{"id":"https://openalex.org/W2984589025","doi":"https://doi.org/10.1155/2019/5076324","title":"Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface","display_name":"Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface","publication_year":2019,"publication_date":"2019-11-04","ids":{"openalex":"https://openalex.org/W2984589025","doi":"https://doi.org/10.1155/2019/5076324","mag":"2984589025"},"language":"en","primary_location":{"id":"doi:10.1155/2019/5076324","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2019/5076324","pdf_url":"https://downloads.hindawi.com/journals/scn/2019/5076324.pdf","source":{"id":"https://openalex.org/S120683614","display_name":"Security and Communication Networks","issn_l":"1939-0114","issn":["1939-0114","1939-0122"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319869","host_organization_name":"Hindawi Publishing Corporation","host_organization_lineage":["https://openalex.org/P4310319869"],"host_organization_lineage_names":["Hindawi Publishing Corporation"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security and Communication Networks","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://downloads.hindawi.com/journals/scn/2019/5076324.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100391483","display_name":"Dong Wang","orcid":"https://orcid.org/0000-0002-5141-9296"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dong Wang","raw_affiliation_strings":["University of Electronic Science and Technology of China, ADLab of Venustech, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0002-5141-9296","affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, ADLab of Venustech, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100780268","display_name":"Xiaosong Zhang","orcid":"https://orcid.org/0000-0001-9886-1412"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaosong Zhang","raw_affiliation_strings":["University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0001-9886-1412","affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100443178","display_name":"Ting Chen","orcid":"https://orcid.org/0000-0001-9165-8331"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Chen","raw_affiliation_strings":["University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034762138","display_name":"Jingwei Li","orcid":"https://orcid.org/0000-0001-8457-0454"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jingwei Li","raw_affiliation_strings":["University of Electronic Science and Technology of China, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Chengdu, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Chengdu, China","institution_ids":["https://openalex.org/I19820366","https://openalex.org/I150229711","https://openalex.org/I4210156404"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100780268"],"corresponding_institution_ids":["https://openalex.org/I150229711"],"apc_list":{"value":2100,"currency":"USD","value_usd":2100},"apc_paid":{"value":2100,"currency":"USD","value_usd":2100},"fwci":2.1702,"has_fulltext":true,"cited_by_count":26,"citation_normalized_percentile":{"value":0.88663623,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"2019","issue":null,"first_page":"1","last_page":"19"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9702077507972717},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8843472599983215},{"id":"https://openalex.org/keywords/interface","display_name":"Interface (matter)","score":0.6724892854690552},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5516095757484436},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.5441464185714722},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.4742026627063751},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3846520781517029},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2082436978816986},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.2052920162677765},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.14516717195510864}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9702077507972717},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8843472599983215},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.6724892854690552},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5516095757484436},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.5441464185714722},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.4742026627063751},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3846520781517029},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2082436978816986},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2052920162677765},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.14516717195510864},{"id":"https://openalex.org/C157915830","wikidata":"https://www.wikidata.org/wiki/Q2928001","display_name":"Bubble","level":2,"score":0.0},{"id":"https://openalex.org/C129307140","wikidata":"https://www.wikidata.org/wiki/Q6795880","display_name":"Maximum bubble pressure method","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1155/2019/5076324","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2019/5076324","pdf_url":"https://downloads.hindawi.com/journals/scn/2019/5076324.pdf","source":{"id":"https://openalex.org/S120683614","display_name":"Security and Communication Networks","issn_l":"1939-0114","issn":["1939-0114","1939-0122"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319869","host_organization_name":"Hindawi Publishing Corporation","host_organization_lineage":["https://openalex.org/P4310319869"],"host_organization_lineage_names":["Hindawi Publishing Corporation"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security and Communication Networks","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:2ae9c65c64b8461d8f8317ead5d8f163","is_oa":false,"landing_page_url":"https://doaj.org/article/2ae9c65c64b8461d8f8317ead5d8f163","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Security and Communication Networks, Vol 2019 (2019)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1155/2019/5076324","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2019/5076324","pdf_url":"https://downloads.hindawi.com/journals/scn/2019/5076324.pdf","source":{"id":"https://openalex.org/S120683614","display_name":"Security and Communication Networks","issn_l":"1939-0114","issn":["1939-0114","1939-0122"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319869","host_organization_name":"Hindawi Publishing Corporation","host_organization_lineage":["https://openalex.org/P4310319869"],"host_organization_lineage_names":["Hindawi Publishing Corporation"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security and Communication Networks","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1167978243","display_name":null,"funder_award_id":"61602092","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G135912168","display_name":null,"funder_award_id":"61572115","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G6248607417","display_name":"\u9776\u5411\u6027\u590d\u6742\u653b\u51fb\u7f51\u7edc\u5efa\u6a21\u548c\u884c\u4e3a\u5206\u6790\u7814\u7a76","funder_award_id":"61572115","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6278046909","display_name":null,"funder_award_id":"2017YFB0802300","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G6505580339","display_name":null,"funder_award_id":"2017YFB0802900","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G6524667177","display_name":null,"funder_award_id":"61602092","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G7539257876","display_name":null,"funder_award_id":"2017YFB0802900","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G764980237","display_name":"\u52a0\u5bc6\u91cd\u590d\u6570\u636e\u5220\u9664\u7cfb\u7edf\u5173\u952e\u95ee\u9898\u7814\u7a76","funder_award_id":"61972073","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7726336563","display_name":null,"funder_award_id":"61972073","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G8009458132","display_name":null,"funder_award_id":"2019-MS-05","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G8280895273","display_name":null,"funder_award_id":"2019-MS-05","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G902353243","display_name":null,"funder_award_id":"2017YFB0802300","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2984589025.pdf","grobid_xml":"https://content.openalex.org/works/W2984589025.grobid-xml"},"referenced_works_count":16,"referenced_works":["https://openalex.org/W191196432","https://openalex.org/W2042033151","https://openalex.org/W2044058194","https://openalex.org/W2111038628","https://openalex.org/W2124628099","https://openalex.org/W2146957318","https://openalex.org/W2216041415","https://openalex.org/W2514873781","https://openalex.org/W2626037032","https://openalex.org/W2734150319","https://openalex.org/W2777430404","https://openalex.org/W2799341537","https://openalex.org/W2803870013","https://openalex.org/W2942680566","https://openalex.org/W4244413641","https://openalex.org/W4246597393"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4210660460","https://openalex.org/W3203597304","https://openalex.org/W4282010060","https://openalex.org/W4225847901","https://openalex.org/W2912063542"],"abstract_inverted_index":{"A":[0],"novel":[1],"approach":[2],"for":[3,74],"discovering":[4],"vulnerability":[5],"in":[6,14,29,173],"commercial":[7],"off-the-shelf":[8],"(COTS)":[9],"IoT":[10,30,176],"devices":[11,177],"is":[12],"proposed":[13,146],"this":[15,44,76],"paper,":[16],"which":[17],"will":[18],"revolutionize":[19],"the":[20,25,62,88,94,109,127,149],"area.":[21],"Unlike":[22],"previous":[23],"work,":[24],"web":[26,65,128],"management":[27],"interface":[28,66,77,129],"was":[31,50,80,123,145],"used":[32],"to":[33,61,86,105,125,130,147,151],"detect":[34],"vulnerabilities":[35,169],"by":[36,108],"leveraging":[37],"fuzzing":[38,75,89,99],"technology.":[39],"To":[40,115],"validate":[41],"and":[42,52,78,90],"evaluate":[43],"scheme,":[45],"a":[46,119,139],"tool":[47],"named":[48],"WMIFuzzer":[49,162],"designed":[51,124],"implemented.":[53],"There":[54],"were":[55,69,178],"also":[56],"two":[57],"challenges:":[58],"(1)":[59],"due":[60],"diversity":[63],"of":[64,93],"implementations,":[67],"there":[68],"no":[70],"existing":[71],"seed":[72,97,133],"messages":[73,85,134],"it":[79],"inefficient":[81],"while":[82,167],"taking":[83],"random":[84],"launch":[87],"(2)":[91],"because":[92],"highly":[95],"structured":[96],"message,":[98],"with":[100],"byte-level":[101],"mutation":[102,150],"could":[103,163],"conduce":[104],"be":[106],"rejected":[107],"device":[110],"at":[111],"an":[112],"early":[113],"stage.":[114],"address":[116],"these":[117],"challenges,":[118],"brute-force":[120],"UI":[121],"automation":[122],"drive":[126],"generate":[131,152],"initial":[132],"automatically,":[135],"as":[136,138],"well":[137],"weighted":[140],"message":[141],"parse":[142],"tree":[143],"(WMPT)":[144],"guide":[148],"mostly":[153],"structure-valid":[154],"messages.":[155],"The":[156],"extensive":[157],"experimental":[158],"results":[159],"show":[160],"that":[161],"achieve":[164],"expected":[165],"result":[166],"10":[168],"including":[170],"6":[171],"zero-days":[172],"7":[174],"COTS":[175],"discovered.":[179]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":3}],"updated_date":"2026-06-06T09:05:17.133730","created_date":"2025-10-10T00:00:00"}
