{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T02:58:29Z","timestamp":1771988309872,"version":"3.50.1"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T00:00:00Z","timestamp":1771977600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T00:00:00Z","timestamp":1771977600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172194, 62202206, U1836116"],"award-info":[{"award-number":["62172194, 62202206, U1836116"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004608","name":"Natural Science Foundation of Jiangsu Province","doi-asserted-by":"publisher","award":["BK20220515"],"award-info":[{"award-number":["BK20220515"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Key R and D Program of China","award":["2020YFB1005500"],"award-info":[{"award-number":["2020YFB1005500"]}]},{"name":"Leading edge Technology Program of Jiangsu Natural Science Foundation","award":["BK20202001"],"award-info":[{"award-number":["BK20202001"]}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2023T160275"],"award-info":[{"award-number":["2023T160275"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012154","name":"Graduate Research and Innovation Projects of Jiangsu Province","doi-asserted-by":"publisher","award":["KYCX22_3670"],"award-info":[{"award-number":["KYCX22_3670"]}],"id":[{"id":"10.13039\/501100012154","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>In the discovery of modern software vulnerability, mutation-based fuzzing techniques are widely applied, with their performance highly dependent on the effectiveness of mutation scheduling strategies. Most current research primarily focuses on optimizing seed scheduling. However, mutation scheduling plays an equally critical role in fuzzing, as it determines how mutation operators are selected and applied to generate new test cases. Existing mutation scheduling schemes are faced with several issues, such as the need to input manual parameters from users and improper overhead management. To address these challenges, this paper proposes an innovative mutation scheduling model, HavocEDA, utilizing Estimation of Distribution Algorithm to optimize the selection of mutation operators in fuzzing, thereby enhancing the efficiency of vulnerability detection. The HavocEDA model can dynamically adjust the probability distribution of mutation operators based on fuzzing feedback, enabling a more efficient exploration of potential vulnerabilities within the software. We implemented a prototype based on the popular general-purpose fuzzer AFL. We evaluated HavocEDA on 9 open-source Linux programs in FuzzBench. Experimental results indicate that HavocEDA shows a performance improvement in edge coverage and crash discovery compared with the state-of-the-art fuzzers AFL, DARWIN, MOpt, and HavocMAB.<\/jats:p>","DOI":"10.1186\/s42400-025-00461-7","type":"journal-article","created":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T02:01:59Z","timestamp":1771984919000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Optimized mutation scheduling for fuzzing based on estimation of distribution algorithm"],"prefix":"10.1186","volume":"9","author":[{"given":"Guofan","family":"Lv","sequence":"first","affiliation":[]},{"given":"Jinfu","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Haibo","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Saihua","family":"Cai","sequence":"additional","affiliation":[]},{"given":"Wen","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,25]]},"reference":[{"key":"461_CR1","doi-asserted-by":"crossref","unstructured":"Aschermann C, Schumilo S, Blazytko T, Gawlik R, Holz T (2019) REDQUEEN: Fuzzing with Input-to-State Correspondence. Paper presented at the NDSS, pp 1\u201315","DOI":"10.14722\/ndss.2019.23371"},{"key":"461_CR2","doi-asserted-by":"publisher","unstructured":"B\u00f6hme M, Falk B (2020) Fuzzing: On the exponential cost of vulnerability discovery. Paper presented at the 28th ACM joint meeting on European software engineering conference and symposium on the foundations of software engineering, pp 713\u2013724. https:\/\/doi.org\/10.1145\/3368089.3409729","DOI":"10.1145\/3368089.3409729"},{"key":"461_CR3","doi-asserted-by":"publisher","unstructured":"B\u00f6hme M, Pham VT, Nguyen MD, Roychoudhury A (2017) Directed greybox fuzzing. Paper presented at the 2017 ACM SIGSAC conference on computer and communications security, pp 2329\u20132344. https:\/\/doi.org\/10.1145\/3133956.3134020","DOI":"10.1145\/3133956.3134020"},{"key":"461_CR4","doi-asserted-by":"publisher","unstructured":"B\u00f6hme M, Pham VT, Roychoudhury A (2016) Coverage-based greybox fuzzing as markov chain. Paper presented at the 2016 ACM SIGSAC conference on computer and communications security, pp 1032\u20131043. https:\/\/doi.org\/10.1145\/2976749.2978428","DOI":"10.1145\/2976749.2978428"},{"key":"461_CR5","doi-asserted-by":"publisher","unstructured":"B\u00f6hme M, Szekeres L, Metzman J (2022) On the reliability of coverage-based fuzzer benchmarking. Paper presented at the 44th international conference on software engineering, pp 1621\u20131633. https:\/\/doi.org\/10.1145\/3510003.3510230","DOI":"10.1145\/3510003.3510230"},{"key":"461_CR6","doi-asserted-by":"publisher","unstructured":"Chen P, Chen H (2018) Angora: Efficient fuzzing by principled search. Paper presented at the 2018 IEEE symposium on security and privacy (SP), pp 711\u2013725. https:\/\/doi.org\/10.1109\/SP.2018.00046","DOI":"10.1109\/SP.2018.00046"},{"key":"461_CR7","doi-asserted-by":"publisher","unstructured":"Chen H, Xue Y, Li Y, Chen B, Xie X, Wu X, Liu Y (2018) Hawkeye: Towards a desired directed grey-box fuzzer. Paper presented at the 2018 ACM SIGSAC conference on computer and communications security, pp 2095\u20132108. https:\/\/doi.org\/10.1145\/3243734.3243849","DOI":"10.1145\/3243734.3243849"},{"key":"461_CR8","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1016\/j.lwt.2017.08.026","volume":"86","author":"C Dai","year":"2017","unstructured":"Dai C, Zhang W, He R, Xiong F, Ma H (2017) Protein breakdown and release of antioxidant peptides during simulated gastrointestinal digestion and the absorption by everted intestinal sac of rapeseed proteins. LWT 86:424\u2013429. https:\/\/doi.org\/10.1016\/j.lwt.2017.08.026","journal-title":"LWT"},{"issue":"4-5","key":"461_CR9","doi-asserted-by":"publisher","DOI":"10.1007\/BF02823145","volume":"24","author":"K Deb","year":"1999","unstructured":"Deb K (1999) An introduction to genetic algorithms. Sadhana 24(4\u20135):293\u2013315. https:\/\/doi.org\/10.1007\/BF02823145","journal-title":"Sadhana"},{"key":"461_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106771","volume":"144","author":"N Dissanayake","year":"2022","unstructured":"Dissanayake N, Jayatilaka A, Zahedi M, Babar MA (2022) Software security patch management-a systematic literature review of challenges, approaches, tools and practices. Inf Softw Technol 144:106771. https:\/\/doi.org\/10.1016\/j.infsof.2021.106771","journal-title":"Inf Softw Technol"},{"key":"461_CR11","doi-asserted-by":"publisher","unstructured":"Dolan-Gavitt B, Hulin P, Kirda E, Leek T, Mambretti A, Robertson W, Whelan R (2016) Lava: Large-scale automated vulnerability addition. Paper presented at the 2016 IEEE symposium on security and privacy (SP), pp 110\u2013121. https:\/\/doi.org\/10.1109\/SP.2016.15","DOI":"10.1109\/SP.2016.15"},{"key":"461_CR12","doi-asserted-by":"publisher","unstructured":"Eberhart R, Kennedy J (1995) A new optimizer using particle swarm theory. Paper presented at the MHS\u201995. Proceedings of the sixth international symposium on micro machine and human science, pp 39\u201343. https:\/\/doi.org\/10.1109\/MHS.1995.494215","DOI":"10.1109\/MHS.1995.494215"},{"key":"461_CR13","unstructured":"Fioraldi A, Maier D, Ei\u00dffeldt H, Heuse M (2020) AFL++: Combining incremental steps of fuzzing research. Paper presented at the 14th USENIX Workshop on Offensive Technologies (WOOT 20), 2020"},{"key":"461_CR14","doi-asserted-by":"publisher","unstructured":"Ghosh A, Goodman E, Deb K, Averill R, Diaz A (2020) A large-scale bi-objective optimization of solid rocket motors using innovization. Paper presented at the 2020 IEEE congress on evolutionary computation (CEC), pp 1\u20138. https:\/\/doi.org\/10.1109\/CEC48606.2020.9185861","DOI":"10.1109\/CEC48606.2020.9185861"},{"key":"461_CR15","unstructured":"Google: American Fuzzy Loop (AFL). https:\/\/github.com\/google\/AFL"},{"issue":"3","key":"461_CR16","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1016\/j.swevo.2011.08.003","volume":"1","author":"M Hauschild","year":"2011","unstructured":"Hauschild M, Pelikan M (2011) An introduction and survey of estimation of distribution algorithms. Swarm Evol Comput 1(3):111\u2013128. https:\/\/doi.org\/10.1016\/j.swevo.2011.08.003","journal-title":"Swarm Evol Comput"},{"key":"461_CR17","doi-asserted-by":"publisher","unstructured":"Herrera A, Gunadi H, Magrath S, Norrish M, Payer M, Hosking AL (2021) Seed selection for successful fuzzing. Paper presented at the 30th ACM SIGSOFT international symposium on software testing and analysis, pp 230\u2013243. https:\/\/doi.org\/10.1145\/3460319.3464795","DOI":"10.1145\/3460319.3464795"},{"key":"461_CR18","doi-asserted-by":"publisher","unstructured":"Jauernig P, Jakobovic D, Picek S, Stapf E, Sadeghi AR (2022) Darwin: Survival of the fittest fuzzing mutators. arXiv preprint https:\/\/doi.org\/10.14722\/ndss.2023.23159. arXiv:2210.11783","DOI":"10.14722\/ndss.2023.23159"},{"key":"461_CR19","doi-asserted-by":"publisher","unstructured":"Lemieux C, Sen K (2018) Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage. Paper presented at the 33rd ACM\/IEEE international conference on automated software engineering, pp 475\u2013485. https:\/\/doi.org\/10.1145\/3238147.3238176","DOI":"10.1145\/3238147.3238176"},{"issue":"4","key":"461_CR20","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2021","unstructured":"Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z (2021) Sysevr: a framework for using deep learning to detect software vulnerabilities. IEEE Trans Dependable Secure Comput 19(4):2244\u20132258. https:\/\/doi.org\/10.1109\/TDSC.2021.3051525","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"5","key":"461_CR21","doi-asserted-by":"publisher","first-page":"797","DOI":"10.13031\/aea.13360","volume":"36","author":"J Liu","year":"2020","unstructured":"Liu J, Xia C, Jiang D, Sun Y (2020) Development and testing of the power transmission system of a crawler electric tractor for greenhouses. Appl Eng Agric 36(5):797\u2013805. https:\/\/doi.org\/10.13031\/aea.13360","journal-title":"Appl Eng Agric"},{"key":"461_CR22","doi-asserted-by":"publisher","unstructured":"Liu X, You W, Zhang Z, Zhang X (2022) TensileFuzz: facilitating seed input generation in fuzzing via string constraint solving. Paper presented at the 31st ACM SIGSOFT international symposium on software testing and analysis, pp 391\u2013403. https:\/\/doi.org\/10.1145\/3533767.3534403","DOI":"10.1145\/3533767.3534403"},{"key":"461_CR23","doi-asserted-by":"crossref","unstructured":"Lyu C, Ji S, Zhang X, Liang H, Zhao B, Lu K, Beyah R (2022) EMS: History-Driven Mutation for Coverage-based Fuzzing. Paper presented at the NDSS","DOI":"10.14722\/ndss.2022.23162"},{"key":"461_CR24","unstructured":"Lyu C, Ji S, Zhang C, Li Y, Lee WH, Song Y, Beyah R (2019) MOPT: Optimized mutation scheduling for fuzzers. Paper presented at the 28th USENIX security symposium (USENIX Security 19), pp 1949\u20131966"},{"key":"461_CR25","doi-asserted-by":"publisher","unstructured":"Lyu C, Liang H, Ji S, Zhang X, Zhao B, Han M, Beyah R (2022) SLIME: program-sensitive energy allocation for fuzzing. Paper presented at the 31st ACM SIGSOFT international symposium on software testing and analysis, pp 365\u2013377. https:\/\/doi.org\/10.1145\/3533767.3534385","DOI":"10.1145\/3533767.3534385"},{"key":"461_CR26","doi-asserted-by":"publisher","unstructured":"Metzman J, Szekeres L, Simon L, Sprabery R, Arya A (2021) Fuzzbench: an open fuzzer benchmarking platform and service. Paper presented at the 29th ACM joint meeting on European software engineering conference and symposium on the foundations of software engineering, pp 1393\u20131403. https:\/\/doi.org\/10.1145\/3468264.3473932","DOI":"10.1145\/3468264.3473932"},{"key":"461_CR27","doi-asserted-by":"publisher","unstructured":"Rawat S, Jain V, Kumar A, Cojocar L, Giuffrida C, Bos H (2017) VUzzer: Application-aware evolutionary fuzzing. Paper presented at the NDSS, pp 1\u201314. https:\/\/doi.org\/10.14722\/ndss.2017.23404","DOI":"10.14722\/ndss.2017.23404"},{"key":"461_CR28","volume-title":"Fuzzing: Brute force vulnerability discovery","author":"M Sutton","year":"2007","unstructured":"Sutton M, Greene A, Amini P (2007) Fuzzing: Brute force vulnerability discovery. Addison-Wesley Professional, Boston"},{"issue":"8","key":"461_CR29","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0237749","volume":"15","author":"Y Wang","year":"2020","unstructured":"Wang Y, Jia P, Liu L, Huang C, Liu Z (2020) A systematic review of fuzzing based on machine learning techniques. PLoS ONE 15(8):0237749. https:\/\/doi.org\/10.1371\/journal.pone.0237749","journal-title":"PLoS ONE"},{"key":"461_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10664-020-09927-3","volume":"26","author":"X Wang","year":"2021","unstructured":"Wang X, Hu C, Ma R, Tian D, He J (2021) Cmfuzz: context-aware adaptive mutation for fuzzers. Empir Software Eng 26:1\u201334. https:\/\/doi.org\/10.1007\/s10664-020-09927-3","journal-title":"Empir Software Eng"},{"key":"461_CR31","doi-asserted-by":"publisher","unstructured":"Wu M, Jiang L, Xiang J, Huang Y, Cui H, Zhang L, Zhang Y (2022) One fuzzing strategy to rule them all. Paper presented at the 44th international conference on software engineering, pp 1634\u20131645. https:\/\/doi.org\/10.1145\/3510003.3510174","DOI":"10.1145\/3510003.3510174"},{"issue":"1","key":"461_CR32","doi-asserted-by":"publisher","first-page":"7698916","DOI":"10.1155\/2020\/7698916","volume":"2020","author":"J Ye","year":"2020","unstructured":"Ye J, Li R, Zhang B (2020) Rdfuzz: accelerating directed fuzzing with intertwined schedule and optimized mutation. Math Probl Eng 2020(1):7698916. https:\/\/doi.org\/10.1155\/2020\/7698916","journal-title":"Math Probl Eng"},{"key":"461_CR33","unstructured":"Yue T, Wang P, Tang Y, Wang E, Yu B, Lu K, Zhou X (2020) EcoFuzz: Adaptive Energy-Saving greybox fuzzing as a variant of the adversarial Multi-Armed bandit. Paper presented at the 29th USENIX Security Symposium (USENIX Security 20), pp 2307\u20132324"},{"key":"461_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2023.107194","volume":"158","author":"W Zheng","year":"2023","unstructured":"Zheng W, Deng P, Gui K, Wu X (2023) An abstract syntax tree based static fuzzing mutation for vulnerability evolution analysis. Inf Softw Technol 158:107194. https:\/\/doi.org\/10.1016\/j.infsof.2023.107194","journal-title":"Inf Softw Technol"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00461-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00461-7","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00461-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T02:02:06Z","timestamp":1771984926000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00461-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,25]]},"references-count":34,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["461"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00461-7","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,25]]},"assertion":[{"value":"13 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"35"}}