{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T06:38:54Z","timestamp":1776926334319,"version":"3.51.2"},"reference-count":54,"publisher":"Tech Science Press","issue":"3","license":[{"start":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T00:00:00Z","timestamp":1754179200000},"content-version":"vor","delay-in-days":214,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.065162","type":"journal-article","created":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T04:39:26Z","timestamp":1750135166000},"page":"4601-4625","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":0,"title":["RBZZER: A Directed Fuzzing Technique for Efficient Detection of Memory Leaks via Risk Area Analysis"],"prefix":"10.32604","volume":"84","author":[{"given":"Xi","family":"Peng","sequence":"first","affiliation":[]},{"given":"Peng","family":"Jia","sequence":"additional","affiliation":[]},{"given":"Ximing","family":"Fan","sequence":"additional","affiliation":[]},{"given":"Jiayong","family":"Liu","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","unstructured":"Michal Z. American fuzzy lop. 2013. [cited 2025 May 21]. Available from: https:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"ref2","volume":"11918","author":"Hodov\u00e1n","year":"2019","journal-title":"Integrated formal methods. IFM 2019. Lecture notes in computer science"},{"key":"ref3","series-title":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","first-page":"1135","article-title":"Minerva: browser API fuzzing with dynamic mod-ref analysis","author":"Zhou","year":"2022"},{"key":"ref4","series-title":"31st USENIX Security Symposium (USENIX Security 22)","first-page":"1239","article-title":"Fuzzware: using precise MMIO modeling for effective firmware fuzzing","author":"Scharnowski","year":"2022"},{"key":"ref5","series-title":"Proceedings of the 44th International Conference on Software Engineering","first-page":"1","article-title":"\u03bcAFL: non-intrusive feedback-driven fuzzing for microcontroller firmware","author":"Li","year":"2022"},{"key":"ref6","doi-asserted-by":"crossref","first-page":"23259","DOI":"10.1109\/ACCESS.2022.3151358","article-title":"Efficient ECU analysis technology through structure-aware CAN fuzzing","volume":"10","author":"Kim","year":"2022","journal-title":"IEEE Access"},{"key":"ref7","series-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2329","article-title":"Directed greybox fuzzing","author":"B\u00f6hme","year":"2017"},{"key":"ref8","series-title":"Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation","first-page":"206","article-title":"Grammar-based whitebox fuzzing","author":"Godefroid","year":"2008"},{"key":"ref9","unstructured":"Godefroid P, Levin MY, Molnar DA. Automated whitebox fuzz testing. NDSS. 2008 [cited 2025 May 21]; 8:151\u201366. Available from: https:\/\/www.ndss-symposium.org\/ndss2008\/automated-whitebox-fuzz-testing\/."},{"key":"ref10","series-title":"Proceedings of the 44th International Conference on Software Engineering","first-page":"1406","article-title":"Morest: model-based RESTful API testing with execution feedback","author":"Liu","year":"2022"},{"key":"ref11","series-title":"2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)","first-page":"291","article-title":"REST API fuzzing by coverage level guided blackbox testing","author":"Tsai","year":"2021"},{"key":"ref12","series-title":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","first-page":"701","article-title":"Detecting critical bugs in SMT solvers using blackbox mutational fuzzing","author":"Mansur","year":"2020"},{"key":"ref13","series-title":"2022 IEEE Symposium on Security and Privacy (SP)","first-page":"1","article-title":"PATA: fuzzing with path aware taint analysis","author":"Liang","year":"2022"},{"key":"ref14","series-title":"Proceedings of the 44th International Conference on Software Engineering","first-page":"1634","article-title":"One fuzzing strategy to rule them all","author":"Wu","year":"2022"},{"key":"ref15","series-title":"2017 IEEE Symposium on Security and Privacy (SP)","first-page":"579","article-title":"Skyfire: data-driven seed generation for fuzzing","author":"Wang","year":"2017"},{"key":"ref16","first-page":"23","author":"Wang","year":"2020","journal-title":"Not all coverage measurements are equal: fuzzing by coverage accounting for input prioritization"},{"key":"ref17","series-title":"2021 IEEE Symposium on Security and Privacy (SP)","first-page":"642","article-title":"One engine to fuzz\u2019em all: generic language processor testing with semantic validation","author":"Chen","year":"2021"},{"key":"ref18","unstructured":"MITRE. CVE-2018-17985; 2018 [cited 2025 May 21]. Available from: https:\/\/www.cve.org\/CVERecord?id=CVE-2018-17985."},{"key":"ref19","unstructured":"MITRE. CVE-2019-6262; 2019 [cited 2025 May 21]. Available from: https:\/\/www.cve.org\/CVERecord?id=CVE-2019-6262."},{"key":"ref20","doi-asserted-by":"crossref","first-page":"8374","DOI":"10.3390\/su14148374","article-title":"Detection of distributed denial of service (DDoS) attacks in IOT based monitoring system of banking sector using machine learning models","volume":"14","author":"Islam","year":"2022","journal-title":"Sustainability"},{"key":"ref21","series-title":"27th USENIX Security Symposium (USENIX Security 18)","first-page":"781","article-title":"FUZE: towards facilitating exploit generation for kernel Use-After-Free vulnerabilities","author":"Wu","year":"2018 [cited 2025 May 21]"},{"key":"ref22","series-title":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","first-page":"417","article-title":"Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation","author":"Zheng","year":"2022"},{"key":"ref23","series-title":"Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering","first-page":"999","article-title":"Typestate-guided fuzzer for discovering use-after-free vulnerabilities","author":"Wang","year":"2020"},{"key":"ref24","series-title":"Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering","first-page":"1","article-title":"HTFuzz: heap operation sequence sensitive fuzzing","author":"Yu","year":"2022"},{"key":"ref25","series-title":"30th USENIX Security Symposium (USENIX Security 21)","first-page":"3559","article-title":"Constraint-guided directed greybox fuzzing","author":"Lee","year":"2021 [cited 2025 May 21]"},{"key":"ref26","series-title":"Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering","first-page":"765","article-title":"Memlock: memory usage guided fuzzing","author":"Wen","year":"2020"},{"key":"ref27","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1032","article-title":"Coverage-based greybox fuzzing as markov chain","author":"B\u00f6hme","year":"2016"},{"key":"ref28","series-title":"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis","first-page":"254","article-title":"Perffuzz: automatically generating pathological inputs","author":"Lemieux","year":"2018"},{"key":"ref29","series-title":"27th USENIX Security Symposium (USENIX Security 18)","first-page":"745","article-title":"QSYM: a practical concolic execution engine tailored for hybrid fuzzing","author":"Yun","year":"2018 [cited 2025 May 21]"},{"key":"ref30","unstructured":"MITRE. CWE:401: missing release of memory after effective lifetime. [cited 2025 May 21]. Available from: https:\/\/cwe.mitre.org\/data\/definitions\/401.html."},{"key":"ref31","first-page":"1","article-title":"Fuzzing: progress, challenges, and perspectives","volume":"78","author":"Yu","year":"2024","journal-title":"Comput Mater Contin"},{"key":"ref32","unstructured":"MITRE. CVE-2019-20023. 2019 [cited 2025 May 21]. Available from: https:\/\/www.cve.org\/CVERecord?id=CVE-2019-20023."},{"key":"ref33","unstructured":"GNOME. libxml2. 2024 [cited 2025 May 21]. Available from: https:\/\/gitlab.gnome.org\/GNOME\/libxml2."},{"key":"ref34","unstructured":"JasPer. jasper. 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/jasper-software\/jasper\/tree\/release-2.0."},{"key":"ref35","unstructured":"Patrice L, S\u00e9bastien LA. Xpdf-4.00; 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/kermitt2\/xpdf-4.00."},{"key":"ref36","unstructured":"DynamoRio. DynamoRio; 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/DynamoRIO\/dynamorio."},{"key":"ref37","unstructured":"Gaasedelen M. Lighthouse; 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/gaasedelen\/lighthouse."},{"key":"ref38","series-title":"Proceedings of the 44th International Conference on Software Engineering","first-page":"2440","article-title":"Windranger: a directed greybox fuzzer driven by deviation basic blocks","author":"Du","year":"2022"},{"key":"ref39","series-title":"30th USENIX Security Symposium (USENIX Security 21)","first-page":"2777","article-title":"UNIFUZZ: a holistic and pragmatic metrics-driven platform for evaluating fuzzers","author":"Li","year":"2021 [cited 2025 May 21]"},{"key":"ref40","series-title":"2018 IEEE Symposium on Security and Privacy (SP)","first-page":"679","article-title":"Collafl: path sensitive fuzzing","author":"Gan","year":"2018"},{"key":"ref41","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2123","article-title":"Evaluating fuzz testing","author":"Klees","year":"2018"},{"key":"ref42","series-title":"Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering","first-page":"475","article-title":"Fairfuzz: a targeted mutation strategy for increasing greybox fuzz testing coverage","author":"Lemieux","year":"2018"},{"key":"ref43","unstructured":"Foundation FS. GNU Binutils; 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/bminor\/binutils-gdb\/tree\/users\/hjl\/linux\/release\/2.29.51.0.1."},{"key":"ref44","unstructured":"libming. libming; 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/libming\/libming\/tree\/ming-0_4_8."},{"key":"ref45","unstructured":"Systems A. Bento4; 2024 [cited 2025 May 21]. Available from: https:\/\/github.com\/axiomatic-systems\/Bento4\/tree\/v1.5.1-620."},{"key":"ref46","series-title":"Proceedings of the 33rd International Conference on Software Engineering","first-page":"1","article-title":"A practical guide for using statistical tests to assess randomized algorithms in software engineering","author":"Arcuri","year":"2011"},{"key":"ref47","series-title":"2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE)","first-page":"72","article-title":"Smoke: scalable path-sensitive memory leak detection for millions of lines of code","author":"Fan","year":"2019"},{"key":"ref48","series-title":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","first-page":"1621","article-title":"PCA: memory leak detection using partial call-path analysis","author":"Li","year":"2020"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3624744","article-title":"Learning to detect memory-related vulnerabilities","volume":"33","author":"Cao","year":"2023","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"ref50","unstructured":"Cerion AB, Christian B, Jeremy F, Paul F, Tom H, Petar J et al. Valgrind; 2024 [cited 2025 May 21]. Available from: https:\/\/valgrind.org\/."},{"key":"ref51","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2095","article-title":"Hawkeye: towards a desired directed grey-box fuzzer","author":"Chen","year":"2018"},{"key":"ref52","series-title":"2022 IEEE Symposium on Security and Privacy (SP)","first-page":"36","article-title":"Beacon: directed grey-box fuzzing with provable path pruning","author":"Huang","year":"2022"},{"key":"ref53","doi-asserted-by":"crossref","first-page":"4271","DOI":"10.1038\/s41598-022-07355-5","article-title":"Vulnerability-oriented directed fuzzing for binary programs","volume":"12","author":"Yu","year":"2022","journal-title":"Sci Rep"},{"key":"ref54","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/s10207-024-00953-6","article-title":"Speeding-up fuzzing through directional seeds","volume":"24","author":"Koffi","year":"2025","journal-title":"Int J Inf Secur"}],"container-title":["Computers, Materials & Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-84-3\/TSP_CMC_65162\/TSP_CMC_65162.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T05:45:23Z","timestamp":1776923123000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v84n3\/63152"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":54,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.065162","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2025-03-05","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-05-27","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-30","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}