{"id":"https://openalex.org/W7135393170","doi":"https://doi.org/10.1007/s43926-026-00302-0","title":"Protocol guided mutation fuzzing to automatically discover vulnerability in commercial IoT devices","display_name":"Protocol guided mutation fuzzing to automatically discover vulnerability in commercial IoT devices","publication_year":2026,"publication_date":"2026-03-14","ids":{"openalex":"https://openalex.org/W7135393170","doi":"https://doi.org/10.1007/s43926-026-00302-0"},"language":"en","primary_location":{"id":"doi:10.1007/s43926-026-00302-0","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s43926-026-00302-0","pdf_url":null,"source":{"id":"https://openalex.org/S4210230675","display_name":"Discover Internet of Things","issn_l":"2730-7239","issn":["2730-7239"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Discover Internet of Things","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1007/s43926-026-00302-0","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129274720","display_name":"Priyanka Chaudhary","orcid":null},"institutions":[{"id":"https://openalex.org/I74796645","display_name":"Birla Institute of Technology and Science, Pilani","ror":"https://ror.org/001p3jz28","country_code":"IN","type":"education","lineage":["https://openalex.org/I74796645"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Priyanka Chaudhary","raw_affiliation_strings":["Department of CSIS, Birla Institute of Technology and Science Pilani (BITS-Pilani), Hyderabad, 500078, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of CSIS, Birla Institute of Technology and Science Pilani (BITS-Pilani), Hyderabad, 500078, India","institution_ids":["https://openalex.org/I74796645"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5017589430","display_name":"Rajib Ranjan Maiti","orcid":"https://orcid.org/0000-0002-5510-8217"},"institutions":[{"id":"https://openalex.org/I74796645","display_name":"Birla Institute of Technology and Science, Pilani","ror":"https://ror.org/001p3jz28","country_code":"IN","type":"education","lineage":["https://openalex.org/I74796645"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Rajib Maiti","raw_affiliation_strings":["Department of CSIS, Birla Institute of Technology and Science Pilani (BITS-Pilani), Hyderabad, 500078, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of CSIS, Birla Institute of Technology and Science Pilani (BITS-Pilani), Hyderabad, 500078, India","institution_ids":["https://openalex.org/I74796645"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5129274720"],"corresponding_institution_ids":["https://openalex.org/I74796645"],"apc_list":{"value":990,"currency":"EUR","value_usd":1067},"apc_paid":{"value":990,"currency":"EUR","value_usd":1067},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.48261391,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"6","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.8440999984741211,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.8440999984741211,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.05490000173449516,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.0203000009059906,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6431000232696533},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.6086999773979187},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.5978999733924866},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5852000117301941},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.35569998621940613},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3357999920845032}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.652899980545044},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6431000232696533},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.6086999773979187},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.5978999733924866},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5852000117301941},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46320000290870667},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.35569998621940613},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3357999920845032},{"id":"https://openalex.org/C501734568","wikidata":"https://www.wikidata.org/wiki/Q42918","display_name":"Mutation","level":3,"score":0.311599999666214},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.2833999991416931},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.2793999910354614},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2669000029563904},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.2574000060558319},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.2524000108242035}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s43926-026-00302-0","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s43926-026-00302-0","pdf_url":null,"source":{"id":"https://openalex.org/S4210230675","display_name":"Discover Internet of Things","issn_l":"2730-7239","issn":["2730-7239"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Discover Internet of Things","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:ae795dc68f37491b9a6f092adbeb37da","is_oa":true,"landing_page_url":"https://doaj.org/article/ae795dc68f37491b9a6f092adbeb37da","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Discover Internet of Things, Vol 6, Iss 1 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1007/s43926-026-00302-0","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s43926-026-00302-0","pdf_url":null,"source":{"id":"https://openalex.org/S4210230675","display_name":"Discover Internet of Things","issn_l":"2730-7239","issn":["2730-7239"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Discover Internet of Things","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W2070243518","https://openalex.org/W2129975948","https://openalex.org/W2574017551","https://openalex.org/W2791018263","https://openalex.org/W2806377938","https://openalex.org/W2895052536","https://openalex.org/W2903294440","https://openalex.org/W2969468102","https://openalex.org/W2986458967","https://openalex.org/W3003042434","https://openalex.org/W3004663645","https://openalex.org/W3012094546","https://openalex.org/W3014190271","https://openalex.org/W3014271897","https://openalex.org/W3047947484","https://openalex.org/W3080294124","https://openalex.org/W3107087963","https://openalex.org/W3128203310","https://openalex.org/W3151659441","https://openalex.org/W3155102819","https://openalex.org/W3173646574","https://openalex.org/W3212565000","https://openalex.org/W4200580785","https://openalex.org/W4223908338","https://openalex.org/W4280628778","https://openalex.org/W4285298338","https://openalex.org/W4290048282","https://openalex.org/W4295123670","https://openalex.org/W4296558633","https://openalex.org/W4297802342","https://openalex.org/W4311730179","https://openalex.org/W4385269971","https://openalex.org/W4385412243","https://openalex.org/W4385696576","https://openalex.org/W4386569390","https://openalex.org/W4387789897","https://openalex.org/W4391724807","https://openalex.org/W4399477627","https://openalex.org/W4400120919","https://openalex.org/W4401906987","https://openalex.org/W4402696986","https://openalex.org/W4405182775","https://openalex.org/W4406119336"],"related_works":[],"abstract_inverted_index":{"Protocol":[0],"fuzzing":[1,82,98,126],"is":[2,215],"a":[3,60,96,129,249],"scalable":[4],"and":[5,67,88,136,153,182,190,211,213,233,271],"cost-effective":[6],"technique":[7],"for":[8],"identifying":[9],"security":[10,53,269,278],"vulnerabilities":[11,78,106,119,159,200],"in":[12,40,43,49,107,120,254],"deployed":[13],"Internet":[14],"of":[15,62,75,140,221,228,248,252,279],"Things":[16],"(IoT)":[17],"devices.":[18,110],"After":[19],"the":[20,73,138,141,202,219,226,246,255,264,277],"registration":[21],"phase,":[22],"IoT":[23,57,92,109,131,147,166,171,176,179,188,231,273,282],"devices":[24,58,232,239,283],"often":[25],"run":[26],"lightweight":[27],"servers":[28],"to":[29,59,102,201,245,266,275],"handle":[30],"user":[31],"interactions,":[32],"such":[33,77,149],"as":[34,150],"video":[35],"streaming":[36],"or":[37,51],"image":[38],"capturing":[39],"smart":[41,192],"cameras,":[42],"their":[44,280],"operational":[45],"phases.":[46],"Implementation":[47],"flaws":[48],"transport":[50,87],"application-layer":[52,89],"mechanisms":[54],"can":[55,240],"expose":[56],"range":[61],"threats,":[63],"including":[64],"unauthorized":[65],"access":[66],"data":[68],"leakage.":[69],"This":[70],"paper":[71],"addresses":[72],"challenge":[74],"uncovering":[76],"by":[79,206],"leveraging":[80],"protocol":[81,132],"techniques":[83],"that":[84,237,260],"inject":[85],"crafted":[86],"packets":[90],"into":[91,128,162],"communications.":[93],"We":[94,111,123,194,258],"present":[95],"mutation-based":[97],"tool,":[99],"named":[100],"IoTFuzzSentry,":[101,222],"identify":[103],"protocol-specific":[104],"non-trivial":[105],"commercial":[108],"further":[112],"demonstrate":[113],"how":[114],"attackers":[115],"could":[116],"exploit":[117],"these":[118,199,238],"real-world":[121],"scenarios.":[122],"integrate":[124],"our":[125,234,261],"tool":[127,143],"well-known":[130],"fuzzer,":[133],"called":[134],"Cotopaxi,":[135],"evaluated":[137],"efficacy":[139],"updated":[142],"using":[144],"commercial-off-the-shelf":[145],"(COTS)":[146],"devices,":[148],"IP":[151],"cameras":[152,189],"Smart":[154],"Plugs.":[155],"The":[156],"newly":[157],"discovered":[158],"are":[160],"categorised":[161],"four":[163],"types,":[164],"namely":[165],"Access":[167],"Credential":[168],"Leakage,":[169],"Sneak":[170],"Live":[172,177],"Video":[173],"Stream,":[174],"Creep":[175],"Image,":[178],"Command":[180],"Injection,":[181],"were":[183],"exploited":[184],"extensively":[185],"on":[186],"two":[187,208],"one":[191,214],"plug.":[193],"have":[195,224,241],"responsibly":[196],"disclosed":[197],"all":[198],"respective":[203],"vendors,":[204],"followed":[205],"publishing":[207],"CVEs,":[209],"CVE-2024-41623":[210],"CVE-2024-42531,":[212],"awaiting.":[216],"To":[217],"extend":[218],"applicability":[220],"we":[223],"investigated":[225],"traffic":[227],"six":[229],"additional":[230],"analysis":[235],"shows":[236],"similar":[242,250],"vulnerabilities,":[243],"due":[244],"presence":[247],"set":[251],"payloads":[253],"application":[256],"protocols.":[257],"believe":[259],"IoTFuzzSentry":[262],"has":[263],"potential":[265],"discover":[267],"unconventional":[268],"threats":[270],"allow":[272],"vendors":[274],"strengthen":[276],"commercialized":[281],"automatically":[284],"with":[285],"negligible":[286],"overhead.":[287]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2026-03-15T00:00:00"}