{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:43:37Z","timestamp":1740149017488,"version":"3.37.3"},"reference-count":22,"publisher":"Wiley","license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology, Taiwan","doi-asserted-by":"publisher","award":["MOST 106-3114-E-002-005"],"award-info":[{"award-number":["MOST 106-3114-E-002-005"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2017]]},"abstract":"<jats:p>With the rapid development of the Internet, several emerging technologies are adopted to construct fancy, interactive, and user-friendly websites. Among these technologies, HTML5 is a popular one and is widely used in establishing modern sites. However, the security issues in the new web technologies are also raised and are worthy of investigation. For vulnerability investigation, many previous studies used fuzzing and focused on generation-based approaches to produce test cases for fuzzing; however, these methods require a significant amount of knowledge and mental efforts to develop test patterns for generating test cases. To decrease the entry barrier of conducting fuzzing, in this study, we propose a test pattern generation algorithm based on the concept of finite state machines. We apply graph analysis techniques to extract paths from finite state machines and use these paths to construct test patterns automatically. According to the proposal, fuzzing can be completed through inputting a regular expression corresponding to the test target. To evaluate the performance of our proposal, we conduct an experiment in identifying vulnerabilities of the input attributes in HTML5. According to the results, our approach is not only efficient but also effective for identifying weak validators in HTML5.<\/jats:p>","DOI":"10.1155\/2017\/7819590","type":"journal-article","created":{"date-parts":[[2017,11,13]],"date-time":"2017-11-13T18:35:51Z","timestamp":1510598151000},"page":"1-11","source":"Crossref","is-referenced-by-count":2,"title":["Automatic Test Pattern Generator for Fuzzing Based on Finite State Machine"],"prefix":"10.1155","volume":"2017","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5680-4003","authenticated-orcid":true,"given":"Ming-Hung","family":"Wang","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering, National Taiwan University, Taipei City, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Han-Chi","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, National Taiwan University, Taipei City, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"You-Ru","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, National Taiwan University, Taipei City, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9011-5025","authenticated-orcid":true,"given":"Chin-Laung","family":"Lei","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, National Taiwan University, Taipei City, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"issue":"3","key":"2","first-page":"80","volume":"27","year":"2012","journal-title":"Journal of Computing Sciences in Colleges"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(10)70033-7"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.5120\/10110-4767"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1433"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"year":"2007","key":"12"},{"year":"2008","key":"13"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1145\/1379022.1375607"},{"first-page":"278","volume-title":"Test case generation by grammar-based fuzzing for model-driven engineering","year":"2013","key":"20"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1109\/52.56422"},{"first-page":"19","volume-title":"Controllable Combinatorial Coverage in Grammar-Based Testing","year":"2006","key":"25"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.02.001"},{"issue":"3","key":"27","first-page":"21:1","volume":"23","year":"2014","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1978.231496"},{"year":"2016","key":"29"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1109\/5.533956"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00063-8"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1016\/0169-7552(88)90064-5"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1049\/ip-sen:19990602"},{"issue":"8","key":"37","first-page":"707","volume":"10","year":"1966","journal-title":"Soviet Physics\u2014Doklady"},{"key":"38","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(86)90088-5"},{"key":"39","doi-asserted-by":"publisher","DOI":"10.1137\/0201010"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/7819590.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/7819590.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/7819590.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,11,13]],"date-time":"2017-11-13T18:35:54Z","timestamp":1510598154000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2017\/7819590\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"references-count":22,"alternative-id":["7819590","7819590"],"URL":"https:\/\/doi.org\/10.1155\/2017\/7819590","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2017]]}}}