{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:11:01Z","timestamp":1777338661346,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Strategic Priority Research Program of the CAS","award":["XDC02040100, XDC02030200, XDC02020200"],"award-info":[{"award-number":["XDC02040100, XDC02030200, XDC02020200"]}]},{"name":"National Key Research and Development Program of China","award":["2016QY071405"],"award-info":[{"award-number":["2016QY071405"]}]},{"name":"BNRist Network and Software Security Research Program","award":["BNR2019TD01004, BNR2019RC01009"],"award-info":[{"award-number":["BNR2019TD01004, BNR2019RC01009"]}]},{"name":"Chinese National Natural Science Foundation","award":["61602470, 61702508, 61802394, U1836209, 61772308, 61972224, U1736209"],"award-info":[{"award-number":["61602470, 61702508, 61802394, U1836209, 61772308, 61972224, U1736209"]}]},{"name":"Government","award":["2017-JCJQ-ZD-043-01"],"award-info":[{"award-number":["2017-JCJQ-ZD-043-01"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359826","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"544-556","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":41,"title":["SRFuzzer"],"prefix":"10.1145","author":[{"given":"Yu","family":"Zhang","sequence":"first","affiliation":[{"name":"CAS, China"}]},{"given":"Wei","family":"Huo","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Kunpeng","family":"Jian","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Ji","family":"Shi","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Haoliang","family":"Lu","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Longquan","family":"Liu","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Chen","family":"Wang","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Dandan","family":"Sun","sequence":"additional","affiliation":[{"name":"CAS, China"}]},{"given":"Chao","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"given":"Baoxu","family":"Liu","sequence":"additional","affiliation":[{"name":"CAS, China"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2015. Common Vulnerability Scoring System (CVSS). https:\/\/nvd.nist.gov\/vulnmetrics\/cvss.  2015. Common Vulnerability Scoring System (CVSS). https:\/\/nvd.nist.gov\/vulnmetrics\/cvss."},{"key":"e_1_3_2_1_2_1","unstructured":"2015. Mi Smart Plug. https:\/\/www.mi.com\/us\/mj-socket\/.  2015. Mi Smart Plug. https:\/\/www.mi.com\/us\/mj-socket\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2015. Zerodium. https:\/\/zerodium.com\/program.html.  2015. Zerodium. https:\/\/zerodium.com\/program.html."},{"key":"e_1_3_2_1_4_1","unstructured":"2016. Multiple Netgear routers are vulnerable to arbitrary command injection. https:\/\/www.kb.cert.org\/vuls\/id\/582384\/.  2016. Multiple Netgear routers are vulnerable to arbitrary command injection. https:\/\/www.kb.cert.org\/vuls\/id\/582384\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2018. New VPNFilter malware targets at least 500K networking devices worldwide. https:\/\/blog.talosintelligence.com\/2018\/05\/VPNFilter.html.  2018. New VPNFilter malware targets at least 500K networking devices worldwide. https:\/\/blog.talosintelligence.com\/2018\/05\/VPNFilter.html."},{"key":"e_1_3_2_1_6_1","unstructured":"2018. Securing IoT Devices: How Safe Is Your Wi-Fi Router? https:\/\/www.theamericanconsumer.org\/wp-content\/uploads\/2018\/09\/FINAL-Wi-Fi-Router-Vulnerabilities.pdf.  2018. Securing IoT Devices: How Safe Is Your Wi-Fi Router? https:\/\/www.theamericanconsumer.org\/wp-content\/uploads\/2018\/09\/FINAL-Wi-Fi-Router-Vulnerabilities.pdf."},{"key":"e_1_3_2_1_7_1","unstructured":"Hristo Bojinov Elie Bursztein Eric Lovett and Dan Boneh. 2009. Embedded management interfaces: Emerging massive insecurity. BlackHat USA (2009).  Hristo Bojinov Elie Bursztein Eric Lovett and Dan Boneh. 2009. Embedded management interfaces: Emerging massive insecurity. BlackHat USA (2009)."},{"key":"e_1_3_2_1_8_1","unstructured":"buildroot. 2001. Buildroot - Making Embedded Linux Easy. https:\/\/buildroot.org\/.  buildroot. 2001. Buildroot - Making Embedded Linux Easy. https:\/\/buildroot.org\/."},{"key":"e_1_3_2_1_9_1","unstructured":"CENSUS. 2016. Choronzon - An evolutionary knowledge-based fuzzer. https:\/\/github.com\/CENSUS\/choronzon.  CENSUS. 2016. Choronzon - An evolutionary knowledge-based fuzzer. https:\/\/github.com\/CENSUS\/choronzon."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_11_1","volume-title":"IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Network and Distributed System Security Symposium (NDSS).","author":"Chen Jiongyi","year":"2018"},{"key":"e_1_3_2_1_12_1","volume-title":"ACM Asia Conference on Computer and Communications Security (ASIACCS).","author":"Costin A."},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium.","author":"Costin A."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920276"},{"key":"e_1_3_2_1_15_1","volume-title":"Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In Network and Distributed System Security Symposium (NDSS).","author":"Chen Daming D.","year":"2016"},{"key":"e_1_3_2_1_16_1","volume-title":"FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In USENIX Security Symposium.","author":"Davidson Drew","year":"2013"},{"key":"e_1_3_2_1_17_1","unstructured":"Independent Security Evaluators. 2017. SOHO Network Equipment (Technical Report). https:\/\/www.securityevaluators.com\/wp-content\/uploads\/2017\/07\/soho_techreport.pdf.  Independent Security Evaluators. 2017. SOHO Network Equipment (Technical Report). https:\/\/www.securityevaluators.com\/wp-content\/uploads\/2017\/07\/soho_techreport.pdf."},{"key":"e_1_3_2_1_18_1","volume-title":"Free and Open Source Software Developers European Meeting (FOSDEM).","author":"Fainelli Florian","year":"2008"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Roy Fielding and Julian Reschke. 2014. RFC 7231-Hypertext Transfer Protocol (HTTP\/1.1): Semantics and Content. Internet Engineering Task Force (IETF) (2014).  Roy Fielding and Julian Reschke. 2014. RFC 7231-Hypertext Transfer Protocol (HTTP\/1.1): Semantics and Content. Internet Engineering Task Force (IETF) (2014).","DOI":"10.17487\/rfc7231"},{"key":"e_1_3_2_1_21_1","unstructured":"Fitblip. 2012. Sulley - a pure-python fully automated and unattended fuzzing framework. https:\/\/github.com\/OpenRCE\/sulley.  Fitblip. 2012. Sulley - a pure-python fully automated and unattended fuzzing framework. https:\/\/github.com\/OpenRCE\/sulley."},{"key":"e_1_3_2_1_22_1","unstructured":"Google. 2015. Honggfuzz. https:\/\/github.com\/google\/honggfuzz.  Google. 2015. Honggfuzz. https:\/\/github.com\/google\/honggfuzz."},{"key":"e_1_3_2_1_23_1","unstructured":"Google. 2015. syzkaller - linux syscall fuzzer. https:\/\/github.com\/google\/syzkaller.  Google. 2015. syzkaller - linux syscall fuzzer. https:\/\/github.com\/google\/syzkaller."},{"key":"e_1_3_2_1_24_1","volume-title":"Toward Secure Embedded Web Interfaces. In USENIX Security Symposium.","author":"Gourdin Baptiste","year":"2011"},{"key":"e_1_3_2_1_25_1","volume-title":"Report: Internet of Things Research Study. https:\/\/www8.hp.com\/us\/en\/hp-news\/press-release.html?id=1744676.","year":"2014"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274746"},{"key":"e_1_3_2_1_27_1","unstructured":"jtpereyda. 2012. A fork and successor of the Sulley Fuzzing Framework. https:\/\/github.com\/jtpereyda\/boofuzz.  jtpereyda. 2012. A fork and successor of the Sulley Fuzzing Framework. https:\/\/github.com\/jtpereyda\/boofuzz."},{"key":"e_1_3_2_1_28_1","unstructured":"jtpereyda. 2014. Wfuzz - The Web Fuzzer. https:\/\/github.com\/xmendez\/wfuzz.  jtpereyda. 2014. Wfuzz - The Web Fuzzer. https:\/\/github.com\/xmendez\/wfuzz."},{"key":"e_1_3_2_1_29_1","unstructured":"Swati Khandelwal. 2018. Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic. https:\/\/thehackernews.com\/2018\/09\/mikrotik-router-hacking.html.  Swati Khandelwal. 2018. Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic. https:\/\/thehackernews.com\/2018\/09\/mikrotik-router-hacking.html."},{"key":"e_1_3_2_1_30_1","volume-title":"CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems. In USENIX Annual Technical Conference (USENIX ATC).","author":"Kim Su Yong","year":"2017"},{"key":"e_1_3_2_1_31_1","unstructured":"LLVM. 2015. libFuzzer - a library for coverage-guided fuzz testing. http:\/\/llvm.org\/docs\/LibFuzzer.html.  LLVM. 2015. libFuzzer - a library for coverage-guided fuzz testing. http:\/\/llvm.org\/docs\/LibFuzzer.html."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23166"},{"key":"e_1_3_2_1_33_1","volume-title":"VUzzer: Application-aware Evolutionary Fuzzing. In Network and Distributed System Security Symposium (NDSS).","author":"Rawat Sanjay","year":"2017"},{"key":"e_1_3_2_1_34_1","unstructured":"rytilahti. 2018. python-miio:Python library & console tool for controlling Xiaomi smart appliances. https:\/\/github.com\/rytilahti\/python-miio.  rytilahti. 2018. python-miio:Python library & console tool for controlling Xiaomi smart appliances. https:\/\/github.com\/rytilahti\/python-miio."},{"key":"e_1_3_2_1_35_1","unstructured":"Selenium. [n. d.].  Selenium. [n. d.]."},{"key":"e_1_3_2_1_36_1","volume-title":"Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In Network and Distributed System Security Symposium (NDSS).","author":"Shoshitaishvili Yan","year":"2015"},{"key":"e_1_3_2_1_37_1","volume-title":"Commix: Detecting and exploiting command injection flaws. BlackHat EU","author":"Stasinopoulos Anastasios","year":"2015"},{"key":"e_1_3_2_1_38_1","volume-title":"Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In Network and Distributed System Security Symposium (NDSS).","author":"Stephens Nick","year":"2016"},{"key":"e_1_3_2_1_39_1","unstructured":"strace. 2000. strace - linux syscall tracer. https:\/\/strace.io\/.  strace. 2000. strace - linux syscall tracer. https:\/\/strace.io\/."},{"key":"e_1_3_2_1_40_1","unstructured":"Zhiqiang Wang Yuqing Zhang and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. KSII Transactions on Internet and Information Systems (TIIS) (2013).  Zhiqiang Wang Yuqing Zhang and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. KSII Transactions on Internet and Information Systems (TIIS) (2013)."},{"key":"e_1_3_2_1_41_1","volume-title":"ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery. In IEEE Symposium on Security and Privacy (S&P).","author":"You Wei","year":"2019"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"e_1_3_2_1_43_1","unstructured":"Michal Zalewski. 2014. American Fuzzy Lop. http:\/\/lcamtuf.coredump.cx\/afl\/.  Michal Zalewski. 2014. American Fuzzy Lop. http:\/\/lcamtuf.coredump.cx\/afl\/."}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359826","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359826","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:04Z","timestamp":1750203904000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359826"}},"subtitle":["an automatic fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":43,"alternative-id":["10.1145\/3359789.3359826","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359826","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}