{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T06:39:11Z","timestamp":1776926351350,"version":"3.51.2"},"reference-count":36,"publisher":"Tech Science Press","issue":"3","license":[{"start":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T00:00:00Z","timestamp":1754179200000},"content-version":"vor","delay-in-days":214,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.065672","type":"journal-article","created":{"date-parts":[[2025,7,21]],"date-time":"2025-07-21T08:05:20Z","timestamp":1753085120000},"page":"5977-5993","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":0,"title":["ADFEmu: Enhancing Firmware Fuzzing with Direct Memory Access (DMA) Input Emulation Using Concolic Execution and Large Language Models (LLMs)"],"prefix":"10.32604","volume":"84","author":[{"given":"Yixin","family":"Ding","sequence":"first","affiliation":[]},{"given":"Xinjian","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Zicheng","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Yichen","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Longkun","family":"Bai","sequence":"additional","affiliation":[]},{"given":"Hao","family":"Han","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","unstructured":"Global Embedded Security Market Statistical Analysis and Forecast. 2024. [Internet]. [cited 2024 Jul 5]. Available from: https:\/\/www.reportsinsights.com\/industry-forecast\/global-embedded-security-marketstatistical-analysis-673783."},{"key":"ref2","series-title":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (AsiaCCS \u201921)","first-page":"687","article-title":"SoK: Enabling security analyses of embedded systems via rehosting","author":"Andrew","year":"2021 Nov 15\u201319"},{"key":"ref3","series-title":"30th USENIX Security Symposium (USENIX Security \u201921)","first-page":"2007","article-title":"Automatic firmware emulation through invalidity-guided knowledge inference","author":"Zhou","year":"2021 Aug 11\u201313"},{"key":"ref4","series-title":"30th USENIX Security Symposium; 2021 Aug 11\u201313","first-page":"321","article-title":"Jetset: targeted firmware rehosting for embedded systems","author":"Johnson"},{"key":"ref5","series-title":"29th USENIX Security Symposium (USENIX Security 20)","first-page":"1201","article-title":"HALucinator: firmware re-hosting through abstraction layer emulation","author":"Clements","year":"2020 Aug 12\u201314"},{"key":"ref6","doi-asserted-by":"crossref","first-page":"103237","DOI":"10.1016\/j.sysarc.2024.103237","article-title":"IEmu: interrupt modeling from the logic hidden in the firmware","volume":"154","author":"Wei","year":"2024","journal-title":"J Syst Archit"},{"key":"ref7","series-title":"31st USENIX Security Symposium (USENIX Security 22)","first-page":"1239","article-title":"Fuzzware: using precise MMIO modeling for effective firmware fuzzing","author":"Scharnowski","year":"2022 Aug 10\u201312"},{"key":"ref8","series-title":"29th USENIX Conference on Security Symposium; 2020 Aug 12\u201314; Boston, MA, USA","first-page":"1237","article-title":"P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling","author":"Feng"},{"key":"ref9","series-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP); 2021 May 24\u201327; San Francisco, CA, USA","first-page":"1938","article-title":"DICE: automatic emulation of DMA input channels for dynamic firmware analysis","author":"Mera"},{"key":"ref10","series-title":"Proceedings of the Network and Distributed Systems Security (NDSS); 2018 Feb 18\u201321; San Diego, CA, USA","first-page":"1","article-title":"What you corrupt is not what you crash: challenges in fuzzing embedded devices","author":"Muench"},{"key":"ref11","series-title":"28th USENIX Security Symposium; 2019 Aug 14\u201316; Santa Clara, CA, USA","first-page":"1099","article-title":"FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation","author":"Zheng"},{"key":"ref12","series-title":"Proceedings of the 36th Annual Computer Security Applications Conference; 2020 Dec 7\u201311; Austin, TX, USA","first-page":"733","article-title":"FirmAE: towards large-scale emulation of IoT firmware for dynamic analysis","author":"Kim"},{"key":"ref13","series-title":"Proceedings of the Network and Distributed System Security Symposium; 2016 Feb 21\u201324; San Diego, CA, USA","article-title":"Towards automated dynamic analysis for Linux-based embedded firmware","author":"Chen"},{"key":"ref14","doi-asserted-by":"crossref","unstructured":"Chen J, Deng L, Qiu Y, Zhao P, Lei H, Song J, et al. LLM-based automated modeling in symbolic execution for securing medical software; 2024. [cited 2024 Jun 25]. Available from: https:\/\/ssrn.com\/abstract=4938953.","DOI":"10.2139\/ssrn.4938953"},{"key":"ref15","unstructured":"Wang W, Liu K, Chen A, Li G, Jin Z, Huang G, et al. Python symbolic execution with LLM-powered code generation. arXiv:2409.09271. 2024. doi:10.48550\/arXiv.2409.09271."},{"key":"ref16","series-title":"Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering","first-page":"492","article-title":"When fuzzing meets LLMs: challenges and opportunities","author":"Jiang","year":"2024 Jul 15\u201319"},{"key":"ref17","series-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering; 2024 Apr 14\u201320; Lisbon, Portugal","first-page":"126","article-title":"Fuzz4all: universal fuzzing with large language models","author":"Xia"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"3640","DOI":"10.1109\/TSE.2021.3101870","article-title":"Enhancing dynamic symbolic execution by automatically learning search heuristics","volume":"48","author":"Cha","year":"2021","journal-title":"IEEE Trans Softw Eng"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"530","DOI":"10.1007\/978-3-030-45234-6_28","author":"Jaffar","year":"2020","journal-title":"Fundamental Approaches to Software Engineering (FASE 2020)"},{"key":"ref20","series-title":"Proceedings of the Great Lakes Symposium on VLSI 2024","first-page":"192","article-title":"The fuzz odyssey: a survey on hardware fuzzing frameworks for hardware design verification","author":"Saravanan","year":"2024 Jun 12\u201314"},{"key":"ref21","doi-asserted-by":"crossref","unstructured":"Mera A, Chen YH, Sun R, Kirda E, Lu L. D-box: DMA-enabled cocmpartmentalization for embedded applications; 2022. arXiv:2201.05199. doi:10.14722\/ndss.2022.24053.","DOI":"10.14722\/ndss.2022.24053"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1007\/s13389-021-00273-8","article-title":"Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC","volume":"12","author":"Gross","year":"2022","journal-title":"J Cryptographic Eng"},{"key":"ref23","series-title":"Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference; 2005 Apr 13; Anaheim, CA, USA","first-page":"41","article-title":"QEMU, a fast and portable dynamic translator","author":"Bellard"},{"key":"ref24","unstructured":"Gpt-4 documentation. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/platform.openai.com\/docs\/models\/gpt-4-and-gpt-4-turbo."},{"key":"ref25","series-title":"2017 IEEE Cybersecurity Development (SecDev)","first-page":"8","article-title":"Angr-the next generation of binary analysis","author":"Wang","year":"2017 Sep 24\u201326"},{"key":"ref26","unstructured":"Modbus firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/DoHelloWorld\/stm32f3_Modbus_Slave_UART-DMA-FreeRTOS."},{"key":"ref27","unstructured":"Guitar pedal firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/Guitarman9119\/Nucleo_Guitar_Effects_Pedal."},{"key":"ref28","unstructured":"Soldering station firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/PTDreamer\/stm32_soldering_iron_controller."},{"key":"ref29","unstructured":"Stepper motor firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/omuzychko\/StepperHub."},{"key":"ref30","unstructured":"GPS receiver firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/MaJerle\/stm32-usart-uart-dma-rx-tx."},{"key":"ref31","unstructured":"MIDI synthesizer firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/mondaugen\/stm32-codec-midi-mmdsp-test."},{"key":"ref32","unstructured":"Oscilloscope firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/pingumacpenguin\/STM32-O-Scope."},{"key":"ref33","unstructured":"DDS-WaveGen firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/BojanSof\/BluePillWaveGen.git."},{"key":"ref34","unstructured":"GPS-Logger firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/MaJerle\/stm32f429\/blob\/main\/PROJECT-04-GPS_LOGGER\/User\/main.c."},{"key":"ref35","unstructured":"PatternDriver firmware image. [Internet]. [cited 2025 Jun 25]. Available from: https:\/\/github.com\/mnemocron\/STM32_PatternDriver."},{"key":"ref36","series-title":"Proceedings 14th USENIX Workshop Offensive Technology; 2020 Aug 11; Boston, MA, USA","first-page":"1","article-title":"AFL++: combining incremental steps of fuzzing research","author":"Fioraldi"}],"container-title":["Computers, Materials & Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-84-3\/TSP_CMC_65672\/TSP_CMC_65672.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T05:45:36Z","timestamp":1776923136000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v84n3\/63167"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":36,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.065672","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2025-03-19","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-26","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-30","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}