{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T22:20:54Z","timestamp":1771366854224,"version":"3.50.1"},"reference-count":65,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"12","license":[{"start":{"date-parts":[[2025,6,15]],"date-time":"2025-06-15T00:00:00Z","timestamp":1749945600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,6,15]],"date-time":"2025-06-15T00:00:00Z","timestamp":1749945600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,6,15]],"date-time":"2025-06-15T00:00:00Z","timestamp":1749945600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172308"],"award-info":[{"award-number":["62172308"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1626107"],"award-info":[{"award-number":["U1626107"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972297"],"award-info":[{"award-number":["61972297"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172144"],"award-info":[{"award-number":["62172144"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Guizhou Provincial Basic Research Program","award":["MS[2025]686"],"award-info":[{"award-number":["MS[2025]686"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2025,6,15]]},"DOI":"10.1109\/jiot.2025.3546664","type":"journal-article","created":{"date-parts":[[2025,2,28]],"date-time":"2025-02-28T13:55:37Z","timestamp":1740750937000},"page":"21364-21378","source":"Crossref","is-referenced-by-count":0,"title":["MODFuzz: A Multiobjective Directed Fuzzer for USB Drivers"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-2952-5198","authenticated-orcid":false,"given":"Yilin","family":"Zhou","sequence":"first","affiliation":[{"name":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, and the School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5731-8958","authenticated-orcid":false,"given":"Guojun","family":"Peng","sequence":"additional","affiliation":[{"name":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, and the School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"given":"Xingliang","family":"Wang","sequence":"additional","affiliation":[{"name":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, and the School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9006-6868","authenticated-orcid":false,"given":"Chenyang","family":"Wang","sequence":"additional","affiliation":[{"name":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, and the School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9949-0291","authenticated-orcid":false,"given":"Zichuan","family":"Li","sequence":"additional","affiliation":[{"name":"System Security Foundations Laboratory, Indiana University Bloomington, Bloomington, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8106-4101","authenticated-orcid":false,"given":"Side","family":"Liu","sequence":"additional","affiliation":[{"name":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, and the School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6990-2972","authenticated-orcid":false,"given":"Yanhao","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Security Research, NIO Inc., Beijing, China"}]},{"given":"Xiuzhang","family":"Yang","sequence":"additional","affiliation":[{"name":"Guizhou University, Guiyang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4639-5824","authenticated-orcid":false,"given":"Jianming","family":"Fu","sequence":"additional","affiliation":[{"name":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, and the School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"USB implementers forum.","year":"2023"},{"key":"ref2","volume-title":"USB\/IP Project.","year":"2011"},{"key":"ref3","first-page":"48","article-title":"Using USBIP to create a portable remote USB hub","volume-title":"Proc. Int. Conf. Internet Comput. (ICOMP)","author":"Paradis"},{"key":"ref4","volume-title":"Usbredir.","year":"2024"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103653"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.23919\/JCC.fa.2022-0509.202311"},{"key":"ref7","first-page":"2559","article-title":"USBFuzz: A framework for fuzzing USB drivers by device emulation","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Peng"},{"key":"ref8","volume-title":"American fuzzy lop.","author":"Zalewski","year":"2020"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00103"},{"key":"ref11","first-page":"1257","article-title":"MundoFuzz: Hypervisor fuzzing with statistical coverage testing and grammar inference","volume-title":"Proc. 31st USENIX Security Symp. (USENIX Security)","author":"Myung"},{"key":"ref12","first-page":"1275","article-title":"Drifuzz: Harvesting bugs in device drivers from golden seeds","volume-title":"Proc. 31st USENIX Security Symp. (USENIX Security)","author":"Shen"},{"key":"ref13","first-page":"1239","article-title":"Fuzzware: Using precise MMIO modeling for effective firmware fuzzing","volume-title":"Proc. 31st USENIX Security Symp. (USENIX Security)","author":"Scharnowski"},{"key":"ref14","first-page":"1221","article-title":"MORPHUZZ: Bending (input) space to fuzz virtual devices","volume-title":"Proc. 31st USENIX Security Symp. (USENIX Security)","author":"Bulekov"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24486"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330579"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00037"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.21655\/ijsi.1673-7288.00261"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"ref20","first-page":"47","article-title":"Binary-level directed fuzzing for use-after-free vulnerabilities","volume-title":"Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses","author":"Nguyen"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2010.37"},{"key":"ref22","first-page":"3559","article-title":"Constraint-guided directed greybox fuzzing","volume-title":"Proc. 30th USENIX Security Symp.","author":"Lee"},{"key":"ref23","first-page":"2255","article-title":"FuzzGuard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning","volume-title":"Proc. 29th USENIX Security Symp.","author":"Zong"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070546"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833751"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3253120"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00059"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/sp54263.2024.00040"},{"key":"ref30","first-page":"4931","article-title":"DAFL: Directed grey-box fuzzing guided by data dependency","volume-title":"Proc. 32nd USENIX Security Symp.","author":"Kim"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510197"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/sp46215.2023.10179296"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24422"},{"key":"ref34","volume-title":"Linux statistics 2024 by market share, usage data, number of users and facts.","author":"Elad","year":"2024"},{"key":"ref35","volume-title":"External USB Fuzzing for Linux Kernel","year":"2023"},{"key":"ref36","volume-title":"The 2024 USB Threat Report from Honeywell GARD","year":"2024"},{"key":"ref37","author":"Kushner","year":"2013","journal-title":"The real story of Stuxnet."},{"key":"ref38","volume-title":"MODFuzz source code and related data.","year":"2024"},{"key":"ref39","volume-title":"USB4\u00ae Specification V2.0","year":"2023"},{"key":"ref40","first-page":"5845","article-title":"Fuzz the power: Dual-role state guided black-box fuzzing for USB power delivery","volume-title":"Proc. 32nd USENIX Security Symp. (USENIX Security)","author":"Kim"},{"key":"ref41","first-page":"1","article-title":"Lowering the USB fuzzing barrier by transparent two-way emulation","volume-title":"Proc. 8th USENIX Workshop Offensive Technol.","author":"van Tonder"},{"key":"ref42","first-page":"1","article-title":"ReUSB: Replay-guided USB driver fuzzing","volume-title":"Proc. 32nd USENIX Security Symp.","author":"Jang"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833593"},{"key":"ref44","volume-title":"QEMU: A generic and open source machine emulator and virtualizer.","year":"2025"},{"key":"ref45","first-page":"2289","article-title":"ParmeSan: Sanitizer-guided greybox fuzzing","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"\u00d6sterlund"},{"key":"ref46","volume-title":"Common Vulnerabilities and Exposures","year":"2024"},{"key":"ref47","volume-title":"IDA pro.","year":"2025"},{"key":"ref48","volume-title":"CVE-2023-2194","year":"2023"},{"key":"ref49","volume-title":"KCOV: Code coverage for fuzzing.","year":"2025"},{"key":"ref50","volume-title":"Device specification for inter-VM shared memory device.","author":"Macdonell","year":"2020"},{"key":"ref51","volume-title":"The hard things about analyzing 1\u2019s and 0\u2019s.","author":"Brumley","year":"2020"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336773"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510227"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3616268"},{"key":"ref57","volume-title":"Basic concept or \u2018what is an URB?\u2019.","year":"2025"},{"key":"ref58","volume-title":"CVE-2023-3077","year":"2023"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"ref60","first-page":"1093","article-title":"KOOBE: Towards facilitating exploit generation of kernel out-of-bounds write vulnerabilities","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Chen"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833683"},{"key":"ref62","volume-title":"x86-64 calling conventions.","year":"2025"},{"key":"ref63","volume-title":"Facedancer21.","year":"2021"},{"key":"ref64","volume-title":"AFLGo\u2019s test scenarios.","year":"2023"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/sp54263.2024.00051"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/11031138\/10907918.pdf?arnumber=10907918","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T21:10:01Z","timestamp":1771362601000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10907918\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,15]]},"references-count":65,"journal-issue":{"issue":"12"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2025.3546664","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,15]]}}}