{"id":"https://openalex.org/W4390678239","doi":"https://doi.org/10.1109/icsrs59833.2023.10381445","title":"Squashing Resource Exhaustion Bugs with Black-Box Fuzzing and Reinforcement Learning","display_name":"Squashing Resource Exhaustion Bugs with Black-Box Fuzzing and Reinforcement Learning","publication_year":2023,"publication_date":"2023-11-22","ids":{"openalex":"https://openalex.org/W4390678239","doi":"https://doi.org/10.1109/icsrs59833.2023.10381445"},"language":"en","primary_location":{"id":"doi:10.1109/icsrs59833.2023.10381445","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsrs59833.2023.10381445","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 7th International Conference on System Reliability and Safety (ICSRS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054039312","display_name":"Leon Fernandez","orcid":"https://orcid.org/0000-0002-6265-2173"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Leon Fernandez","raw_affiliation_strings":["KTH Royal Institute of Technology,Centre for Cyber Defence and Information Security,Stockholm,Sweden","Centre for Cyber Defence and Information Security, KTH Royal Institute of Technology, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology,Centre for Cyber Defence and Information Security,Stockholm,Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"Centre for Cyber Defence and Information Security, KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030202496","display_name":"Gunnar Karlsson","orcid":"https://orcid.org/0000-0002-3704-1338"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Gunnar Karlsson","raw_affiliation_strings":["KTH Royal Institute of Technology,Centre for Cyber Defence and Information Security,Stockholm,Sweden","Centre for Cyber Defence and Information Security, KTH Royal Institute of Technology, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology,Centre for Cyber Defence and Information Security,Stockholm,Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"Centre for Cyber Defence and Information Security, KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5054039312"],"corresponding_institution_ids":["https://openalex.org/I86987016"],"apc_list":null,"apc_paid":null,"fwci":0.4311,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.71933352,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"439","last_page":"448"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9971920251846313},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.805752694606781},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.6108886003494263},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.5783435106277466},{"id":"https://openalex.org/keywords/crash","display_name":"Crash","score":0.5462086796760559},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.49469515681266785},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4892454147338867},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.46948179602622986},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.46528592705726624},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3729420304298401},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3284360468387604},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.256475031375885},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2490396499633789},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20982378721237183},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.11351412534713745}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9971920251846313},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.805752694606781},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.6108886003494263},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.5783435106277466},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.5462086796760559},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.49469515681266785},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4892454147338867},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.46948179602622986},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.46528592705726624},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3729420304298401},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3284360468387604},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.256475031375885},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2490396499633789},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20982378721237183},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.11351412534713745},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icsrs59833.2023.10381445","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsrs59833.2023.10381445","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 7th International Conference on System Reliability and Safety (ICSRS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6100000143051147,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1884983968","https://openalex.org/W1988524530","https://openalex.org/W2002934700","https://openalex.org/W2752340395","https://openalex.org/W2806746626","https://openalex.org/W2899781671","https://openalex.org/W2938295127","https://openalex.org/W2979357014","https://openalex.org/W3019428952","https://openalex.org/W3047259347","https://openalex.org/W3047947484","https://openalex.org/W3049661990","https://openalex.org/W3106010854","https://openalex.org/W3180699742","https://openalex.org/W3212565000","https://openalex.org/W4224131832","https://openalex.org/W4239696778","https://openalex.org/W4289038676","https://openalex.org/W4362466275","https://openalex.org/W4380763505","https://openalex.org/W6677916085","https://openalex.org/W6782130387"],"related_works":["https://openalex.org/W614438062","https://openalex.org/W3173990398","https://openalex.org/W4205454537","https://openalex.org/W4381785649","https://openalex.org/W4226494072","https://openalex.org/W4385301282","https://openalex.org/W4287849816","https://openalex.org/W3170526652","https://openalex.org/W3006186133","https://openalex.org/W2806746626"],"abstract_inverted_index":{"For":[0],"a":[1,30,35,43,78,134,162,180,207,217,221,225,235,251,364,372],"software":[2],"system":[3,107],"to":[4,14,41,68,109,128,195,200,210,274,298,312,336],"be":[5,110,187,193,201,313],"reliable,":[6],"it":[7,73,131,139,160,215,303],"must":[8],"manage":[9],"its":[10],"resources":[11],"properly.":[12],"Failure":[13],"do":[15],"so":[16,59],"will":[17,27,51],"result":[18],"in":[19,234,254,280,341],"unreliable":[20],"behaviour:":[21],"an":[22,166],"application":[23],"that":[24,33,45,137,177,268,371],"leaks":[25,62],"memory":[26],"eventually":[28],"crash,":[29],"packet":[31],"source":[32],"overloads":[34],"queue":[36],"may":[37,74],"cause":[38],"other":[39,56],"systems":[40],"fail,":[42],"process":[44],"consumes":[46],"too":[47],"many":[48,100],"CPU":[49],"cycles":[50],"degrade":[52],"the":[53,124,153,170,196,245,277,281,287,292,295,301,306,319,321,344,360],"performance":[54],"of":[55,106,115,155,169,220,244,315,343,349,367,375],"processes":[57],"and":[58,89,112,190,213,262,326,370,377],"on.":[60],"Resource":[61],"or":[63],"resource":[64,146,227,278,339],"exhaustion":[65],"are":[66],"difficult":[67],"discover":[69],"during":[70,324],"testing":[71,325],"as":[72,145,161,259],"happen":[75],"slowly":[76],"over":[77],"long":[79],"time.":[80],"One":[81],"approach":[82,127],"for":[83,94],"discovering":[84],"issues":[85],"with":[86,224],"reliability,":[87],"security":[88],"robustness":[90],"is":[91,108,118,122,382],"fuzzing":[92,121,157,185,369],"(short":[93],"fuzz":[95],"testing).":[96],"Fuzzing":[97],"can":[98,186,192],"take":[99],"forms,":[101],"depending":[102],"on":[103],"what":[104,113],"type":[105],"tested":[111],"kinds":[114],"bugs":[116,143],"one":[117,338,348],"after.":[119],"Black-box":[120],"arguably":[123],"most":[125],"flexible":[126],"fuzzing.":[129],"Unfortunately,":[130],"suffers":[132],"from":[133,300],"low":[135],"efficiency":[136],"makes":[138,304],"slow":[140],"at":[141],"finding":[142],"such":[144,258],"leaks.":[147],"In":[148,291],"this":[149,311,355],"paper":[150],"we":[151,230,357],"explore":[152],"topic":[154],"black-box":[156,184,368,380],"by":[158,178],"modeling":[159],"multi-armed":[163],"bandit":[164],"problem,":[165],"important":[167],"subclass":[168],"general":[171],"reinforcement":[172,181],"learning":[173,182],"problem.":[174],"We":[175,204,309],"believe":[176,310],"utilizing":[179],"framework,":[183],"better":[188,365],"understood":[189],"attention":[191],"drawn":[194],"field,":[197],"which":[198,350],"deserves":[199],"studied":[202],"more.":[203],"also":[205],"implement":[206],"fuzzer":[208,233,270,296,322,333],"according":[209],"our":[211,232,269,332],"model":[212],"evaluate":[214],"against":[216,239],"toy":[218,282],"implementation":[219],"simple":[222],"protocol":[223],"known":[226],"leak.":[228],"Lastly,":[229],"apply":[231],"real-world":[236],"case":[237,293],"study":[238],"two":[240,345],"widely":[241],"distributed":[242],"implementations":[243],"Link":[246],"Layer":[247],"Discovery":[248],"Protocol":[249],"(LLDP),":[250],"key":[252],"component":[253],"critical":[255],"infrastructure":[256],"applications":[257],"network":[260,263],"management":[261],"automation.":[264],"Our":[265],"results":[266],"show":[267],"gradually":[271],"learns":[272],"how":[273],"effectively":[275],"trigger":[276],"leak":[279,340],"implementation,":[283],"thereby":[284],"speeding":[285],"up":[286],"bug":[288],"discovery":[289],"process.":[290],"study,":[294],"struggles":[297],"learn":[299],"observations":[302],"about":[305],"test":[307],"target.":[308],"because":[314],"excessive":[316],"delays":[317],"between":[318],"actions":[320],"takes":[323],"their":[327],"corresponding":[328],"effects.":[329],"Despite":[330],"this,":[331],"still":[334],"manages":[335],"find":[337],"each":[342],"LLDP":[346],"implementations,":[347],"was":[351],"previously":[352],"unknown.":[353],"With":[354],"paper,":[356],"have":[358],"taken":[359],"first":[361],"steps":[362],"towards":[363],"understanding":[366],"new":[373],"generation":[374],"smart":[376],"highly":[378],"efficient":[379],"fuzzers":[381],"within":[383],"reach.":[384]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}