{"id":"https://openalex.org/W4385080325","doi":"https://doi.org/10.1109/sp46215.2023.10179296","title":"SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration","display_name":"SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4385080325","doi":"https://doi.org/10.1109/sp46215.2023.10179296"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179296","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179296","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079631141","display_name":"Changhua Luo","orcid":"https://orcid.org/0000-0003-2133-3384"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Changhua Luo","raw_affiliation_strings":["Chinese University of Hong Kong,Hong Kong SAR,China","Chinese University of Hong Kong, Hong Kong SAR, China"],"affiliations":[{"raw_affiliation_string":"Chinese University of Hong Kong,Hong Kong SAR,China","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Chinese University of Hong Kong, Hong Kong SAR, China","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101960529","display_name":"Wei Meng","orcid":"https://orcid.org/0000-0001-8260-3304"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Meng","raw_affiliation_strings":["Chinese University of Hong Kong,Hong Kong SAR,China","Chinese University of Hong Kong, Hong Kong SAR, China"],"affiliations":[{"raw_affiliation_string":"Chinese University of Hong Kong,Hong Kong SAR,China","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Chinese University of Hong Kong, Hong Kong SAR, China","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100781844","display_name":"Penghui Li","orcid":"https://orcid.org/0000-0002-3077-5697"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Penghui Li","raw_affiliation_strings":["Chinese University of Hong Kong,Hong Kong SAR,China","Chinese University of Hong Kong, Hong Kong SAR, China"],"affiliations":[{"raw_affiliation_string":"Chinese University of Hong Kong,Hong Kong SAR,China","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Chinese University of Hong Kong, Hong Kong SAR, China","institution_ids":["https://openalex.org/I177725633"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5079631141"],"corresponding_institution_ids":["https://openalex.org/I177725633"],"apc_list":null,"apc_paid":null,"fwci":8.3688,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.98880276,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"2693","last_page":"2707"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9828134179115295},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.884528636932373},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6300576329231262},{"id":"https://openalex.org/keywords/pruning","display_name":"Pruning","score":0.5979520678520203},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.49330416321754456},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.47436007857322693},{"id":"https://openalex.org/keywords/code-coverage","display_name":"Code coverage","score":0.4676377773284912},{"id":"https://openalex.org/keywords/codebase","display_name":"Codebase","score":0.45830491185188293},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.45263728499412537},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.44838452339172363},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.44001147150993347},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4400051236152649},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.42459696531295776},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.4225635230541229},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3772088289260864},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.34301090240478516},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.23766112327575684},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.19155797362327576},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.09164124727249146}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9828134179115295},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.884528636932373},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6300576329231262},{"id":"https://openalex.org/C108010975","wikidata":"https://www.wikidata.org/wiki/Q500094","display_name":"Pruning","level":2,"score":0.5979520678520203},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.49330416321754456},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.47436007857322693},{"id":"https://openalex.org/C53942775","wikidata":"https://www.wikidata.org/wiki/Q1211721","display_name":"Code coverage","level":3,"score":0.4676377773284912},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.45830491185188293},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.45263728499412537},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.44838452339172363},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.44001147150993347},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4400051236152649},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.42459696531295776},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.4225635230541229},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3772088289260864},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34301090240478516},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.23766112327575684},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.19155797362327576},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.09164124727249146},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C6557445","wikidata":"https://www.wikidata.org/wiki/Q173113","display_name":"Agronomy","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179296","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179296","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4300000071525574}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W1526710119","https://openalex.org/W2150169293","https://openalex.org/W2175501607","https://openalex.org/W2511015845","https://openalex.org/W2574017551","https://openalex.org/W2766898821","https://openalex.org/W2794670092","https://openalex.org/W2891235722","https://openalex.org/W2898382837","https://openalex.org/W2963764936","https://openalex.org/W2963846926","https://openalex.org/W2964097210","https://openalex.org/W2969597118","https://openalex.org/W2984839971","https://openalex.org/W2999227841","https://openalex.org/W3007106047","https://openalex.org/W3007413911","https://openalex.org/W3008477014","https://openalex.org/W3011427369","https://openalex.org/W3020105429","https://openalex.org/W3089408602","https://openalex.org/W3196234817","https://openalex.org/W3213337076","https://openalex.org/W3214439093","https://openalex.org/W4200578649","https://openalex.org/W4226255934","https://openalex.org/W4232485878","https://openalex.org/W4281388078","https://openalex.org/W4284698041","https://openalex.org/W4284708843","https://openalex.org/W4288057755","https://openalex.org/W4288057756","https://openalex.org/W4288057792","https://openalex.org/W4288057797","https://openalex.org/W6619192471","https://openalex.org/W6682018898","https://openalex.org/W6747817603","https://openalex.org/W6753913213","https://openalex.org/W6754597693","https://openalex.org/W6767136051","https://openalex.org/W6781883526","https://openalex.org/W6782203875","https://openalex.org/W6782749955","https://openalex.org/W6796362065","https://openalex.org/W6799764708","https://openalex.org/W6981267346"],"related_works":["https://openalex.org/W4387076678","https://openalex.org/W4294294414","https://openalex.org/W2620797757","https://openalex.org/W2962825342","https://openalex.org/W4283736421","https://openalex.org/W114061091","https://openalex.org/W2384504389","https://openalex.org/W3183415891","https://openalex.org/W2760842181","https://openalex.org/W2924430850"],"abstract_inverted_index":{"Directed":[0],"grey-box":[1],"fuzzers":[2,32,57],"specialize":[3],"in":[4,74,89,169,189],"testing":[5],"specific":[6],"target":[7,49,76,90,132],"code.":[8,91,133],"They":[9],"have":[10],"been":[11],"applied":[12],"to":[13,47,183,232],"many":[14],"security":[15],"applications":[16],"such":[17,205],"as":[18,206],"reproducing":[19],"known":[20],"crashes":[21],"and":[22,63,109,120,138,162,185,201],"detecting":[23],"vulnerabilities":[24,88,168],"caused":[25],"by":[26,181],"incomplete":[27],"patches.":[28],"However,":[29],"existing":[30,203],"directed":[31,97,179],"favor":[33],"the":[34,41,48,56,75,79,87,126,131,141,155,187,190,202,233],"inputs":[35],"discovering":[36],"new":[37,96,149,221],"code":[38,44,50,62,73,119,143],"regardless":[39],"whether":[40],"newly":[42],"uncovered":[43],"is":[45],"relevant":[46,72,102,117,142],"or":[51],"not.":[52],"As":[53],"a":[54,95,148,177],"result,":[55],"would":[58],"extensively":[59],"explore":[60],"irrelevant":[61,80],"suffer":[64],"from":[65,78],"low":[66],"efficiency.In":[67],"this":[68],"paper,":[69],"we":[70,214],"distinguish":[71],"program":[77,103,160],"one":[81],"that":[82,99,123,152,199],"does":[83],"not":[84],"help":[85],"trigger":[86],"We":[92,145],"present":[93],"SelectFuzz,":[94,213],"fuzzer":[98,180],"selectively":[100,136],"explores":[101,139],"paths":[104,161],"for":[105],"efficient":[106],"crash":[107],"reproduction":[108],"vulnerability":[110],"detection.":[111],"It":[112,134],"identifies":[113],"two":[114],"types":[115],"of":[116,158,171,235],"code\u2014path-divergent":[118],"data-dependent":[121],"code,":[122],"respectively":[124],"captures":[125],"control-and":[127],"data-":[128],"dependency":[129],"with":[130,166,212],"then":[135],"instruments":[137],"only":[140],"blocks.":[144],"also":[146,197],"propose":[147],"distance":[150],"metric":[151],"accurately":[153],"measures":[154],"reaching":[156],"probability":[157],"different":[159],"inputs.We":[163],"evaluated":[164],"SelectFuzz":[165,174,200],"real-world":[167,226],"sets":[170],"diverse":[172],"programs.":[173],"significantly":[175],"outperformed":[176],"baseline":[178],"up":[182],"46.31\u00d7,":[184],"performed":[186],"best":[188],"Google":[191],"Fuzzer":[192],"Test":[193],"Suite.":[194],"Our":[195,228],"experiments":[196],"demonstrated":[198],"techniques":[204],"path":[207],"pruning":[208],"are":[209],"complementary.":[210],"Finally,":[211],"detected":[215],"14":[216],"previously":[217],"unknown":[218],"vulnerabilities\u2014including":[219],"6":[220],"CVE":[222],"IDs\u2014in":[223],"well":[224],"tested":[225],"software.":[227],"report":[229],"has":[230],"led":[231],"fix":[234],"11":[236],"vulnerabilities.":[237]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":19},{"year":2024,"cited_by_count":15},{"year":2023,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}