{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:25:36Z","timestamp":1772043936125,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF IIS","award":["2112471"],"award-info":[{"award-number":["2112471"]}]},{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NSF CNS","award":["2006556"],"award-info":[{"award-number":["2006556"]}]},{"name":"DARPA YFA","award":["D19AP00039"],"award-info":[{"award-number":["D19AP00039"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485388","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"1082-1099","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":36,"title":["Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices"],"prefix":"10.1145","author":[{"given":"Syed Rafiul","family":"Hussain","sequence":"first","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}]},{"given":"Imtiaz","family":"Karim","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Abdullah Al","family":"Ishtiaq","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}]},{"given":"Omar","family":"Chowdhury","sequence":"additional","affiliation":[{"name":"University of Iowa, Iowa City, IA, USA"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n. d.]. DIKEUE. https:\/\/github.com\/SyNSec-den\/DIKEUE."},{"key":"e_1_3_2_2_2_1","volume-title":"d.]. Evolved Universal T Radio Re Prot (3GPP TS 36.3 TECHNICAL SPECIFICATION 136 331 V13.0.0 (2016 LTE","unstructured":"[n. d.]. Evolved Universal T Radio Re Prot (3GPP TS 36.3 TECHNICAL SPECIFICATION 136 331 V13.0.0 (2016 LTE; l Terrestrial Radio Access (E- Resource Control (RRC)."},{"key":"e_1_3_2_2_3_1","unstructured":"[n. d.]. GNU Compilers. Gcov - Using the GNU Compiler Collection (GCC))."},{"key":"e_1_3_2_2_4_1","unstructured":"[n. d.]. libimobiledevice A cross-platform protocol library to access iOS devices. https:\/\/github.com\/libimobiledevice."},{"key":"e_1_3_2_2_5_1","volume-title":"d.]. LTE","unstructured":"[n. d.]. LTE; Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Packet Core (EPC); User Equipment (UE) conformance specification; Part 1: Protocol conformance specification (3GPP TS 36.523--1)."},{"key":"e_1_3_2_2_6_1","unstructured":"[n. d.]. srsLTE. https:\/\/github.com\/srsLTE."},{"key":"e_1_3_2_2_7_1","volume-title":"d.]. TS 24.301 Universal Mobile Telecommunications System (UMTS)","unstructured":"[n. d.]. TS 24.301 Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 15.4.0 Release 15)."},{"key":"e_1_3_2_2_8_1","unstructured":"[n. d.]. TS 33.401 3GPP System Architecture Evolution (SAE)."},{"key":"e_1_3_2_2_9_1","volume-title":"d.]. Universal Mobile Telecommunications System (UMTS)","unstructured":"[n. d.]. Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 15.4.0 Release 15)."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/0890--5401(87)90052--6"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978383"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243846"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_2_14_1","volume-title":"The nuXmv Symbolic Model Checker","author":"Cavada Roberto","unstructured":"Roberto Cavada, Alessandro Cimatti, Michele Dorigatti, Alberto Griggio, Alessandro Mariotti, Andrea Micheli, Sergio Mover, Marco Roveri, and Stefano Tonetta. 2014. The nuXmv Symbolic Model Checker. In Computer Aided Verification, Armin Biere and Roderick Bloem (Eds.). Springer International Publishing, Cham, 334--342."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3469133"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3324927"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1978.231496"},{"key":"e_1_3_2_2_18_1","volume-title":"Prospex: Protocol Specification Extraction. 2009 30th IEEE Symposium on Security and Privacy","author":"Comparetti P. M.","year":"2009","unstructured":"P. M. Comparetti, Gilbert Wondracek, C. Kr\u00fcgel, and E. Kirda. 2009. Prospex: Protocol Specification Extraction. 2009 30th IEEE Symposium on Security and Privacy (2009), 110--125."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23394"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2018.00009"},{"key":"e_1_3_2_2_21_1","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (Washington, D.C.) (SEC'15)","author":"Ruiter Joeri De","year":"2015","unstructured":"Joeri De Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In Proceedings of the 24th USENIX Conference on Security Symposium (Washington, D.C.) (SEC'15). USENIX Association, USA, 193--206."},{"key":"e_1_3_2_2_22_1","unstructured":"Simon Erni Patrick Leu Martin Kotuliak Marc R\u00f6schlin and Srdjan Capkun. 2021. AdaptOver : Adaptive Overshadowing of LTE signals. In https:\/\/arxiv.org\/abs\/2106.05039. arxiv."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24365"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1295014.1295038"},{"key":"e_1_3_2_2_25_1","volume-title":"Combining Model Learning and Model Checking to Analyze TCP Implementations","author":"Janssen Ramon","unstructured":"Ramon Janssen, and Frits Vaandrager. 2016. Combining Model Learning and Model Checking to Analyze TCP Implementations. In Computer Aided Verification, Swarat Chaudhuri and Azadeh Farzan (Eds.). Springer International Publishing, Cham, 454--471."},{"key":"e_1_3_2_2_26_1","volume-title":"Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium (USENIX Security . USENIX Association, 2523--2540","author":"Fiterau-Brostean Paul","year":"2020","unstructured":"Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. 2020. Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium (USENIX Security . USENIX Association, 2523--2540. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/fiterau-brostean"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3092282.3092289"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3326310"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2008.4697030"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23313"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23442"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354263"},{"key":"e_1_3_2_2_33_1","unstructured":"Malte Isberner. 2015. Foundations of active automata learning: an algorithmic perspective. Ph.D. Dissertation."},{"key":"e_1_3_2_2_34_1","volume-title":"The TTT Algorithm: A Redundancy-Free Approach to Active Automata Learning","author":"Isberner Malte","unstructured":"Malte Isberner, Falk Howar, and Bernhard Steffen. 2014. The TTT Algorithm: A Redundancy-Free Approach to Active Automata Learning. In Runtime Verification, Borzoo Bonakdarpour and Scott A. Smolka (Eds.). Springer International Publishing, Cham, 307--322."},{"key":"e_1_3_2_2_35_1","volume-title":"Computer Aided Verification, Daniel Kroening and Corina S. P's?reanu (Eds.)","author":"Isberner Malte","unstructured":"Malte Isberner, Falk Howar, and Bernhard Steffen. 2015. The Open-Source Learn- Lib. In Computer Aided Verification, Daniel Kroening and Corina S. P's?reanu (Eds.). Springer International Publishing, Cham, 487--495."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359833"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS51616.2021.00079"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813718"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00038"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813618"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399360"},{"key":"e_1_3_2_2_42_1","first-page":"100","article-title":"Differential Testing for Software","volume":"10","author":"McKeeman William M.","year":"1998","unstructured":"William M. McKeeman. 1998. Differential Testing for Software. DIGITAL TECHNICAL JOURNAL 10, 1 (1998), 100--107.","journal-title":"DIGITAL TECHNICAL JOURNAL"},{"key":"e_1_3_2_2_43_1","volume-title":"Extending Automated Protocol State Learning for the 802.11 4-Way Handshake","author":"McMahon Stone Chris","unstructured":"Chris McMahon Stone, Tom Chothia, and Joeri de Ruiter. 2018. Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. In Computer Security, Javier Lopez, Jianying Zhou, and Miguel Soriano (Eds.). Springer International Publishing, Cham, 325--345."},{"key":"e_1_3_2_2_44_1","volume-title":"Proceedings of the 16th USENIX Conference on Networked Systems Design and Implementation","author":"Moon Soo-Jin","year":"2019","unstructured":"Soo-Jin Moon, Jeffrey Helt, Yifei Yuan, Yves Bieri, Sujata Banerjee, Vyas Sekar, Wenfei Wu, Mihalis Yannakakis, and Ying Zhang. 2019. Alembic: Automated Model Inference for Stateful Network Functions. In Proceedings of the 16th USENIX Conference on Networked Systems Design and Implementation (Boston, MA, USA) (NSDI'19). USENIX Association, USA, 699--718."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","unstructured":"Harald Raffelt Bernhard Steffen and Margaria Tiziana. 2007. Dynamic Testing Via Automata Learning. 136--152. https:\/\/doi.org\/10.1007\/978--3--540--77966--7_13","DOI":"10.1007\/978--3--540--77966--7_13"},{"key":"e_1_3_2_2_46_1","volume-title":"State machine inference of QUIC. CoRR abs\/1903.04384","author":"Rasool Abdullah","year":"2019","unstructured":"Abdullah Rasool, Greg Alp\u00e1r, and Joeri de Ruiter. 2019. State machine inference of QUIC. CoRR abs\/1903.04384 (2019). arXiv:1903.04384 http:\/\/arxiv.org\/abs\/1903.04384"},{"key":"e_1_3_2_2_47_1","volume-title":"Proceedings of the 10th USENIX Conference on Offensive Technologies","author":"Rupprecht David","year":"2016","unstructured":"David Rupprecht, Kai Jansen, and Christina P\u00f6pper. 2016. Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness. In Proceedings of the 10th USENIX Conference on Offensive Technologies (Austin, (WOOT'16). USENIX Association, USA, 40--51."},{"key":"e_1_3_2_2_48_1","volume-title":"Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE. In USENIX Security Symposium (SSYM). USENIX Association.","author":"Rupprecht David","year":"2020","unstructured":"David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina P\u00f6pper. 2020. Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE. In USENIX Security Symposium (SSYM). USENIX Association."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00006"},{"key":"e_1_3_2_2_50_1","volume-title":"Inferring Mealy Machines. In FM 2009: Formal Methods, Ana Cavalcanti and Dennis R. Dams (Eds.). Springer Berlin Heidelberg","author":"Shahbaz Muzammil","year":"2009","unstructured":"Muzammil Shahbaz and Roland Groz. 2009. Inferring Mealy Machines. In FM 2009: Formal Methods, Ana Cavalcanti and Dennis R. Dams (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 207--222."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23236"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.46"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2017.32"},{"key":"e_1_3_2_2_54_1","volume-title":"Practical Model-Based Testing: A Tools Approach","author":"Utting Mark","unstructured":"Mark Utting and Bruno Legeard. 2006. Practical Model-Based Testing: A Tools Approach. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2967606"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485388","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485388","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:47:23Z","timestamp":1763498843000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485388"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":55,"alternative-id":["10.1145\/3460120.3485388","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485388","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}