{"id":"https://openalex.org/W4406466697","doi":"https://doi.org/10.1145/3712186","title":"Novelty Not Found: Exploring Input Shadowing in Fuzzing through Adaptive Fuzzer Restarts","display_name":"Novelty Not Found: Exploring Input Shadowing in Fuzzing through Adaptive Fuzzer Restarts","publication_year":2025,"publication_date":"2025-01-16","ids":{"openalex":"https://openalex.org/W4406466697","doi":"https://doi.org/10.1145/3712186"},"language":"en","primary_location":{"id":"doi:10.1145/3712186","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3712186","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081483595","display_name":"Nico Schiller","orcid":"https://orcid.org/0009-0004-6401-5989"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Nico Schiller","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","CISPA, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083333004","display_name":"Xinyi Xu","orcid":"https://orcid.org/0000-0002-5378-959X"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Xinyi Xu","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","CISPA, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058085387","display_name":"Lukas Bernhard","orcid":"https://orcid.org/0009-0005-8564-1476"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lukas Bernhard","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","CISPA, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053788383","display_name":"Nils Bars","orcid":"https://orcid.org/0009-0001-5179-4002"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nils Bars","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","CISPA, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069446947","display_name":"Moritz Schloegel","orcid":"https://orcid.org/0000-0003-1630-1687"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Moritz Schloegel","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","CISPA, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thorsten Holz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","CISPA, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5081483595"],"corresponding_institution_ids":["https://openalex.org/I4210128801"],"apc_list":null,"apc_paid":null,"fwci":4.1994,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.92234256,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":"34","issue":"3","first_page":"1","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9629999995231628,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9513000249862671,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9716761112213135},{"id":"https://openalex.org/keywords/novelty","display_name":"Novelty","score":0.8084559440612793},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7975537180900574},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.16755932569503784},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.08893519639968872}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9716761112213135},{"id":"https://openalex.org/C2778738651","wikidata":"https://www.wikidata.org/wiki/Q16546687","display_name":"Novelty","level":2,"score":0.8084559440612793},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7975537180900574},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.16755932569503784},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.08893519639968872},{"id":"https://openalex.org/C27206212","wikidata":"https://www.wikidata.org/wiki/Q34178","display_name":"Theology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3712186","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3712186","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1771257699","https://openalex.org/W2058034764","https://openalex.org/W2138428785","https://openalex.org/W2162033657","https://openalex.org/W2350778671","https://openalex.org/W2598851863","https://openalex.org/W2751862727","https://openalex.org/W2766540688","https://openalex.org/W2777430404","https://openalex.org/W2964097210","https://openalex.org/W3111332788","https://openalex.org/W3194771370","https://openalex.org/W3207926955","https://openalex.org/W3212565000","https://openalex.org/W4251988601","https://openalex.org/W4308643070","https://openalex.org/W4315746341","https://openalex.org/W4324007088","https://openalex.org/W4365806382","https://openalex.org/W4366830184","https://openalex.org/W4378591002","https://openalex.org/W4384155563","https://openalex.org/W4389159674","https://openalex.org/W6756301311","https://openalex.org/W6833780757","https://openalex.org/W6850189028"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4210660460","https://openalex.org/W3203597304"],"abstract_inverted_index":{"Greybox":[0],"fuzzing":[1,110,201],"enhances":[2],"software":[3],"security":[4],"through":[5],"unprecedented":[6],"effectiveness":[7],"in":[8,15,64,183],"automated":[9],"fault":[10],"detection.":[11],"Its":[12],"success":[13],"lies":[14],"the":[16,21,26,46,80,113,144,177,184,188,197],"coverage":[17,147],"feedback":[18,40],"extracted":[19],"from":[20],"system":[22],"under":[23],"test,":[24],"guiding":[25],"fuzzer":[27,47,130],"to":[28,37,75,132,158,164,195],"explore":[29],"different":[30,118],"program":[31,55],"parts.":[32],"The":[33],"most":[34],"prominent":[35],"way":[36],"use":[38],"this":[39,58,96,142],"is":[41],"novelty":[42],"search":[43],",":[44,63],"where":[45],"keeps":[48],"only":[49],"new":[50,54,76],"inputs":[51,67,90],"exercising":[52],"a":[53,100,117,192],"edge.":[56],"However,":[57],"approach\u2014by":[59],"design\u2014ignores":[60],"input":[61,82,104,181],"shadowing":[62,105,182],"which":[65],"interesting":[66],"are":[68],"discarded":[69],"if":[70],"they":[71],"do":[72],"not":[73],"contribute":[74],"coverage.":[77,127],"This":[78],"limits":[79],"accepted":[81],"space":[83],"and":[84,106,139,156,168,187],"may":[85],"overlook":[86],"bugs":[87,167],"that":[88,108,141],"shadowed":[89],"could":[91],"trigger":[92,169],"with":[93],"mutations.":[94],"In":[95],"work,":[97],"we":[98],"present":[99],"comprehensive":[101],"analysis":[102],"of":[103,112,179,191,199],"demonstrate":[107],"multiple":[109],"runs":[111],"same":[114],"target":[115],"exhibit":[116],"basic":[119,135],"block":[120,136],"hit":[121,137],"frequency":[122],"distribution":[123],"despite":[124],"overlapping":[125],"code":[126],"We":[128],"propose":[129],"restarts":[131,162],"effectively":[133],"redistribute":[134],"frequencies":[138],"show":[140],"increases":[143],"overall":[145],"achieved":[146],"on":[148,152],"15":[149],"evaluated":[150],"targets":[151],"average":[153],"by":[154],"\\(9.5\\%\\)":[155],"up":[157],"\\(25.0\\%\\)":[159],".":[160],"Furthermore,":[161],"help":[163],"find":[165],"more":[166,171],"them":[170],"reliably.":[172],"Overall,":[173],"our":[174],"results":[175],"highlight":[176],"importance":[178],"considering":[180],"fuzzers\u2019":[185],"design":[186],"potential":[189],"benefits":[190],"restart-based":[193],"strategy":[194],"enhance":[196],"performance":[198],"complex":[200],"methods.":[202]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-11T08:14:18.477133","created_date":"2025-10-10T00:00:00"}