{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T22:41:04Z","timestamp":1758148864297,"version":"3.44.0"},"reference-count":70,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62202260","62221003","62472246","62132011","623B2062"],"award-info":[{"award-number":["62202260","62221003","62472246","62132011","623B2062"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3607249","type":"journal-article","created":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T17:43:39Z","timestamp":1757353419000},"page":"9584-9599","source":"Crossref","is-referenced-by-count":0,"title":["VPGFuzz: Vulnerable Path-Guided Greybox Fuzzing"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2342-2375","authenticated-orcid":false,"given":"Zhechao","family":"Lin","sequence":"first","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7139-376X","authenticated-orcid":false,"given":"Jiahao","family":"Cao","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3648-1750","authenticated-orcid":false,"given":"Xinda","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, The University of Texas at Dallas, Richardson, TX, USA"}]},{"given":"Renjie","family":"Xie","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8345-1346","authenticated-orcid":false,"given":"Yuxi","family":"Zhu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University, Beijing, China"}]},{"given":"Xiao","family":"Li","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8776-8730","authenticated-orcid":false,"given":"Qi","family":"Li","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"given":"Yangyang","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4847-4585","authenticated-orcid":false,"given":"Mingwei","family":"Xu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology and the Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]}],"member":"263","reference":[{"volume-title":"OSS-Fuzz: Continuous Fuzzing for Open Source Software","year":"2016","key":"ref1"},{"volume-title":"American Fuzzy Lop (2.52b)","year":"2013","author":"Zalewski","key":"ref2"},{"key":"ref3","first-page":"1","article-title":"AFL+: Combining incremental steps of fuzzing research","volume-title":"Proc. 14th USENIX Workshop Offensive Technol. (WOOT 20)","author":"Fioraldi"},{"volume-title":"Libfuzzer\u2014A Library for Coverage-Guided Fuzz Testing","year":"2025","key":"ref4"},{"volume-title":"Honggfuzz","year":"2025","key":"ref5"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICST46399.2020.00062"},{"key":"ref7","first-page":"4481","article-title":"Bleem: Packet sequence oriented fuzzing for protocol implementations","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur. 23)","author":"Luo"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"ref9","first-page":"167","article-title":"KAFL: Hardware-assisted feedback fuzzing for OS kernels","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Schumilo"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484543"},{"key":"ref11","first-page":"1099","article-title":"FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Zheng"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00040"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24422"},{"volume-title":"Common Vulnerabilities and Exposures","year":"2025","key":"ref15"},{"key":"ref16","first-page":"2307","article-title":"EcoFuzz: Adaptive energy-saving greybox fuzzing as a variant of the adversarial multi-armed bandit","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Yue"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24486"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409748"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2903291"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1273442.1250746"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2019.00029"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"ref23","first-page":"2777","article-title":"Unifuzz: A holistic and pragmatic metrics-driven platform for evaluating fuzzers","volume-title":"Proc. USENIX Secur. Symp.","author":"Li"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/356887.356892"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.15"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409729"},{"article-title":"Sidewinder: An evolutionary guidance system for malicious input crafting","year":"2006","author":"Embleton","key":"ref28"},{"article-title":"Revolutionizing the field of grey-box attack surface testing with evolutionary fuzzing","year":"2007","author":"DeMott","key":"ref29"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"ref31","first-page":"745","article-title":"QSYM: A practical concolic execution engine tailored for hybrid fuzzing","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Yun"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00002"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00056"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23404"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23371"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115618"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.23"},{"key":"ref39","first-page":"2255","article-title":"FuzzGuard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur. 20)","author":"Zong"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33011044"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00052"},{"key":"ref42","first-page":"2613","article-title":"Montage: A neural network language model-guided JavaScript engine fuzzer","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Lee"},{"volume-title":"Boofuzz: Network Protocol Fuzzing for Humans","year":"2025","author":"Amini","key":"ref43"},{"volume-title":"Peach Fuzzer Community Edition V3","year":"2025","author":"Eddington","key":"ref44"},{"volume-title":"Syzkaller\u2014Kernel Fuzzer","year":"2025","key":"ref45"},{"key":"ref46","first-page":"5039","article-title":"KextFuzz: Fuzzing macOS kernel EXTensions on apple silicon via exploiting mitigations","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur. 23)","author":"Yin"},{"key":"ref47","first-page":"4985","article-title":"BoKASAN: Binary-only kernel address sanitizer for effective kernel fuzzing","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur. 23)","author":"Cho"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23166"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2973043"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3264835"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132785"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330579"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363230"},{"key":"ref55","first-page":"778","article-title":"SFuzz: An efficient adaptive fuzzer for solidity smart contracts","volume-title":"Proc. IEEE\/ACM 42nd Int. Conf. Softw. Eng. (ICSE)","author":"Nguyen"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24078"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560558"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3512345"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2019.00015"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380396"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134073"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213874"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238159"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00117"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238176"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484596"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1948.tb01338.x"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833761"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11153528.pdf?arnumber=11153528","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,16]],"date-time":"2025-09-16T17:33:12Z","timestamp":1758043992000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11153528\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":70,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3607249","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}