{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T19:46:17Z","timestamp":1776887177684,"version":"3.51.2"},"reference-count":194,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2018,9,1]],"date-time":"2018-09-01T00:00:00Z","timestamp":1535760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["U1713212"],"award-info":[{"award-number":["U1713212"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["91418206"],"award-info":[{"award-number":["91418206"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Key Research Program of Frontier Sciences, Chinese Academy of Sciences","award":["QYZDJ-SSW-JSC036"],"award-info":[{"award-number":["QYZDJ-SSW-JSC036"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2018,9]]},"DOI":"10.1109\/tr.2018.2834476","type":"journal-article","created":{"date-parts":[[2018,6,4]],"date-time":"2018-06-04T22:32:26Z","timestamp":1528151546000},"page":"1199-1218","source":"Crossref","is-referenced-by-count":213,"title":["Fuzzing: State of the Art"],"prefix":"10.1109","volume":"67","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6877-780X","authenticated-orcid":false,"given":"Hongliang","family":"Liang","sequence":"first","affiliation":[]},{"given":"Xiaoxiao","family":"Pei","sequence":"additional","affiliation":[]},{"given":"Xiaodong","family":"Jia","sequence":"additional","affiliation":[]},{"given":"Wuwei","family":"Shen","sequence":"additional","affiliation":[]},{"given":"Jian","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref170","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2011.07.028"},{"key":"ref172","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731198"},{"key":"ref171","first-page":"100","article-title":"Differential testing for software","volume":"10","author":"mckeeman","year":"1998","journal-title":"Digit Tech J"},{"key":"ref174","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2008.2011687"},{"key":"ref173","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2013.2240898"},{"key":"ref176","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2437840"},{"key":"ref175","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2009.2034288"},{"key":"ref178","first-page":"26","article-title":"Static program analysis as a fuzzing aid","author":"shastry","year":"0","journal-title":"Proc Int Symp Res Attacks Intrusions Defenses"},{"key":"ref177","first-page":"85","article-title":"Coverage-directed differential testing of JVM implementations","author":"chen","year":"0","journal-title":"Proc ACM SIGPLAN Conf Programming Lang Des Implementation"},{"key":"ref168","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2014.2299198"},{"key":"ref169","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.15"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"ref38","first-page":"1","article-title":"Automated whitebox fuzz testing","author":"godefroid","year":"2008","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-33630-5_17"},{"key":"ref32","article-title":"Trinity: A linux system call fuzz tester","author":"jones","year":"2016"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"ref30","first-page":"193","article-title":"Protocol state fuzzing of TLS implementations","author":"de ruiter","year":"0","journal-title":"24th USENIX Security Symp"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070546"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"ref35","first-page":"1","article-title":"Flayer: Exposing application internals","author":"drewry","year":"2007","journal-title":"Proc USENIX Workshop Offensive Technol"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2013.6671300"},{"key":"ref181","doi-asserted-by":"publisher","DOI":"10.1016\/S0950-5849(02)00129-5"},{"key":"ref180","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2016.176"},{"key":"ref185","article-title":"Static exploration of taint-style vulnerabilities found by fuzzing","author":"shastry","year":"0","journal-title":"Proc USENIX Workshop Offensive Technol"},{"key":"ref184","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2014.7"},{"key":"ref183","first-page":"4:1?4:27","article-title":"Metamorphic testing: A review of challenges\n and opportunities","volume":"51","author":"chen","year":"2018","journal-title":"ACM Comput Surv"},{"key":"ref182","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2013.46"},{"key":"ref189","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115618"},{"key":"ref188","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-C.2017.26"},{"key":"ref187","first-page":"38","article-title":"Using metamorphic testing to improve dynamic symbolic execution","author":"alatawi","year":"0","journal-title":"Proc 24th Australasian Softw Eng Conf IEEE"},{"key":"ref186","first-page":"212","article-title":"GRT: Program-analysis-guided random testing (T)","volume":"2015","author":"ma","year":"2015","journal-title":"Proc 30th IEEE\/ACM Int Conf Autom Softw Eng"},{"key":"ref28","article-title":"Genetic algorithm in code coverage guided fuzz testing","author":"j\u00e4\u00e4skel\u00e4","year":"2016"},{"key":"ref27","year":"2016","journal-title":"American Fuzzy Lop"},{"key":"ref179","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970316"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.02.001"},{"key":"ref20","author":"kitchenham","year":"2004","journal-title":"Procedures for Performing Systematic Reviews"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516736"},{"key":"ref21","first-page":"1","article-title":"Analyzing the past to prepare for the future: Writing a literature review","volume":"26","author":"webster","year":"2002","journal-title":"MIS Quart"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484372"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2012.182"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2491956.2462173"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1670412.1670413"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.23"},{"key":"ref51","first-page":"725","article-title":"Program-adaptive mutational fuzzing","author":"cha","year":"0","journal-title":"Proc IEEE Symp Security Privacy"},{"key":"ref154","year":"2016"},{"key":"ref153","first-page":"3","article-title":"VDF: Targeted evolutionary fuzz testing of virtual devices","author":"henderson","year":"0","journal-title":"Proc Int Symp Res Attacks Intrusions Defenses"},{"key":"ref156","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2015.7301400"},{"key":"ref155","year":"2016","journal-title":"libFuzzer—A Library for Coverage-Guided Fuzz Testing LLVM 3 9 Documentation"},{"key":"ref150","first-page":"689","article-title":"CAB-Fuzz: Practical concolic testing\n techniques for COTS operating systems","author":"kim","year":"0","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref152","first-page":"1","article-title":"Lowering the USB fuzzing barrier by transparent two-way emulation","author":"van tonder","year":"0","journal-title":"Proc USENIX Workshop Offensive Technol"},{"key":"ref151","year":"2016","journal-title":"vUSBf–QEMU\/KEMU USB-Fuzzing Framework"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2013.6575344"},{"key":"ref147","author":"vyukov","year":"2016","journal-title":"Trinity A Linux System Call Fuzzer"},{"key":"ref148","year":"2016","journal-title":"GitHub—Cr4sh\/ioctlfuzzer Automatically Exported From code google com\/p\/ioctlfuzzer"},{"key":"ref149","first-page":"167","article-title":"kAFL: Hardware-assisted feedback fuzzing for OS kernels","author":"schumilo","year":"0","journal-title":"Proc 26th USENIX Security Symp"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001452"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2008.22"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.14"},{"key":"ref56","year":"2016"},{"key":"ref55","year":"2016"},{"key":"ref54","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1145\/2771783.2771805","article-title":"Feedback-controlled random test\n generation","author":"yatoh","year":"2015","journal-title":"Proc Int Symp Softw Test Anal 2015"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.37"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831736"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.99"},{"key":"ref166","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2015.10"},{"key":"ref165","first-page":"1","article-title":"Fuzzing E-mail filters with generative grammars and n-gram analysis","author":"palka","year":"0","journal-title":"Proceedings of Workshop on Offensive Technology WOOT"},{"key":"ref164","first-page":"1","article-title":"IntScope: Automatically detecting integer\n overflow vulnerability in X86 binary using symbolic execution","author":"wang","year":"0","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref163","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2010.29"},{"key":"ref162","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2010.14"},{"key":"ref161","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2015.32"},{"key":"ref160","first-page":"46","article-title":"MemorySanitizer: Fast detector of uninitialized memory use in C++","author":"stepanov","year":"2015","journal-title":"Proc Annu IEEE\/ACM Int Symp Code Gener Optim"},{"key":"ref4","first-page":"1","article-title":"An empirical study of the robustness of windows NT applications using random testing","volume":"4","author":"forrester","year":"0","journal-title":"Proc 4th Usenix Windows Systems Symp"},{"key":"ref3","article-title":"Fuzz revisited: A re-examination of the\n reliability of UNIX utilities and services","author":"miller","year":"1995"},{"key":"ref6","first-page":"970","article-title":"Random testing","author":"hamlet","year":"1994","journal-title":"Encyclopedia of Software Engineering"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1145735.1145743"},{"key":"ref8","article-title":"Experiences with model inference assisted\n fuzzing","author":"viide","year":"0","journal-title":"Proc USENIX Workshop Offensive Technol"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.06.011"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.100"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/CSCloud.2017.42"},{"key":"ref157","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.79"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1002\/sec.628"},{"key":"ref158","doi-asserted-by":"publisher","DOI":"10.1145\/3058060.3058070"},{"key":"ref46","first-page":"275","article-title":"BUZZ: Testing context-dependent policies in stateful networks","author":"fayaz","year":"0","journal-title":"Proc 5th USENIX Symp Netw Syst Des Implementation"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2011.48"},{"key":"ref48","first-page":"782","article-title":"Turning programs against each other: High coverage fuzz-testing using binary-code mutation and\n dynamic slicing","author":"karg\u00e9n","year":"0","journal-title":"Proceedings of the Joint Meeting on Foundations of Software Engineering"},{"key":"ref47","first-page":"861","article-title":"Optimizing seed selection for fuzzing","author":"rebert","year":"0","journal-title":"Proc 23rd USENIX Secur Symp"},{"key":"ref42","article-title":"A framework for file format fuzzing with genetic algorithms","author":"seagle","year":"2012"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250746"},{"key":"ref44","first-page":"1","article-title":"DTA++: Dynamic taint analysis\n with targeted control-flow propagation","author":"kang","year":"2011","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-014-1922-5"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.35"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.4018\/jsse.2010070103"},{"key":"ref71","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1007\/978-3-642-24403-2_3","article-title":"H-Fuzzing: A\n new heuristic method for fuzzing data generation","author":"zhao","year":"2011","journal-title":"Network and Parallel Computing"},{"key":"ref70","first-page":"65","article-title":"Many-core compiler fuzzing","author":"lidbury","year":"0","journal-title":"Proc ACM SIGPLAN Conf Programming Lang Des Implementation"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2512220"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336763"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483787"},{"key":"ref75","first-page":"95","article-title":"Synthesizing program input grammars","author":"bastani","year":"0","journal-title":"Proc ACM SIGPLAN Conf Programming Lang Des Implementation"},{"key":"ref78","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1145\/2931037.2931056","article-title":"Generating focused random tests using\n directed swarm testing","author":"alipour","year":"2016","journal-title":"Proc 25th Int Symp Softw Test Anal"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31759-0_2"},{"key":"ref60","first-page":"1","article-title":"Effective file format fuzzing-thoughts techniques and results","author":"jurczyk","year":"0","journal-title":"Proc Black Hat Conf"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2019599.2019600"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.03.002"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970321"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106295"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.4028\/www.scientific.net\/AMR.756-759.4050"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.6.5.881-888"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.65"},{"key":"ref68","first-page":"725","article-title":"Language\n fuzzing using constraint logic programming","author":"dewey","year":"0","journal-title":"Proc ACM\/IEEE Int Conf Autom Softw Eng"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818033"},{"key":"ref193","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2012.181"},{"key":"ref194","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2013.6566868"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2008.69"},{"key":"ref190","article-title":"Fuzzing binaries with Lévy flight swarms","volume":"2016","author":"b\u00f6ttinger","year":"2016","journal-title":"EURASIP J Inf Security"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001424"},{"key":"ref191","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.9"},{"key":"ref92","first-page":"209","article-title":"KLEE:\n Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proc of the 8th USENIX Symp on Operating Systems Design and Implementation"},{"key":"ref192","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557550"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254088"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_27"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081750"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"ref96","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/978-3-319-40667-1_2","article-title":"DeepFuzz: Triggering vulnerabilities deeply hidden in binaries","author":"b\u00f6ttinger","year":"2016","journal-title":"Proceedings of the 4th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610392"},{"key":"ref82","year":"2016","journal-title":"Research Insights Volume 9—Modern Security Vulnerability Discovery"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2004.43"},{"key":"ref84","first-page":"891","article-title":"Hercules: reproducing crashes in real-world application binaries","author":"pham","year":"2015","journal-title":"Proceedings of the International Conference on Software Engineering ICSE'94"},{"key":"ref83","first-page":"309","article-title":"AddressSanitizer: A fast address sanity\n checker","author":"serebryany","year":"2012","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2003.1201224"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993529"},{"key":"ref85","first-page":"1","article-title":"A smart fuzzer for ×86 executables","author":"lanzi","year":"0","journal-title":"Proceedings of international Workshop on Software Engineering for Secure Systems"},{"key":"ref86","first-page":"49","article-title":"Dowsing for overflows: A\n guided fuzzer to find buffer boundary violations","author":"haller","year":"2013","journal-title":"Proceedings of the 22th USENIX Security"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190226"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/1375581.1375607"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1681"},{"key":"ref127","year":"2016","journal-title":"AFL Filesystem Fuzzing Vault 2016_0 pdf"},{"key":"ref126","year":"2016"},{"key":"ref125","year":"2016","journal-title":"Project Triforce Run AFL on Everything!"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064188"},{"key":"ref128","first-page":"13","article-title":"QuickFuzz:\n An automatic random fuzzer for common file formats","author":"grieco","year":"0","journal-title":"Proc Int Haskell Symp"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2014.51"},{"key":"ref133","first-page":"1","article-title":"DroidFuzzer: Fuzzing the android apps with intent-filter\n tag","author":"ye","year":"0","journal-title":"Proc Int Conf Adv Mob Comput Multimed"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1145\/2632168.2632169"},{"key":"ref131","article-title":"Droid-FF: The first android fuzzing framework","author":"joseph","year":"0","journal-title":"Proc Hack Box Security Conf"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2014.32"},{"key":"ref136","year":"2016","journal-title":"OpenRCE\/sulley"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.1109\/MobileSoft.2015.11"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978411"},{"key":"ref137","year":"2016"},{"key":"ref139","first-page":"349","article-title":"The advantages of block-based protocol analysis for security\n testing","volume":"105","author":"aitel","year":"2002","journal-title":"Immunity Inc"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2012.6295728"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2014.45"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1109\/IWAST.2012.6228985"},{"key":"ref143","first-page":"343","article-title":"SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr","volume":"4176","author":"banks","year":"0","journal-title":"Proc Int Conf Inf Commun Security"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.1145\/1326304.1326313"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.55"},{"key":"ref145","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-009-0123-7"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993558"},{"key":"ref108","article-title":"VUzzer: Application-aware evolutionary fuzzing","author":"rawat","year":"0","journal-title":"Proc 24th Annu Netw Distrib Syst Security Symp"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606558"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.121"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2014.43"},{"key":"ref103","first-page":"306","article-title":"Achieving high coverage for floating-point code via unconstrained programming","author":"fu","year":"0","journal-title":"Proc ACM SIGPLAN Conf Programming Lang Des Implementation"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831710"},{"key":"ref111","first-page":"31","article-title":"On designing an efficient distributed black-box fuzzing system for mobile devices","author":"hao","year":"0","journal-title":"Proc 10th ACM Symp Inf Comput Commun Security"},{"key":"ref112","year":"2016","journal-title":"Peach fuzzer Discover unknown vulnerabilities"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1145\/2639108.2639131"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1002\/sec.714"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.08.094"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351736"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.09.015"},{"key":"ref14","doi-asserted-by":"crossref","first-page":"20:20?20:27","DOI":"10.1145\/2090147.2094081","article-title":"SAGE:\n Whitebox fuzzing for security testing","volume":"10","author":"godefroid","year":"2012","journal-title":"Queue"},{"key":"ref15","author":"vyukov","year":"2016","journal-title":"Syzkaller—Linux Kernel Fuzzer"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3092282.3092314"},{"key":"ref118","first-page":"100","article-title":"Differential testing for software","volume":"10","author":"mckeeman","year":"1998","journal-title":"Digit Tech J"},{"key":"ref17","first-page":"1","article-title":"The evolving art of fuzzing","volume":"14","author":"demott","year":"0","journal-title":"Proc DEF CON Conf"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"},{"key":"ref18","article-title":"Fuzzing: The state of the art","author":"mcnally","year":"2012","journal-title":"DTIC Document"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-015-2763-6"},{"key":"ref119","year":"2016"},{"key":"ref114","year":"2016","journal-title":"Honggfuzz by Google"},{"key":"ref113","first-page":"31","article-title":"eFuzz: A fuzzer for DLMS\/COSEM electricity meters","author":"dantas","year":"0","journal-title":"Proc 2nd Workshop Smart Energy Grid Security"},{"key":"ref116","year":"2016","journal-title":"MozillaSecurity\/funfuzz"},{"key":"ref115","year":"2016","journal-title":"Dynamic Testing (Fuzzing) on the ISASecure EDSA Certification 402 Ethernet by beSTORM"},{"key":"ref120","first-page":"445","article-title":"Fuzzing\n with code fragments","author":"holler","year":"2012","journal-title":"Proc 21th USENIX Secur Symp"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1145\/3052937"},{"key":"ref122","first-page":"581","article-title":"IFuzzer: An evolutionary interpreter fuzzer\n using genetic programming","volume":"9878","author":"veggalam","year":"0","journal-title":"Proc Eur Symp Res Comput Security"},{"key":"ref123","year":"2017","journal-title":"The Spring Project"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/8452065\/08371326.pdf?arnumber=8371326","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T12:40:18Z","timestamp":1643200818000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8371326\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9]]},"references-count":194,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tr.2018.2834476","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"value":"0018-9529","type":"print"},{"value":"1558-1721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,9]]}}}