{"id":"https://openalex.org/W4362466275","doi":"https://doi.org/10.1145/3580598","title":"NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing","display_name":"NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing","publication_year":2023,"publication_date":"2023-03-31","ids":{"openalex":"https://openalex.org/W4362466275","doi":"https://doi.org/10.1145/3580598"},"language":"en","primary_location":{"id":"doi:10.1145/3580598","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3580598","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3580598","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3580598","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066895522","display_name":"Shisong Qin","orcid":"https://orcid.org/0000-0002-1935-5747"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Shisong Qin","raw_affiliation_strings":["Tsinghua University, China"],"raw_orcid":"https://orcid.org/0000-0002-1935-5747","affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100658881","display_name":"Fan Hu","orcid":"https://orcid.org/0000-0002-9875-8973"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fan Hu","raw_affiliation_strings":["State Key Laboratory of Mathematical Engineering and Advanced Computing, China"],"raw_orcid":"https://orcid.org/0000-0002-9875-8973","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Mathematical Engineering and Advanced Computing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051740371","display_name":"Zheyu Ma","orcid":"https://orcid.org/0000-0002-0710-326X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zheyu Ma","raw_affiliation_strings":["Tsinghua University, China"],"raw_orcid":"https://orcid.org/0000-0002-0710-326X","affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086231224","display_name":"Bodong Zhao","orcid":"https://orcid.org/0000-0003-4443-3708"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bodong Zhao","raw_affiliation_strings":["Tsinghua University, China"],"raw_orcid":"https://orcid.org/0000-0003-4443-3708","affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101752838","display_name":"Tingting Yin","orcid":"https://orcid.org/0000-0003-1231-4050"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tingting Yin","raw_affiliation_strings":["Tsinghua University, China"],"raw_orcid":"https://orcid.org/0000-0003-1231-4050","affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100460096","display_name":"Chao Zhang","orcid":"https://orcid.org/0000-0001-7894-8828"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Zhang","raw_affiliation_strings":["Tsinghua University, China"],"raw_orcid":"https://orcid.org/0000-0001-7894-8828","affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5066895522"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":9.7771,"has_fulltext":true,"cited_by_count":46,"citation_normalized_percentile":{"value":0.99015048,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"32","issue":"6","first_page":"1","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9806629419326782},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8943730592727661},{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.7818716168403625},{"id":"https://openalex.org/keywords/stateless-protocol","display_name":"Stateless protocol","score":0.42373234033584595},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.41932398080825806},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.4192975163459778},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.31205588579177856},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.29189229011535645},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.2749800682067871},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26328223943710327}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9806629419326782},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8943730592727661},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.7818716168403625},{"id":"https://openalex.org/C103613024","wikidata":"https://www.wikidata.org/wiki/Q230924","display_name":"Stateless protocol","level":3,"score":0.42373234033584595},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.41932398080825806},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.4192975163459778},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.31205588579177856},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.29189229011535645},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.2749800682067871},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26328223943710327},{"id":"https://openalex.org/C136264566","wikidata":"https://www.wikidata.org/wiki/Q159810","display_name":"Economy","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3580598","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3580598","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3580598","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3580598","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3580598","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3580598","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.46000000834465027}],"awards":[{"id":"https://openalex.org/G2873699935","display_name":null,"funder_award_id":"2021YFB2701000","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G5777954143","display_name":null,"funder_award_id":"61972224","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4362466275.pdf","grobid_xml":"https://content.openalex.org/works/W4362466275.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W1884983968","https://openalex.org/W1989445634","https://openalex.org/W1998965451","https://openalex.org/W2051700952","https://openalex.org/W2115675703","https://openalex.org/W2129975948","https://openalex.org/W2141175718","https://openalex.org/W2295974667","https://openalex.org/W2734941459","https://openalex.org/W2914954538","https://openalex.org/W2980275936","https://openalex.org/W2989119476","https://openalex.org/W2989201839","https://openalex.org/W3046946156","https://openalex.org/W3088278208","https://openalex.org/W3114926726","https://openalex.org/W3181528482","https://openalex.org/W3207926955","https://openalex.org/W3208566226","https://openalex.org/W4205540825","https://openalex.org/W4221162427","https://openalex.org/W4226375748"],"related_works":["https://openalex.org/W2035312053","https://openalex.org/W2908539414","https://openalex.org/W2129975948","https://openalex.org/W2591875911","https://openalex.org/W112987992","https://openalex.org/W2736754676","https://openalex.org/W4287833485","https://openalex.org/W4401906987","https://openalex.org/W4400727979","https://openalex.org/W4401907763"],"abstract_inverted_index":{"As":[0],"an":[1,126],"essential":[2],"component":[3],"responsible":[4],"for":[5,71,92],"communication,":[6],"network":[7,55,62,94,101,190],"services":[8,56,63],"are":[9],"security":[10],"critical,":[11],"thus,":[12],"it":[13],"is":[14,21],"vital":[15],"to":[16,35,104,131,151,172,218,229,244],"find":[17,245],"their":[18],"vulnerabilities.":[19],"Fuzzing":[20],"currently":[22],"one":[23],"of":[24,100,139,252],"the":[25,159,249,253],"most":[26],"popular":[27],"software":[28],"vulnerability":[29],"discovery":[30],"techniques,":[31],"widely":[32],"adopted":[33],"due":[34],"its":[36],"high":[37],"efficiency":[38],"and":[39,78,110,124,145,155,167,196,212,231],"low":[40,79],"false":[41],"positives.":[42],"However,":[43],"existing":[44],"coverage-guided":[45],"fuzzers":[46,60],"mainly":[47],"aim":[48],"at":[49],"stateless":[50],"local":[51],"applications,":[52],"leaving":[53],"stateful":[54,93],"underexplored.":[57],"Recently,":[58],"some":[59],"targeting":[61],"have":[64,68,259],"been":[65,260],"proposed":[66],"but":[67],"certain":[69],"limitations,":[70],"example,":[72],"insufficient":[73],"or":[74],"inaccurate":[75],"state":[76,121,156,170,208],"representation":[77,122],"testing":[80],"efficiency.":[81,134],"In":[82,220],"this":[83],"article,":[84],"we":[85,115],"propose":[86,116],"a":[87,118,137,205,241],"new":[88,246],"fuzzing":[89,133,177,211,214,242],"solution":[90,201],"NSFuzz":[91,202,222],"services.":[95,160],"We":[96,135,238],"studied":[97],"typical":[98],"implementations":[99],"service":[102,169,191],"programs":[103],"determine":[105],"how":[106],"they":[107],"represent":[108],"states":[109],"interact":[111],"with":[112,188],"clients.":[113],"Accordingly,":[114],"(1)":[117],"program":[119],"variable\u2013based":[120],"scheme":[123],"(2)":[125],"efficient":[127,175],"interaction":[128],"synchronization":[129,153,166],"mechanism":[130],"improve":[132,213,224],"implemented":[136],"prototype":[138],"NSFuzz,":[140],"which":[141],"uses":[142],"static":[143],"analysis":[144],"annotation":[146],"application":[147],"programming":[148],"interfaces":[149],"(APIs)":[150],"identify":[152],"points":[154],"variables":[157],"within":[158],"It":[161],"then":[162],"achieves":[163],"fast":[164],"I/O":[165],"accurate":[168,207],"tracing":[171],"carry":[173],"out":[174],"state-aware":[176],"via":[178],"lightweight":[179],"compile-time":[180],"instrumentation.":[181],"The":[182],"evaluation":[183],"results":[184],"show":[185],"that":[186],"compared":[187],"other":[189],"fuzzers,":[192],"including":[193],"AFL":[194],"net":[195],"S":[197],"tate":[198],"AFL,":[199],"our":[200],"could":[203,223],"infer":[204],"more":[206,233],"model":[209],"during":[210],"throughput":[215],"by":[216,227,262],"up":[217,228],"200\u00d7.":[219],"addition,":[221],"code":[225],"coverage":[226],"25%":[230],"trigger":[232],"crashes":[234],"in":[235,248],"less":[236],"time.":[237],"also":[239],"performed":[240],"campaign":[243],"bugs":[247],"latest":[250],"version":[251],"target":[254],"services;":[255],"8":[256],"zero-day":[257],"vulnerabilities":[258],"found":[261],"NSFuzz.":[263]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":22},{"year":2024,"cited_by_count":20},{"year":2023,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}