{"id":"https://openalex.org/W4402954232","doi":"https://doi.org/10.1145/3658644.3690231","title":"ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model","display_name":"ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4402954232","doi":"https://doi.org/10.1145/3658644.3690231"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690231","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690231","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690231","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690231","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101760671","display_name":"Dawei Wang","orcid":"https://orcid.org/0009-0006-0656-9697"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Dawei Wang","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0006-0656-9697","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100302178","display_name":"Geng Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Geng Zhou","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0001-0010-9415","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100379245","display_name":"Li Chen","orcid":"https://orcid.org/0000-0002-4228-7885"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li Chen","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-4228-7885","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100380761","display_name":"Dan Li","orcid":"https://orcid.org/0000-0002-7581-8865"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dan Li","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-7581-8865","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048781372","display_name":"Yukai Miao","orcid":"https://orcid.org/0000-0002-6401-5979"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yukai Miao","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-6401-5979","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101760671"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.46,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.97207367,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"735","last_page":"749"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9879465699195862},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.759253978729248},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.6478835344314575},{"id":"https://openalex.org/keywords/software-testing","display_name":"Software testing","score":0.4464053809642792},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3909217119216919},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3714454174041748},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3548122048377991},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.15863633155822754}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9879465699195862},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.759253978729248},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.6478835344314575},{"id":"https://openalex.org/C2984328558","wikidata":"https://www.wikidata.org/wiki/Q188522","display_name":"Software testing","level":3,"score":0.4464053809642792},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3909217119216919},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3714454174041748},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3548122048377991},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.15863633155822754}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3658644.3690231","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690231","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690231","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2409.00922","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2409.00922","pdf_url":"https://arxiv.org/pdf/2409.00922","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690231","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690231","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690231","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4402954232.pdf"},"referenced_works_count":16,"referenced_works":["https://openalex.org/W2777430404","https://openalex.org/W2794659749","https://openalex.org/W2964241064","https://openalex.org/W3105061167","https://openalex.org/W4253752119","https://openalex.org/W4281713017","https://openalex.org/W4308469411","https://openalex.org/W4378591002","https://openalex.org/W4378651134","https://openalex.org/W4384155653","https://openalex.org/W4384304865","https://openalex.org/W4385373745","https://openalex.org/W4388858797","https://openalex.org/W4391579642","https://openalex.org/W4391724785","https://openalex.org/W4394769544"],"related_works":["https://openalex.org/W4226494072","https://openalex.org/W4319791806","https://openalex.org/W4384155735","https://openalex.org/W2964241064","https://openalex.org/W2163362445","https://openalex.org/W2980609145","https://openalex.org/W4318619343","https://openalex.org/W4221155666","https://openalex.org/W3213274373","https://openalex.org/W2391433596"],"abstract_inverted_index":{"Vulnerabilities":[0],"related":[1,108],"to":[2,14,64,71,79],"option":[3,34,74,122,153],"combinations":[4,35,75,123],"pose":[5],"a":[6,92,100],"significant":[7],"challenge":[8,24],"in":[9,51,164],"software":[10],"security":[11],"testing":[12,53,85],"due":[13],"their":[15],"vast":[16],"search":[17],"space.":[18],"Previous":[19],"research":[20],"primarily":[21],"addressed":[22],"this":[23,56],"through":[25],"mutation":[26],"or":[27],"filtering":[28],"techniques,":[29],"which":[30,155],"inefficiently":[31],"treated":[32],"all":[33],"as":[36],"having":[37],"equal":[38],"potential":[39],"for":[40],"vulnerabilities,":[41,184],"thus":[42],"wasting":[43],"considerable":[44],"time":[45],"on":[46,99,175],"non-vulnerable":[47],"targets":[48],"and":[49,82,96,190],"resulting":[50],"low":[52],"efficiency.":[54],"In":[55],"paper,":[57],"we":[58,171],"utilize":[59],"carefully":[60],"designed":[61],"prompt":[62],"engineering":[63],"drive":[65],"the":[66,150,165,176],"large":[67],"language":[68],"model":[69],"(LLM)":[70],"predict":[72],"high-risk":[73,121,152],"(i.e.,":[76],"more":[77],"likely":[78],"contain":[80],"vulnerabilities)":[81],"perform":[83],"fuzz":[84],"automatically":[86],"without":[87],"human":[88],"intervention.":[89],"We":[90],"developed":[91],"tool":[93],"called":[94],"ProphetFuzz":[95,117,141],"evaluated":[97],"it":[98],"dataset":[101],"comprising":[102],"52":[103],"programs":[104],"collected":[105],"from":[106],"three":[107],"studies.":[109],"The":[110],"entire":[111],"experiment":[112],"consumed":[113],"10.44":[114],"CPU":[115],"years.":[116],"successfully":[118],"predicted":[119,151],"1748":[120],"at":[124],"an":[125],"average":[126],"cost":[127],"of":[128,139,149,179],"only":[129],"\\8.69":[130],"per":[131],"program.":[132],"Results":[133],"show":[134],"that":[135,160],"after":[136],"72":[137],"hours":[138],"fuzzing,":[140],"discovered":[142],"364":[143],"unique":[144],"vulnerabilities":[145],"associated":[146],"with":[147,185],"12.30%":[148],"combinations,":[154],"was":[156],"32.85%":[157],"higher":[158],"than":[159],"found":[161],"by":[162,188],"state-of-the-art":[163],"same":[166],"timeframe.":[167],"Additionally,":[168],"using":[169],"ProphetFuzz,":[170],"conducted":[172],"persistent":[173],"fuzzing":[174],"latest":[177],"versions":[178],"these":[180],"programs,":[181],"uncovering":[182],"140":[183],"93":[186],"confirmed":[187],"developers":[189],"21":[191],"awarded":[192],"CVE":[193],"numbers.":[194]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2024-09-29T00:00:00"}