{"id":"https://openalex.org/W2741068848","doi":"https://doi.org/10.1145/3106237.3106295","title":"Steelix: program-state based binary fuzzing","display_name":"Steelix: program-state based binary fuzzing","publication_year":2017,"publication_date":"2017-08-02","ids":{"openalex":"https://openalex.org/W2741068848","doi":"https://doi.org/10.1145/3106237.3106295","mag":"2741068848"},"language":"en","primary_location":{"id":"doi:10.1145/3106237.3106295","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3106295","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068561556","display_name":"Yuekang Li","orcid":"https://orcid.org/0000-0003-4382-0757"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Yuekang Li","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059253116","display_name":"Bihuan Chen","orcid":"https://orcid.org/0000-0001-7238-7492"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]},{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN","SG"],"is_corresponding":false,"raw_author_name":"Bihuan Chen","raw_affiliation_strings":["Fudan University, China / Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Fudan University, China / Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005","https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051219066","display_name":"Mahinthan Chandramohan","orcid":null},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Mahinthan Chandramohan","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072863865","display_name":"Shang\u2010Wei Lin","orcid":"https://orcid.org/0000-0002-9726-3434"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Shang-Wei Lin","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071064651","display_name":"Alwen Tiu","orcid":"https://orcid.org/0000-0002-2695-5636"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Alwen Tiu","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5068561556"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":45.4571,"has_fulltext":false,"cited_by_count":276,"citation_normalized_percentile":{"value":0.99900498,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"627","last_page":"637"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9749000072479248,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9573390483856201},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.828757643699646},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.7202268242835999},{"id":"https://openalex.org/keywords/program-analysis","display_name":"Program analysis","score":0.5519150495529175},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5139479041099548},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.5039152503013611},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.4992208480834961},{"id":"https://openalex.org/keywords/code-coverage","display_name":"Code coverage","score":0.496235191822052},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3329095244407654},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.32590407133102417},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.20510315895080566}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9573390483856201},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.828757643699646},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.7202268242835999},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.5519150495529175},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5139479041099548},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.5039152503013611},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.4992208480834961},{"id":"https://openalex.org/C53942775","wikidata":"https://www.wikidata.org/wiki/Q1211721","display_name":"Code coverage","level":3,"score":0.496235191822052},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3329095244407654},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.32590407133102417},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.20510315895080566}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3106237.3106295","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3106295","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1800542213","display_name":null,"funder_award_id":"61370079","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4277038479","display_name":null,"funder_award_id":"NRF2014NCR-NCR001-30","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"}],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W157156687","https://openalex.org/W614438062","https://openalex.org/W1507845365","https://openalex.org/W1531203382","https://openalex.org/W1546956568","https://openalex.org/W1976878954","https://openalex.org/W1984762903","https://openalex.org/W2002934700","https://openalex.org/W2027718224","https://openalex.org/W2042033151","https://openalex.org/W2053597677","https://openalex.org/W2065948900","https://openalex.org/W2125641198","https://openalex.org/W2128128820","https://openalex.org/W2128985333","https://openalex.org/W2140323279","https://openalex.org/W2328210346","https://openalex.org/W2514974017","https://openalex.org/W2515236103","https://openalex.org/W2517087431","https://openalex.org/W2519952770","https://openalex.org/W2535617737","https://openalex.org/W2574017551","https://openalex.org/W2613534458","https://openalex.org/W2701225458","https://openalex.org/W6679011739"],"related_works":["https://openalex.org/W2008592783","https://openalex.org/W2179304688","https://openalex.org/W2159690530","https://openalex.org/W2004278744","https://openalex.org/W4381785649","https://openalex.org/W4226494072","https://openalex.org/W2914996832","https://openalex.org/W4287849816","https://openalex.org/W4283736421","https://openalex.org/W2384504389"],"abstract_inverted_index":{"Coverage-based":[0],"fuzzing":[1,67],"is":[2],"one":[3,184],"of":[4,76,82,87],"the":[5,20,24,73,80,88,124,130,140,178],"most":[6],"effective":[7],"techniques":[8,17],"to":[9,42,47,101,112,135,138],"find":[10],"vulnerabilities,":[11],"bugs":[12],"or":[13],"crashes.":[14],"However,":[15],"existing":[16],"suffer":[18],"from":[19],"difficulty":[21],"in":[22,129],"exercising":[23],"paths":[25],"that":[26,167],"are":[27,55,127],"protected":[28],"by":[29],"magic":[30,50,125,141],"bytes":[31,51,126,142],"comparisons":[32],"(e.g.,":[33],"string":[34],"equality":[35],"comparisons).":[36],"Several":[37],"approaches":[38],"have":[39,145],"been":[40],"proposed":[41],"use":[43,94],"heavy-weight":[44],"program":[45,116],"analysis":[46,97],"break":[48],"through":[49],"comparisons,":[52],"and":[53,98,133,148,160,173,186],"hence":[54],"less":[56],"scalable.":[57],"In":[58,91],"this":[59],"paper,":[60],"we":[61,93,182],"propose":[62],"a":[63,77,113,120],"program-state":[64],"based":[65],"binary":[66,99],"approach,":[68],"named":[69],"Steelix,":[70],"which":[71],"improves":[72],"penetration":[74],"power":[75],"fuzzer":[78,121],"at":[79],"cost":[81],"an":[83],"acceptable":[84],"slow":[85],"down":[86],"execution":[89],"speed.":[90],"particular,":[92],"light-weight":[95],"static":[96],"instrumentation":[100],"provide":[102],"not":[103],"only":[104],"coverage":[105,172],"information":[106,111,118],"but":[107],"also":[108],"comparison":[109],"progress":[110],"fuzzer.":[114],"Such":[115],"state":[117],"informs":[119],"about":[122],"where":[123],"located":[128],"test":[131],"input":[132],"how":[134],"perform":[136],"mutations":[137],"match":[139],"efficiently.":[143],"We":[144],"implemented":[146],"Steelix":[147,168],"evaluated":[149],"it":[150],"on":[151],"three":[152],"datasets:":[153],"LAVA-M":[154],"dataset,":[155],"DARPA":[156],"CGC":[157],"sample":[158],"binaries":[159],"five":[161],"real-life":[162],"programs.":[163],"The":[164],"results":[165],"show":[166],"has":[169],"better":[170],"code":[171],"bug":[174],"detection":[175],"capability":[176],"than":[177],"state-of-the-art":[179],"fuzzers.":[180],"Moreover,":[181],"found":[183],"CVE":[185],"nine":[187],"new":[188],"bugs.":[189]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":24},{"year":2023,"cited_by_count":35},{"year":2022,"cited_by_count":34},{"year":2021,"cited_by_count":37},{"year":2020,"cited_by_count":50},{"year":2019,"cited_by_count":49},{"year":2018,"cited_by_count":30}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}