{"id":"https://openalex.org/W4416323558","doi":"https://doi.org/10.1109/tdsc.2025.3634366","title":"CtrlFuzz: Control Field Aware Greybox Fuzzing for Public ICS Protocols Based on Expert System","display_name":"CtrlFuzz: Control Field Aware Greybox Fuzzing for Public ICS Protocols Based on Expert System","publication_year":2025,"publication_date":"2025-11-18","ids":{"openalex":"https://openalex.org/W4416323558","doi":"https://doi.org/10.1109/tdsc.2025.3634366"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2025.3634366","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3634366","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Junqiang Li","orcid":"https://orcid.org/0000-0002-8454-996X"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Junqiang Li","raw_affiliation_strings":["Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0002-8454-996X","affiliations":[{"raw_affiliation_string":"Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lindong Peng","orcid":null},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lindong Peng","raw_affiliation_strings":["Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101507232","display_name":"Hongfang Yu","orcid":"https://orcid.org/0000-0002-5219-1780"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongfang Yu","raw_affiliation_strings":["Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0002-5219-1780","affiliations":[{"raw_affiliation_string":"Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Ting Chen","orcid":"https://orcid.org/0000-0001-9165-8331"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Chen","raw_affiliation_strings":["Center for Cybersecurity, University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0001-9165-8331","affiliations":[{"raw_affiliation_string":"Center for Cybersecurity, University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082086162","display_name":"Deming Mao","orcid":"https://orcid.org/0000-0001-9368-1842"},"institutions":[{"id":"https://openalex.org/I202334528","display_name":"Beijing Electronic Science and Technology Institute","ror":"https://ror.org/01xdzh226","country_code":"CN","type":"education","lineage":["https://openalex.org/I202334528"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Deming Mao","raw_affiliation_strings":["China Electronic Technology Cyber Security Company, Ltd., Beijing, China","China Electronic Technology Cyber Security Co., Ltd, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"China Electronic Technology Cyber Security Company, Ltd., Beijing, China","institution_ids":["https://openalex.org/I202334528"]},{"raw_affiliation_string":"China Electronic Technology Cyber Security Co., Ltd, Beijing, China","institution_ids":["https://openalex.org/I202334528"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100780268","display_name":"Xiaosong Zhang","orcid":"https://orcid.org/0000-0001-9886-1412"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaosong Zhang","raw_affiliation_strings":["Center for Cybersecurity, University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0001-9886-1412","affiliations":[{"raw_affiliation_string":"Center for Cybersecurity, University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.16744558,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"2","first_page":"3222","last_page":"3237"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.19269999861717224,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.19269999861717224,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.1860000044107437,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.18569999933242798,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.984000027179718},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.8147000074386597},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.5968000292778015},{"id":"https://openalex.org/keywords/syntax","display_name":"Syntax","score":0.5356000065803528},{"id":"https://openalex.org/keywords/communications-protocol","display_name":"Communications protocol","score":0.45899999141693115},{"id":"https://openalex.org/keywords/expert-system","display_name":"Expert system","score":0.3898000121116638},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.3781999945640564},{"id":"https://openalex.org/keywords/two-phase-commit-protocol","display_name":"Two-phase commit protocol","score":0.3707999885082245}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.984000027179718},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8539000153541565},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.8147000074386597},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.5968000292778015},{"id":"https://openalex.org/C60048249","wikidata":"https://www.wikidata.org/wiki/Q37437","display_name":"Syntax","level":2,"score":0.5356000065803528},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.45899999141693115},{"id":"https://openalex.org/C58328972","wikidata":"https://www.wikidata.org/wiki/Q184609","display_name":"Expert system","level":2,"score":0.3898000121116638},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.3781999945640564},{"id":"https://openalex.org/C111009948","wikidata":"https://www.wikidata.org/wiki/Q1067690","display_name":"Two-phase commit protocol","level":5,"score":0.3707999885082245},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.36149999499320984},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.3427000045776367},{"id":"https://openalex.org/C41150092","wikidata":"https://www.wikidata.org/wiki/Q1826817","display_name":"Link Control Protocol","level":5,"score":0.33169999718666077},{"id":"https://openalex.org/C76844732","wikidata":"https://www.wikidata.org/wiki/Q4072285","display_name":"Conformance testing","level":3,"score":0.2955999970436096},{"id":"https://openalex.org/C21853045","wikidata":"https://www.wikidata.org/wiki/Q2634565","display_name":"Protocol data unit","level":3,"score":0.29170000553131104},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.28600001335144043},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2720000147819519},{"id":"https://openalex.org/C133112747","wikidata":"https://www.wikidata.org/wiki/Q7251931","display_name":"Protocol analysis","level":2,"score":0.27000001072883606},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.26910001039505005},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.259799987077713},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3634366","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3634366","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1976765940","https://openalex.org/W2046640879","https://openalex.org/W2049867480","https://openalex.org/W2056325176","https://openalex.org/W2241428156","https://openalex.org/W2582379727","https://openalex.org/W2619874920","https://openalex.org/W2990623250","https://openalex.org/W3004758087","https://openalex.org/W3047947484","https://openalex.org/W3091889505","https://openalex.org/W3138456218","https://openalex.org/W3207926955","https://openalex.org/W3213837676","https://openalex.org/W4220830491","https://openalex.org/W4221162427","https://openalex.org/W4221162498","https://openalex.org/W4283217759","https://openalex.org/W4308479228","https://openalex.org/W4312752017","https://openalex.org/W4321383444","https://openalex.org/W4383223817","https://openalex.org/W4387010293","https://openalex.org/W4387872679","https://openalex.org/W4388857869","https://openalex.org/W4391724785","https://openalex.org/W4392763644","https://openalex.org/W4408281874"],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,6,42,68,72,108,111,127,135,161,170,184,190,202,212],"development":[2],"of":[3,62,71,110,172,189,243],"information":[4],"technology,":[5],"originally":[7],"closed":[8],"industrial":[9],"control":[10,87,112,122,162,191],"system":[11,156],"(ICS)":[12],"protocol":[13,19,45,74,90,101,130,148,166,214],"has":[14,239],"become":[15],"more":[16],"public.":[17],"Existing":[18],"fuzzing":[20,52,198],"techniques":[21,178],"can":[22],"be":[23],"directly":[24],"applied":[25],"to":[26,30,40,66,157,179],"public":[27,93],"ICS":[28,44,73,94,100,129,147,165],"protocols":[29],"discover":[31],"their":[32],"vulnerabilities.":[33],"However,":[34],"they":[35],"do":[36],"not":[37],"consider":[38],"how":[39],"obtain":[41],"complete":[43,128,146],"message":[46,131,149,204],"syntax":[47,69],"and":[48,76,159,219,227,247,252],"perform":[49,103],"effective":[50],"state-guided":[51,197],"based":[53,106,200],"on":[54,107,134,201,232],"this":[55,81],"syntax.":[56,132,150,205],"This":[57],"causes":[58],"a":[59,86,196,241,257],"large":[60],"number":[61],"generated":[63],"test":[64],"cases":[65],"fail":[67],"checking":[70],"program":[75,185],"are":[77],"eventually":[78],"discarded.":[79],"In":[80],"paper,":[82],"we":[83,138,194],"propose":[84,139,195],"CtrlFuzz,":[85],"field":[88,113,123],"aware":[89],"fuzzer":[91],"for":[92,145],"protocols.":[95],"We":[96],"find":[97],"that":[98,209],"most":[99],"programs":[102],"different":[104,121],"processing":[105,115],"value":[109],"when":[114],"received":[116],"messages.":[117,167],"These":[118],"messages":[119],"with":[120,211,254],"values":[124,182,188],"together":[125],"constitute":[126],"Based":[133],"above":[136],"observations,":[137],"an":[140,154],"expert":[141,155],"system-based":[142],"extracting":[143],"strategy":[144,199],"Specifically,":[151],"CtrlFuzz":[152,174,221,238],"uses":[153,175],"identify":[158],"infer":[160],"fields":[163],"in":[164,183],"To":[168],"narrow":[169],"scope":[171],"inference,":[173],"static":[176],"analysis":[177],"extract":[180],"specific":[181],"as":[186],"optional":[187],"fields.":[192],"Moreover,":[193,237],"inferred":[203],"Our":[206],"evaluation":[207],"shows":[208],"compared":[210],"state-of-the-art":[213],"fuzzers":[215],"AFLNET,":[216],"BooFuzz,":[217],"StateAFL":[218],"ChatAFL,":[220],"improves":[222],"branch":[223],"coverage":[224,229],"by":[225,230],"6.8%\u201310.9%":[226],"state":[228],"23.7%\u2013147.4%":[231],"average":[233],"within":[234],"24":[235],"hours.":[236],"exposed":[240],"total":[242],"4":[244],"unknown":[245],"vulnerabilities,":[246],"all":[248],"have":[249],"been":[250],"confirmed":[251],"fixed,":[253],"one":[255],"assigned":[256],"CVE":[258],"number.":[259]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-11-18T00:00:00"}