{"id":"https://openalex.org/W7125964876","doi":"https://doi.org/10.1109/ase63991.2025.00105","title":"RFCAudit: AI Agent for Auditing Protocol Implementations Against RFC Specifications","display_name":"RFCAudit: AI Agent for Auditing Protocol Implementations Against RFC Specifications","publication_year":2025,"publication_date":"2025-11-16","ids":{"openalex":"https://openalex.org/W7125964876","doi":"https://doi.org/10.1109/ase63991.2025.00105"},"language":null,"primary_location":{"id":"doi:10.1109/ase63991.2025.00105","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ase63991.2025.00105","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124111834","display_name":"Mingwei Zheng","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mingwei Zheng","raw_affiliation_strings":["Purdue University,Department of Computer Science,West Lafayette,USA"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science,West Lafayette,USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101917946","display_name":"Chengpeng Wang","orcid":"https://orcid.org/0000-0003-0617-5322"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chengpeng Wang","raw_affiliation_strings":["Purdue University,Department of Computer Science,West Lafayette,USA"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science,West Lafayette,USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124088878","display_name":"Xuwei Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xuwei Liu","raw_affiliation_strings":["Purdue University,Department of Computer Science,West Lafayette,USA"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science,West Lafayette,USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124110178","display_name":"Jinyao Guo","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinyao Guo","raw_affiliation_strings":["Purdue University,Department of Computer Science,West Lafayette,USA"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science,West Lafayette,USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107243616","display_name":"Shiwei Feng","orcid":"https://orcid.org/0000-0001-6959-4327"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shiwei Feng","raw_affiliation_strings":["Purdue University,Department of Computer Science,West Lafayette,USA"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science,West Lafayette,USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124063963","display_name":"Xiangyu Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiangyu Zhang","raw_affiliation_strings":["Purdue University,Department of Computer Science,West Lafayette,USA"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science,West Lafayette,USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5124111834"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.72845629,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1221","last_page":"1233"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.17229999601840973,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.17229999601840973,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.07729999721050262,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.0706000030040741,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.7384999990463257},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.6413000226020813},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.602400004863739},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.454800009727478},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.4514999985694885},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.43849998712539673},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4341999888420105},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.42669999599456787},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.4101000130176544},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.34209999442100525}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8443999886512756},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.7384999990463257},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.6413000226020813},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.602400004863739},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.454800009727478},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.4514999985694885},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.43849998712539673},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4341999888420105},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.42669999599456787},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.4101000130176544},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3504999876022339},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.34209999442100525},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.34049999713897705},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.33959999680519104},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.32170000672340393},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.3125},{"id":"https://openalex.org/C75165309","wikidata":"https://www.wikidata.org/wiki/Q2258979","display_name":"Search engine indexing","level":2,"score":0.3125},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.30880001187324524},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3077999949455261},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3034000098705292},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2946999967098236},{"id":"https://openalex.org/C144559511","wikidata":"https://www.wikidata.org/wiki/Q2986279","display_name":"Principal (computer security)","level":2,"score":0.29409998655319214},{"id":"https://openalex.org/C133112747","wikidata":"https://www.wikidata.org/wiki/Q7251931","display_name":"Protocol analysis","level":2,"score":0.2922999858856201},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.2881999909877777},{"id":"https://openalex.org/C116253237","wikidata":"https://www.wikidata.org/wiki/Q1437424","display_name":"Formal specification","level":2,"score":0.2842000126838684},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.2639000117778778},{"id":"https://openalex.org/C111009948","wikidata":"https://www.wikidata.org/wiki/Q1067690","display_name":"Two-phase commit protocol","level":5,"score":0.2612999975681305},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.25859999656677246},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2581999897956848},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.25360000133514404},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.25220000743865967},{"id":"https://openalex.org/C2775851571","wikidata":"https://www.wikidata.org/wiki/Q6045205","display_name":"Interaction protocol","level":3,"score":0.2517000138759613}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ase63991.2025.00105","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ase63991.2025.00105","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.47902777791023254}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1965927058","https://openalex.org/W2042033151","https://openalex.org/W2297774820","https://openalex.org/W2794889478","https://openalex.org/W2799226481","https://openalex.org/W3022140103","https://openalex.org/W3047947484","https://openalex.org/W3111490787","https://openalex.org/W4206716941","https://openalex.org/W4282573128","https://openalex.org/W4284708843","https://openalex.org/W4285490370","https://openalex.org/W4318541562","https://openalex.org/W4387321771","https://openalex.org/W4388857869","https://openalex.org/W4391724785","https://openalex.org/W4394745214","https://openalex.org/W4396214304","https://openalex.org/W4396242417","https://openalex.org/W4399851384","https://openalex.org/W4400581950","https://openalex.org/W4402264433","https://openalex.org/W4402670898","https://openalex.org/W4403536261","https://openalex.org/W4411449940","https://openalex.org/W4411450193","https://openalex.org/W4411523184","https://openalex.org/W4411996780"],"related_works":[],"abstract_inverted_index":{"Functional":[0,14],"correctness":[1],"is":[2],"critical":[3],"for":[4],"ensuring":[5],"the":[6,55,92,120,126,148],"reliability":[7],"and":[8,36,49,86,104,141],"security":[9],"of":[10,57,169],"network":[11,83,158],"protocol":[12,84,112,159],"implementations.":[13,160],"bugs,":[15],"instances":[16],"where":[17],"implementations":[18,85],"diverge":[19],"from":[20],"behaviors":[21],"specified":[22],"in":[23],"RFC":[24,88,149],"documents,":[25],"can":[26],"lead":[27],"to":[28,75,123,134],"severe":[29],"consequences,":[30],"including":[31],"faulty":[32],"routing,":[33],"authentication":[34],"bypasses,":[35],"service":[37],"disruptions.":[38],"Detecting":[39],"these":[40],"bugs":[41,78,165,172],"requires":[42],"deep":[43],"semantic":[44,116],"analysis":[45,60],"across":[46,155],"specification":[47],"documents":[48],"source":[50],"code,":[51],"a":[52,105],"task":[53],"beyond":[54],"capabilities":[56],"traditional":[58],"static":[59],"tools.":[61],"This":[62],"paper":[63],"introduces":[64],"RFCAudit,":[65],"an":[66,101],"autonomous":[67],"agent":[68,103,122],"that":[69,118],"leverages":[70],"large":[71],"language":[72],"models":[73],"(LLMs)":[74],"detect":[76],"functional":[77,164],"by":[79,91,178],"checking":[80],"conformance":[81],"between":[82],"their":[87],"specifications.":[89],"Inspired":[90],"human":[93],"auditing":[94],"procedure,":[95],"RFCAudit":[96,154,161],"comprises":[97],"two":[98],"key":[99],"components:":[100],"indexing":[102],"detection":[106,121],"agent.":[107],"The":[108,129],"former":[109],"hierarchically":[110],"summarizes":[111],"code":[113],"semantics,":[114],"generating":[115],"indexes":[117],"enable":[119],"narrow":[124],"down":[125],"scanning":[127],"scope.":[128],"latter":[130],"employs":[131],"demand-driven":[132],"retrieval":[133],"iteratively":[135],"collect":[136],"additional":[137],"relevant":[138],"data":[139],"structures":[140],"functions,":[142],"eventually":[143],"identifying":[144],"potential":[145],"inconsistencies":[146],"with":[147,166],"specifications":[150],"effectively.":[151],"We":[152],"evaluate":[153],"six":[156],"real-world":[157],"identifies":[162],"47":[163],"81.9%":[167],"precision,":[168],"which":[170],"20":[171],"have":[173],"been":[174],"confirmed":[175],"or":[176],"fixed":[177],"developers.":[179]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-01-29T00:00:00"}