{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T05:34:39Z","timestamp":1772775279426,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"German Federal Ministry of Education and Research (BMBF)","award":["16KIS1899"],"award-info":[{"award-number":["16KIS1899"]}]},{"DOI":"10.13039\/501100006374","name":"European Research Council","doi-asserted-by":"publisher","award":["101045669"],"award-info":[{"award-number":["101045669"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690274","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"750-764","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["No Peer, no Cry: Network Application Fuzzing via Fault Injection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-5179-4002","authenticated-orcid":false,"given":"Nils","family":"Bars","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1630-1687","authenticated-orcid":false,"given":"Moritz","family":"Schloegel","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6401-5989","authenticated-orcid":false,"given":"Nico","family":"Schiller","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8564-1476","authenticated-orcid":false,"given":"Lukas","family":"Bernhard","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2783-1264","authenticated-orcid":false,"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534376"},{"key":"e_1_3_2_1_2_1","volume-title":"Thorsten Holz. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Symposium on Network and Distributed System Security (NDSS)","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Symposium on Network and Distributed System Security (NDSS), 2019."},{"key":"e_1_3_2_1_3_1","volume-title":"Abhik Roychoudhury. Stateful Greybox Fuzzing. In USENIX Security Symposium","author":"Ba Jinsheng","year":"2022","unstructured":"Jinsheng Ba, Marcel B\u00f6hme, Zahra Mirzamomen, and Abhik Roychoudhury. Stateful Greybox Fuzzing. In USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security Symposium","author":"Bars Nils","year":"2023","unstructured":"Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz. Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge. In USENIX Security Symposium, 2023."},{"key":"e_1_3_2_1_5_1","volume-title":"Exploit Programming: From Buffer Overflows to 'Weird Machines?\" and Theory of Computation. Usenix","author":"Bratus Sergej","year":"2011","unstructured":"Sergej Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. Exploit Programming: From Buffer Overflows to 'Weird Machines?\" and Theory of Computation. Usenix; Login, 2011."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409748"},{"key":"e_1_3_2_1_7_1","volume-title":"Jonathan Metzman. On the Reliability of Coverage-Based Fuzzer Benchmarking. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)","author":"B\u00f6hme Marcel","year":"2022","unstructured":"Marcel B\u00f6hme, L\u00e1szl\u00f3 Szekeres, and Jonathan Metzman. On the Reliability of Coverage-Based Fuzzer Benchmarking. In ACM\/IEEE International Conference on Automated Software Engineering (ASE), 2022."},{"key":"e_1_3_2_1_8_1","volume-title":"Thorsten Holz. On the Challenges of Automata Reconstruction in LTE Networks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)","author":"Chlosta Merlin","year":"2021","unstructured":"Merlin Chlosta, David Rupprecht, and Thorsten Holz. On the Challenges of Automata Reconstruction in LTE Networks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2021."},{"key":"e_1_3_2_1_9_1","volume-title":"Joeri de Ruiter. Inferring OpenVPN State Machines Using Protocol State Fuzzing. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","author":"Daniel Lesly-Ann","year":"2018","unstructured":"Lesly-Ann Daniel, Erik Poll, and Joeri de Ruiter. Inferring OpenVPN State Machines Using Protocol State Fuzzing. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2018."},{"key":"e_1_3_2_1_10_1","volume-title":"Seyed Behnam Andarzian, and Erik Poll. Fuzzers for Stateful Systems: Survey and Research Directions. ACM Computing Surveys (CSUR), 56(9)","author":"Daniele Cristian","year":"2024","unstructured":"Cristian Daniele, Seyed Behnam Andarzian, and Erik Poll. Fuzzers for Stateful Systems: Survey and Research Directions. ACM Computing Surveys (CSUR), 56(9), 2024."},{"key":"e_1_3_2_1_11_1","volume-title":"De Ruiter and Erik Poll. Protocol State Fuzzing of TLS Implementations. In USENIX Security Symposium","author":"Joeri","year":"2015","unstructured":"Joeri De Ruiter and Erik Poll. Protocol State Fuzzing of TLS Implementations. In USENIX Security Symposium, 2015."},{"key":"e_1_3_2_1_12_1","volume-title":"Peach Fuzzer: Discover Unknown Vulnerabilities. https: \/\/peachtech.gitlab.io\/peach-fuzzer-community\/","author":"Eddington Michael","year":"2004","unstructured":"Michael Eddington. Peach Fuzzer: Discover Unknown Vulnerabilities. https: \/\/peachtech.gitlab.io\/peach-fuzzer-community\/, 2004."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484543"},{"key":"e_1_3_2_1_14_1","volume-title":"USENIX Workshop on Offensive Technologies (WOOT)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. AFL : Combining Incremental Steps of Fuzzing Research. In USENIX Workshop on Offensive Technologies (WOOT), 2020."},{"key":"e_1_3_2_1_15_1","volume-title":"ACM Conference on Computer and Communications Security (CCS)","author":"Fioraldi Andrea","year":"2022","unstructured":"Andrea Fioraldi, Dominik Christian Maier, Dongjia Zhang, and Davide Balzarotti. LibAFL: A Framework to Build Modular and Reusable Fuzzers. In ACM Conference on Computer and Communications Security (CCS), 2022."},{"key":"e_1_3_2_1_16_1","volume-title":"Juraj Somorovsky. Analysis of DTLS Implementations Using Protocol State Fuzzing. In USENIX Security Symposium","author":"Fiterau-Brostean Paul","year":"2020","unstructured":"Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. Analysis of DTLS Implementations Using Protocol State Fuzzing. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_17_1","volume-title":"Juraj Somorovsky. Analysis of DTLS Implementations Using Protocol State Fuzzing. In USENIX Security Symposium","author":"Fiterau-Brostean Paul","year":"2020","unstructured":"Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri De Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. Analysis of DTLS Implementations Using Protocol State Fuzzing. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_18_1","unstructured":"Google. Honggfuzz."},{"key":"e_1_3_2_1_19_1","unstructured":"Google. OSS-Fuzz: Continuous Fuzzing for Open Source Software."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. Fuzzer-Test-Suite 2016."},{"key":"e_1_3_2_1_21_1","volume-title":"Magma: A Ground-Truth Fuzzing Benchmark. ACM on Measurement and Analysis of Computing Systems (POMACS), 4(3):49:1--49:29","author":"Hazimeh Ahmad","year":"2020","unstructured":"Ahmad Hazimeh, Adrian Herrera, and Mathias Payer. Magma: A Ground-Truth Fuzzing Benchmark. ACM on Measurement and Analysis of Computing Systems (POMACS), 4(3):49:1--49:29, 2020."},{"key":"e_1_3_2_1_22_1","volume-title":"Using Formal Specifications to Support Testing. ACM Computing Surveys (CSUR), 41(2)","author":"Hierons Robert M","year":"2009","unstructured":"Robert M Hierons, Kirill Bogdanov, Jonathan P Bowen, Rance Cleaveland, John Derrick, Jeremy Dick, Marian Gheorghe, Mark Harman, Kalpesh Kapoor, Paul Krause, et al. Using Formal Specifications to Support Testing. ACM Computing Surveys (CSUR), 41(2), 2009."},{"key":"e_1_3_2_1_23_1","volume-title":"USENIX Security Symposium","author":"Jiang Zu-Ming","year":"2020","unstructured":"Zu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, and Shi-Min Hu. Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_24_1","unstructured":"Joshua Pereyda et al. boofuzz: Network Protocol Fuzzing for Humans. https: \/\/github.com\/jtpereyda\/boofuzz."},{"key":"e_1_3_2_1_25_1","volume-title":"Michael Hicks. Evaluating Fuzz Testing. In ACM Conference on Computer and Communications Security (CCS)","author":"Klees George","year":"2018","unstructured":"George Klees, Andrew Ruef, Benji Cooper, ShiyiWei, and Michael Hicks. Evaluating Fuzz Testing. In ACM Conference on Computer and Communications Security (CCS), 2018."},{"key":"e_1_3_2_1_26_1","unstructured":"lafintel. laf-intel - Circumventing Fuzzing Roadblocks with Compiler Transformations. https:\/\/lafintel.wordpress.com."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678785"},{"key":"e_1_3_2_1_28_1","volume-title":"Jiaguang Sun. Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations. In USENIX Security Symposium","author":"Luo Zhengxiong","year":"2023","unstructured":"Zhengxiong Luo, Junze Yu, Feilong Zuo, Jianzhong Liu, Yu Jiang, Ting Chen, Abhik Roychoudhury, and Jiaguang Sun. Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations. In USENIX Security Symposium, 2023."},{"key":"e_1_3_2_1_29_1","volume-title":"Raheem Beyah. MOPT: Optimized Mutation Scheduling for Fuzzers. In USENIX Security Symposium","author":"Lyu Chenyang","year":"2019","unstructured":"Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. MOPT: Optimized Mutation Scheduling for Fuzzers. In USENIX Security Symposium, 2019."},{"key":"e_1_3_2_1_30_1","volume-title":"Abhishek Arya. FuzzBench: An Open Fuzzer Benchmarking Platform and Service. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)","author":"Metzman Jonathan","year":"2021","unstructured":"Jonathan Metzman, L\u00e1szl\u00f3 Szekeres, Laurent Simon, Read Sprabery, and Abhishek Arya. FuzzBench: An Open Fuzzer Benchmarking Platform and Service. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE), 2021."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10233-3"},{"key":"e_1_3_2_1_32_1","volume-title":"Natella and Van-Thuan Pham. ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing. In International Symposium on Software Testing and Analysis (ISSTA)","author":"Roberto","year":"2021","unstructured":"Roberto Natella and Van-Thuan Pham. ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing. In International Symposium on Software Testing and Analysis (ISSTA), 2021."},{"key":"e_1_3_2_1_33_1","volume-title":"Abhik Roychoudhury. AFLNet: A Greybox Fuzzer for Network Protocols. In IEEE International Conference on Software Testing, Validation and Verification (ICST)","author":"Pham Van-Thuan","year":"2020","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, and Abhik Roychoudhury. AFLNet: A Greybox Fuzzer for Network Protocols. In IEEE International Conference on Software Testing, Validation and Verification (ICST), 2020."},{"key":"e_1_3_2_1_34_1","volume-title":"Thorsten Holz. SoK: Prudent Evaluation Practices for Fuzzing. In IEEE Symposium on Security and Privacy (S&P)","author":"Schloegel Moritz","year":"2024","unstructured":"Moritz Schloegel, Nils Bars, Nico Schiller, Lukas Bernhard, Tobias Scharnowski, Addison Crump, Arash Ale-Ebrahim, Nicolai Bissantz, Marius Muench, and Thorsten Holz. SoK: Prudent Evaluation Practices for Fuzzing. In IEEE Symposium on Security and Privacy (S&P), 2024."},{"key":"e_1_3_2_1_35_1","volume-title":"Thorsten Holz. Nyx-Net: Network Fuzzing with Incremental Snapshots. In European Conference on Computer Systems (EuroSys)","author":"Schumilo Sergej","year":"2022","unstructured":"Sergej Schumilo, Cornelius Aschermann, Andrea Jemmett, Ali Abbasi, and Thorsten Holz. Nyx-Net: Network Fuzzing with Incremental Snapshots. In European Conference on Computer Systems (EuroSys), 2022."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3637650"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7616"},{"key":"e_1_3_2_1_38_1","volume-title":"NetAFL: WinAFL Patch. https:\/\/github.com\/intelpt\/winafl-intelpt","author":"Shudrak M.","year":"2018","unstructured":"M. Shudrak. NetAFL: WinAFL Patch. https:\/\/github.com\/intelpt\/winafl-intelpt, 2018."},{"key":"e_1_3_2_1_39_1","volume-title":"Somorovsky. Systematic Fuzzing and Testing of TLS Libraries. In ACM Conference on Computer and Communications Security (CCS)","author":"Juraj","year":"2016","unstructured":"Juraj Somorovsky. Systematic Fuzzing and Testing of TLS Libraries. In ACM Conference on Computer and Communications Security (CCS), 2016."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21455-4_8"},{"issue":"2","key":"e_1_3_2_1_41_1","first-page":"101","article-title":"A Critique and Improvement of the CL Common Language Effect Size Statistics of McGraw and Wong","volume":"25","author":"Vargha Andr\u00e1s","year":"2000","unstructured":"Andr\u00e1s Vargha and Harold D Delaney. A Critique and Improvement of the CL Common Language Effect Size Statistics of McGraw and Wong. Journal of Educational and Behavioral Statistics, 25(2):101--132, 2000.","journal-title":"Journal of Educational and Behavioral Statistics"},{"key":"e_1_3_2_1_42_1","volume-title":"Taesoo Kim. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security Symposium","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security Symposium, 2018."},{"key":"e_1_3_2_1_43_1","volume-title":"American Fuzzy Lop. https:\/\/lcamtuf.coredump.cx\/afl\/","year":"2013","unstructured":"Micha? Zalewski. American Fuzzy Lop. https:\/\/lcamtuf.coredump.cx\/afl\/, 2013."},{"key":"e_1_3_2_1_44_1","volume-title":"Chao Zhang. StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing. In USENIX Security Symposium","author":"Zhao Bodong","year":"2022","unstructured":"Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, Ming Yuan, Wenyu Zhu, Zhihong Tian, and Chao Zhang. StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing. In USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_45_1","volume-title":"Fuzzing: A Survey for Roadmap. ACM Computing Surveys (CSUR), 54(11s):1--36","author":"Zhu Xiaogang","year":"2022","unstructured":"Xiaogang Zhu, Sheng Wen, Seyit Camtepe, and Yang Xiang. Fuzzing: A Survey for Roadmap. ACM Computing Surveys (CSUR), 54(11s):1--36, 2022."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690274","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690274","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:20:53Z","timestamp":1755843653000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690274"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":45,"alternative-id":["10.1145\/3658644.3690274","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690274","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}