{"id":"https://openalex.org/W3111490787","doi":"https://doi.org/10.1145/3427228.3427662","title":"DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC","display_name":"DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC","publication_year":2020,"publication_date":"2020-12-07","ids":{"openalex":"https://openalex.org/W3111490787","doi":"https://doi.org/10.1145/3427228.3427662","mag":"3111490787"},"language":"en","primary_location":{"id":"doi:10.1145/3427228.3427662","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427662","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039946244","display_name":"Gaganjeet Singh Reen","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Gaganjeet Singh Reen","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033589837","display_name":"Christian Rossow","orcid":"https://orcid.org/0000-0003-2470-8444"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Rossow","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5039946244"],"corresponding_institution_ids":["https://openalex.org/I4210128801"],"apc_list":null,"apc_paid":null,"fwci":2.4993,"has_fulltext":false,"cited_by_count":27,"citation_normalized_percentile":{"value":0.90818268,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":93,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"332","last_page":"344"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7453078627586365},{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.7263118624687195},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.6901042461395264},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6273282170295715},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6022210717201233},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5495903491973877},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.5134938359260559},{"id":"https://openalex.org/keywords/disruptive-technology","display_name":"Disruptive technology","score":0.43559974431991577},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3702792227268219},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3650801479816437},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11386814713478088},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08332657814025879},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.06311249732971191}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7453078627586365},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.7263118624687195},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.6901042461395264},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6273282170295715},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6022210717201233},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5495903491973877},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.5134938359260559},{"id":"https://openalex.org/C2984734790","wikidata":"https://www.wikidata.org/wiki/Q1192297","display_name":"Disruptive technology","level":2,"score":0.43559974431991577},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3702792227268219},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3650801479816437},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11386814713478088},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08332657814025879},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.06311249732971191},{"id":"https://openalex.org/C117671659","wikidata":"https://www.wikidata.org/wiki/Q11049265","display_name":"Manufacturing engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3427228.3427662","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427662","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1490025813","https://openalex.org/W2215638509","https://openalex.org/W2256319980","https://openalex.org/W2312250904","https://openalex.org/W2543928808","https://openalex.org/W2745034467","https://openalex.org/W2765827436","https://openalex.org/W2768945008","https://openalex.org/W2809613546","https://openalex.org/W2890128393","https://openalex.org/W2985708757","https://openalex.org/W3007237867","https://openalex.org/W3047947484","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2129975948","https://openalex.org/W2591875911","https://openalex.org/W2736754676","https://openalex.org/W4287833485","https://openalex.org/W4387191767","https://openalex.org/W4221162427","https://openalex.org/W4385412215","https://openalex.org/W3194450632","https://openalex.org/W2042324064","https://openalex.org/W2750938873"],"abstract_inverted_index":{"QUIC":[0,19,132,149,178,188],"is":[1,32,81],"an":[2,22],"emerging":[3],"transport":[4],"protocol":[5],"that":[6,153],"has":[7],"the":[8,14,50,142,170],"potential":[9],"to":[10,38,59,63,88,118,128,136],"replace":[11],"TCP":[12,76],"in":[13,134,186],"near":[15],"future.":[16],"As":[17],"such,":[18],"will":[20,85],"become":[21],"important":[23],"target":[24],"for":[25,35,75,101,123],"Deep":[26],"Packet":[27],"Inspection":[28],"(DPI).":[29],"Reliable":[30],"DPI":[31,53,69,91,121,157],"essential,":[33],"e.g.,":[34],"corporate":[36],"environments,":[37],"monitor":[39],"traffic":[40,62],"entering":[41],"and":[42,65,130],"leaving":[43],"their":[44],"networks.":[45],"However,":[46],"elusion":[47,73,99,158],"strategies":[48,74,117],"threaten":[49],"validity":[51],"of":[52,145,173],"systems,":[54],"as":[55,161],"they":[56],"allow":[57],"attackers":[58,84],"carefully":[60],"design":[61],"fool":[64],"thus":[66],"evade":[67],"on-path":[68],"systems.":[70,92],"While":[71],"such":[72,160],"are":[77],"well":[78],"documented,":[79],"it":[80],"unclear":[82],"if":[83],"be":[86],"able":[87],"elude":[89,119],"QUIC-based":[90],"In":[93],"this":[94,104],"paper,":[95],"we":[96,106],"systematically":[97],"explore":[98],"methodologies":[100],"QUIC.":[102,124],"To":[103],"end,":[105],"present":[107],"DPIFuzz:":[108],"a":[109],"differential":[110],"fuzzing":[111],"framework":[112],"which":[113],"can":[114],"automatically":[115],"detect":[116],"stateful":[120],"systems":[122],"We":[125,151],"use":[126],"DPIFuzz":[127,154,180],"generate":[129],"mutate":[131],"streams":[133],"order":[135],"compare":[137],"(and":[138],"find":[139],"differences":[140],"in)":[141],"server-side":[143],"interpretations":[144],"five":[146],"popular":[147],"open-source":[148],"implementations.":[150,179,189],"show":[152],"successfully":[155],"reveals":[156],"strategies,":[159],"using":[162],"packets":[163],"with":[164],"duplicate":[165],"packet":[166],"numbers":[167],"or":[168],"exploiting":[169],"diverging":[171],"handling":[172],"overlapping":[174],"stream":[175],"offsets":[176],"by":[177],"additionally":[181],"finds":[182],"four":[183],"security-critical":[184],"vulnerabilities":[185],"these":[187]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}