additional","affiliation":[]},{"given":"Haohua","family":"Du","sequence":"additional","affiliation":[]},{"given":"Shuhai","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jianwei","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,17]]},"reference":[{"key":"2527_CR1","unstructured":"Bellard F (2024) qemu\/qemu. Available at: https:\/\/github.com\/qemu\/qemu"},{"issue":"03","key":"2527_CR2","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1109\/MS.2020.3016773","volume":"38","author":"M Boehme","year":"2021","unstructured":"Boehme M, Cadar C, Roychoudhury A (2021) Fuzzing: challenges and reflections. IEEE Softw 38(03):79\u201386. https:\/\/doi.org\/10.1109\/MS.2020.3016773","journal-title":"IEEE Softw"},{"key":"2527_CR3","unstructured":"Brown TB, Mann B, Ryder N et\u00a0al (2020) Language models are few-shot learners. In: Proceedings of the 34th International Conference on Neural Information Processing Systems. Curran Associates Inc., Red Hook, NY, USA, NIPS \u201920, pp 1877\u20131901"},{"key":"2527_CR4","doi-asserted-by":"publisher","unstructured":"Chen B, Zhang Z, Langren\u00e9 N et\u00a0al (2024) Unleashing the potential of prompt engineering in large language models: a comprehensive review. https:\/\/doi.org\/10.48550\/arXiv.2310.14735, arXiv:2310.14735 [cs]","DOI":"10.48550\/arXiv.2310.14735"},{"key":"2527_CR5","doi-asserted-by":"publisher","unstructured":"Chen J, Diao W, Zhao Q et\u00a0al (2018) IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In: Proceedings 2018 Network and Distributed System Security Symposium. Internet Society, https:\/\/doi.org\/10.14722\/ndss.2018.23159","DOI":"10.14722\/ndss.2018.23159"},{"key":"2527_CR6","doi-asserted-by":"publisher","unstructured":"Cheng L, Zhang Y, Zhang Y et\u00a0al (2019) Optimizing Seed Inputs in Fuzzing with Machine Learning. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp 244\u2013245, https:\/\/doi.org\/10.1109\/ICSE-Companion.2019.00096, https:\/\/ieeexplore.ieee.org\/document\/8802707","DOI":"10.1109\/ICSE-Companion.2019.00096"},{"key":"2527_CR7","unstructured":"Cisco (2017) Cisco-talos\/mutiny-fuzzer. https:\/\/github.com\/Cisco-Talos\/mutiny-fuzzer"},{"key":"2527_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102817","volume":"120","author":"L Cui","year":"2022","unstructured":"Cui L, Cui J, Hao Z et al (2022) An empirical study of vulnerability discovery methods over the past ten years. Comput Secur 120:102817. https:\/\/doi.org\/10.1016\/j.cose.2022.102817","journal-title":"Comput Secur"},{"key":"2527_CR9","doi-asserted-by":"crossref","unstructured":"Du X, Liu M, Wang K et\u00a0al (2024) Evaluating large language models in class-level code generation. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. Association for Computing Machinery, New York, NY, USA, ICSE \u201924, pp 1\u201313","DOI":"10.1145\/3597503.3639219"},{"issue":"13","key":"2527_CR10","doi-asserted-by":"publisher","first-page":"10390","DOI":"10.1109\/JIOT.2021.3056179","volume":"8","author":"M Eceiza","year":"2021","unstructured":"Eceiza M, Flores JL, Iturbe M (2021) Fuzzing the internet of things: a review on the techniques and challenges for efficient vulnerability discovery in embedded systems. IEEE Internet of Things J 8(13):10390\u201310411. https:\/\/doi.org\/10.1109\/JIOT.2021.3056179","journal-title":"IEEE Internet of Things J"},{"key":"2527_CR11","first-page":"9","volume":"4","author":"MA Ezechina","year":"2015","unstructured":"Ezechina MA, Okwara KK, Ugboaja CAU (2015) The Internet of Things (Iot): a scalable approach to connecting everything. Int J Eng Sci 4:9\u201312","journal-title":"Int J Eng Sci"},{"key":"2527_CR12","doi-asserted-by":"crossref","unstructured":"Fan Z, Gao X, Mirchev M et\u00a0al (2023) automated repair of programs from large language models. In: Proceedings of the 45th International Conference on Software Engineering. IEEE Press, Melbourne, Victoria, Australia, ICSE \u201923, pp 1469\u20131481","DOI":"10.1109\/ICSE48619.2023.00128"},{"key":"2527_CR13","doi-asserted-by":"crossref","unstructured":"Feng X, Sun R, Zhu X et\u00a0al (2021) Snipuzz: Black-box fuzzing of IoT firmware via message snippet inference. In: CCS \u201921: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","DOI":"10.1145\/3460120.3484543"},{"key":"2527_CR14","unstructured":"gdb (Last updated 2024) GDB: The GNU project debugger. Available at: https:\/\/sourceware.org\/gdb\/"},{"key":"2527_CR15","unstructured":"Gergely\u00a0Erdelyi EC (2004) Idapython. https:\/\/hex-rays.com\/\/products\/ida\/support\/idapython_docs\/"},{"key":"2527_CR16","unstructured":"Hypertext Transfer Protocol (1995) Hypertext transfer protocol \u2013 HTTP\/1.1. Available at: https:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616.html"},{"key":"2527_CR17","doi-asserted-by":"crossref","unstructured":"Jain N, Vaidyanath S, Iyer A et\u00a0al (2022) Jigsaw: large language models meet program synthesis. In: Proceedings of the 44th International Conference on Software Engineering. Association for Computing Machinery, New York, NY, USA, ICSE \u201922, pp 1219\u20131231","DOI":"10.1145\/3510003.3510203"},{"key":"2527_CR18","unstructured":"Jtpereyda (Last updated 2024) jtpereyda\/boofuzz: A fork and successor of the sulley fuzzing framework. https:\/\/github.com\/jtpereyda\/boofuzz"},{"key":"2527_CR19","unstructured":"Kallus B, Anantharaman P, Locasto M et\u00a0al (2024) The HTTP garden: Discovering parsing vulnerabilities in HTTP\/1.1 implementations by differential fuzzing of request streams"},{"key":"2527_CR20","doi-asserted-by":"crossref","unstructured":"Karamcheti S, Mann G, Rosenberg D (2018) Adaptive grey-box fuzz-testing with Thompson sampling. In: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, pp 37\u201347","DOI":"10.1145\/3270101.3270108"},{"key":"2527_CR21","doi-asserted-by":"crossref","unstructured":"Kumar K, Bose J, Tripathi S (2016) A unified web interface for the internet of things. In: 2016 IEEE Annual India Conference (INDICON), pp 1\u20136","DOI":"10.1109\/INDICON.2016.7839142"},{"issue":"3","key":"2527_CR22","doi-asserted-by":"publisher","first-page":"1199","DOI":"10.1109\/TR.2018.2834476","volume":"67","author":"H Liang","year":"2018","unstructured":"Liang H, Pei X, Jia X et al (2018) Fuzzing: state of the art. IEEE Trans Reliab 67(3):1199\u20131218. https:\/\/doi.org\/10.1109\/TR.2018.2834476","journal-title":"IEEE Trans Reliab"},{"key":"2527_CR23","unstructured":"Lindsey O\u2019Donnell (2020) More Than Half of IoT Devices Vulnerable to Severe Attacks | Threatpost"},{"key":"2527_CR24","unstructured":"Lionel\u00a0Sujay V (2024) Number of internet of things (IoT) connections worldwide from 2022 to 2023, with forecasts from 2024 to 2033. https:\/\/www.statista.com\/statistics\/1183457\/iot-connected-devices-worldwide\/"},{"key":"2527_CR25","doi-asserted-by":"crossref","unstructured":"Liu H, Gan S, Zhang C et\u00a0al (2024) Labrador: response guided directed fuzzing for black-box IoT devices. In: 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, pp 1920\u20131938","DOI":"10.1109\/SP54263.2024.00127"},{"key":"2527_CR26","unstructured":"Ma X, Luo L, Zeng Q (2024) From one thousand pages of specification to unveiling hidden bugs: Large language model assisted fuzzing of matter IoT devices. In: USENIX Security Symposium, pp 4783\u20134800"},{"key":"2527_CR27","doi-asserted-by":"publisher","unstructured":"Manome N, Shinohara S, Chung U (2023) Simple modification of the upper confidence bound algorithm by generalized weighted averages. https:\/\/doi.org\/10.48550\/arXiv.2308.14350, arXiv:2308.14350 [cs]","DOI":"10.48550\/arXiv.2308.14350"},{"key":"2527_CR28","unstructured":"Marcussen E (2024) wireghoul\/doona. Available at: https:\/\/github.com\/wireghoul\/doona, original-date: 2012-05-01T04:10:01Z"},{"key":"2527_CR29","doi-asserted-by":"crossref","unstructured":"Meng R, Mirchev M, B\u00f6hme M et\u00a0al (2024) Large language model guided protocol fuzzing. In: Proceedings 2024 Network and Distributed System Security Symposium. Internet Society","DOI":"10.14722\/ndss.2024.24556"},{"key":"2527_CR30","unstructured":"Minaee S, Mikolov T, Nikzad N et\u00a0al (2024) Large language models: a survey. arXiv preprint arXiv:2402.06196"},{"key":"2527_CR31","unstructured":"NCC-Group (2017) Triforce. urlhttps:\/\/github.com\/nccgroup\/TriforceAFL"},{"issue":"13","key":"2527_CR32","doi-asserted-by":"publisher","first-page":"6067","DOI":"10.3390\/s23136067","volume":"23","author":"HA Noman","year":"2023","unstructured":"Noman HA, Abu-Sharkh OMF (2023) Code injection attacks in wireless-based internet of things (IoT): a comprehensive review and practical implementations. Sensors (Basel, Switzerland) 23(13):6067","journal-title":"Sensors (Basel, Switzerland)"},{"issue":"2","key":"2527_CR33","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1145\/227607.227610","volume":"5","author":"J Offutt","year":"1996","unstructured":"Offutt J, Lee A, Rothermel G et al (1996) An experimental determination of sufficient mutant operators. ACM Trans Misc Eng Methodol 5(2):99\u2013118. https:\/\/doi.org\/10.1145\/227607.227610","journal-title":"ACM Trans Misc Eng Methodol"},{"key":"2527_CR34","unstructured":"OpenAI (2024) Gpt-4 turbo: Enhanced capabilities and use cases. https:\/\/platform.openai.com\/docs\/models\/gpt-4o, accessed: 28 Oct 2024"},{"key":"2527_CR35","unstructured":"peach (2011) Peach fuzzing platform. https:\/\/www.peach.tech\/"},{"key":"2527_CR36","doi-asserted-by":"crossref","unstructured":"Pourrahmani H, Yavarinasab A, Monazzah AMH et al (2023) A review of the security vulnerabilities and countermeasures in the internet of things solutions: A bright future for the blockchain. Internet of Things 23:100888","DOI":"10.1016\/j.iot.2023.100888"},{"key":"2527_CR37","doi-asserted-by":"publisher","unstructured":"Ramya CM, Shanmugaraj M, Prabakaran R (2011) Study on ZigBee technology. In: 2011 3rd International Conference on Electronics Computer Technology pp 297\u2013301. https:\/\/doi.org\/10.1109\/ICECTECH.2011.5942102","DOI":"10.1109\/ICECTECH.2011.5942102"},{"key":"2527_CR38","doi-asserted-by":"crossref","unstructured":"Renze M, Guven E (2024) The effect of sampling temperature on problem solving in large language models. arXiv preprint arXiv:2402.05201","DOI":"10.18653\/v1\/2024.findings-emnlp.432"},{"key":"2527_CR39","doi-asserted-by":"publisher","unstructured":"Russo D, Van\u00a0Roy B, Kazerouni A et\u00a0al (2020) A tutorial on Thompson sampling. https:\/\/doi.org\/10.48550\/arXiv.1707.02038, arXiv:1707.02038 [cs]","DOI":"10.48550\/arXiv.1707.02038"},{"issue":"22","key":"2527_CR40","doi-asserted-by":"publisher","first-page":"22737","DOI":"10.1109\/JIOT.2022.3182589","volume":"9","author":"Z Shu","year":"2022","unstructured":"Shu Z, Yan G (2022) IoTInfer: automated blackbox fuzz testing of iot network protocols guided by finite state machine inference. IEEE Internet of Things J 9(22):22737\u201322751. https:\/\/doi.org\/10.1109\/JIOT.2022.3182589","journal-title":"IEEE Internet of Things J"},{"issue":"13","key":"2527_CR41","doi-asserted-by":"publisher","first-page":"11224","DOI":"10.1109\/JIOT.2023.3252594","volume":"10","author":"YR Siwakoti","year":"2023","unstructured":"Siwakoti YR, Bhurtel M, Rawat DB et al (2023) Advances in IoT security: vulnerabilities, enabled criminal services, attacks, and countermeasures. IEEE Internet of Things J 10(13):11224\u201311239. https:\/\/doi.org\/10.1109\/JIOT.2023.3252594","journal-title":"IEEE Internet of Things J"},{"key":"2527_CR42","doi-asserted-by":"publisher","unstructured":"Slivkins A (2024) Introduction to multi-armed bandits. https:\/\/doi.org\/10.48550\/arXiv.1904.07272, arXiv:1904.07272 [cs, stat]","DOI":"10.48550\/arXiv.1904.07272"},{"key":"2527_CR43","doi-asserted-by":"publisher","unstructured":"Tsai CH, Tsai SC, Huang SK (2021) REST API Fuzzing by Coverage Level Guided Blackbox Testing. In: 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), pp 291\u2013300, https:\/\/doi.org\/10.1109\/QRS54544.2021.00040, https:\/\/ieeexplore.ieee.org\/abstract\/document\/9724904","DOI":"10.1109\/QRS54544.2021.00040"},{"key":"2527_CR44","doi-asserted-by":"publisher","unstructured":"Tufano R, Pascarella L, Tufano M et\u00a0al (2021) Towards automating code review activities. https:\/\/doi.org\/10.48550\/arXiv.2101.02518, arXiv:2101.02518 [cs]","DOI":"10.48550\/arXiv.2101.02518"},{"key":"2527_CR45","doi-asserted-by":"publisher","unstructured":"Wang J, Yu L, Luo X (2024) LLMIF: Augmented large language model for fuzzing IoT devices. In: Symposium on Security and Privacy (SP). IEEE Computer Society, pp 881\u2013896, https:\/\/doi.org\/10.1109\/SP54263.2024.00211","DOI":"10.1109\/SP54263.2024.00211"},{"key":"2527_CR46","doi-asserted-by":"crossref","unstructured":"Xia CS, Paltenghi M, Le\u00a0Tian J et\u00a0al (2024) Fuzz4All: universal fuzzing with large language models. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. Association for Computing Machinery, New York, NY, USA, ICSE \u201924, pp 1\u201313","DOI":"10.1145\/3597503.3639121"},{"key":"2527_CR47","doi-asserted-by":"publisher","unstructured":"Zegeye W, Jemal A, Kornegay K (2023) Connected smart home over matter protocol. In: 2023 IEEE International Conference on Consumer Electronics (ICCE), pp 1\u20137, https:\/\/doi.org\/10.1109\/ICCE56470.2023.10043520","DOI":"10.1109\/ICCE56470.2023.10043520"},{"key":"2527_CR48","unstructured":"Zheng Y, Davanian A, Yin H et\u00a0al (2019) FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: USENIX Security Symposium, pp 1099\u20131114"}],"container-title":["International Journal of Machine Learning and Cybernetics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-024-02527-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13042-024-02527-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-024-02527-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T03:24:54Z","timestamp":1757129094000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13042-024-02527-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,17]]},"references-count":48,"journal-issue":{"issue":"7-8","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["2527"],"URL":"https:\/\/doi.org\/10.1007\/s13042-024-02527-3","relation":{},"ISSN":["1868-8071","1868-808X"],"issn-type":[{"value":"1868-8071","type":"print"},{"value":"1868-808X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,17]]},"assertion":[{"value":"30 October 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 December 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 January 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that there are no Conflict of interest regarding the publication of this manuscript. Prof. Hao Peng, who serves as an associate editor of this journal, was not involved in the review or decision-making process of this submission.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}