嵌入式设备固件模糊测试技术综述

doi:10.3778/j.issn.1002-8331.2503-0296

摘要/Abstract

摘要： 为确保嵌入式设备的安全可靠，需要对嵌入式设备固件进行充分测试，以及时发现并修复其中的漏洞。近年来，有研究人员将模糊测试技术应用到嵌入式设备固件的测试中，有效提高了测试效率。总结了2014年至2024年关于嵌入式设备固件模糊测试的相关研究成果，将嵌入式设备固件模糊测试过程分为三个阶段：预处理、测试环境建立、模糊测试执行，并分别介绍了各阶段的研究成果。讨论了现有嵌入式设备固件模糊测试的数据集和评估指标，并对嵌入式设备固件模糊测试未来的研究方向进行展望，为研究人员提供参考。

关键词: 模糊测试, 嵌入式设备固件测试, 嵌入式安全, 固件仿真, 固件模糊测试

Abstract: To ensure the security of embedded devices, the firmware of embedded devices must be adequately tested to detect and fix the vulnerabilities in time. In recent years, researchers have applied fuzz testing to the testing of embedded device firmwares, effectively improving the efficiency of testing. This paper summarizes research results on fuzz testing of embedded device firmwares from 2014 to 2024, divides the fuzz testing process for embedded device firmwares into three stages: preprocessing, test environment establishment, and fuzz testing execution, then introduces the research results of each stage. In addition, the paper discusses the datasets and evaluation metrics for existing fuzz testing of embedded device firmwares, and looks forward to the future research direction of fuzz testing for embedded device firmwares.

Key words: fuzz testing, embedded device firmware testing, embedded security, firmware emulation, firmware fuzz testing

陈菁菁, 王正武, 兰文尉, 张瑞宸, 张亚东, 崔展齐. 嵌入式设备固件模糊测试技术综述[J]. 计算机工程与应用, 2025, 61(23): 72-89.

CHEN Jingjing, WANG Zhengwu, LAN Wenwei, ZHANG Ruichen, ZHANG Yadong, CUI Zhanqi. Survey of Fuzz Testing Embedded Device Firmwares[J]. Computer Engineering and Applications, 2025, 61(23): 72-89.

参考文献

[1] 于婷婷, 李超, 王博祥, 等. 中断驱动型航天嵌入式软件原子性违反检测方法[J]. 计算机研究与发展, 2023, 60(2): 294-310.
YU T T, LI C, WANG B X, et al. Atomicity violation detection for interrupt-driven aerospace embedded software[J]. Journal of Computer Research and Development, 2023, 60(2): 294-310.
[2] 张晓策. 基于动态故障树的嵌入式系统故障模型研究[D]. 南京: 南京航空航天大学, 2018: 1-63.
ZHANG X C. The research of fault model of embedded system based on the dynamic fault tree[D]. Nanjing: Nanjing University of Aeronautics and Astronautics, 2018: 1-63.
[3] 苏曙光. 嵌入式系统协同设计[M]. 武汉: 华中科技大学出版社, 2022.
SU S G. Collaborative design of embedded system[M]. Wuhan: Huazhong University of Science and Technology Press, 2022.
[4] ZETTER K. Countdown to zero day: stuxnet and the launch of the world’s first digital weapon[M]. New York: Crown Publishers, 2014.
[5] KOLIAS C, KAMBOURAKIS G, STAVROU A, et al. DDoS in the IoT: mirai and other botnets[J]. Computer, 2017, 50(7): 80-84.
[6] MILLER B P, FREDRIKSEN L, SO B. An empirical study of the reliability of UNIX utilities[J]. Communications of the ACM, 1990, 33(12): 32-44.
[7] 许航, 赵世斌, 朱俊虎, 等. 灰盒模糊测试自适应技术研究[J]. 计算机工程与应用, 2019, 55(14): 87-97.
XU H, ZHAO S B, ZHU J H, et al. Greybox fuzzing adaptive technology research[J]. Computer Engineering and Applications, 2019, 55(14): 87-97.
[8] ZHU X G, WEN S, CAMTEPE S, et al. Fuzzing: a survey for roadmap[J]. ACM Computing Surveys, 2022, 54(11): 1-36.
[9] 崔展齐, 张家铭, 郑丽伟, 等. 覆盖率制导的灰盒模糊测试研究综述[J]. 计算机学报, 2024, 47(7): 1665-1696.
CUI Z Q, ZHANG J M, ZHENG L W, et al. A survey of research on coverage-guided greybox fuzzing[J]. Chinese Journal of Computers, 2024, 47(7): 1665-1696.
[10] 张洪泽, 洪征, 周胜利, 等. 基于协议状态机遍历的模糊测试优化方法[J]. 计算机工程与应用, 2020, 56(4): 82-91.
ZHANG H Z, HONG Z, ZHOU S L, et al. Fuzzing optimization method based on protocol state migration traversal[J]. Computer Engineering and Applications, 2020, 56(4): 82-91.
[11] WANG M Z, WU Z Y, XU X Y, et al. Industry practice of coverage-guided enterprise-level DBMS fuzzing[C]//Proceedings of the IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice. Piscataway: IEEE, 2021: 328-337.
[12]王嘉诚, 蒋佳佳, 赵佳豪, 等. 基于模糊测试的智能合约正确性检测[J]. 计算机工程与应用, 2024, 60(5): 307-320.
WANG J C, JIANG J J, ZHAO J H, et al. Correctness detection of smart contract based on fuzzing[J]. Computer Engineering and Applications, 2024, 60(5): 307-320.
[13] ZHENG Y W, DAVANIAN A, YIN H, et al. FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation[C]//Proceedings of the 28th USENIX Conference on Security Symposium, 2021:1099-1144.
[14] 张浩, 申珊靛, 刘鹏, 等. 嵌入式设备固件仿真器综述[J]. 计算机研究与发展, 2023, 60(10): 2255-2270.
ZHANG H, SHEN S D, LIU P, et al. Review of firmware emulators in embedded devices[J]. Journal of Computer Research and Development, 2023, 60(10): 2255-2270.
[15] SRIVASTAVA P, PENG H, LI J H, et al. FirmFuzz: automated IoT firmware introspection and analysis[C]//Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things. New York: ACM, 2019: 15-21.
[16] YUN J, RUSTAMOV F, KIM J, et al. Fuzzing of embedded systems: a survey[J]. ACM Computing Surveys, 2023, 55(7): 1-33.
[17] ZHU L P, FU X T, YAO Y, et al. FIoT: detecting the memory corruption in lightweight IoT device firmware[C]//Proceedings of the 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Piscataway: IEEE, 2019: 248-255.
[18] CHEN D D, EGELE M, WOO M, et al. Towards automated dynamic analysis for linux-based embedded firmware[C]//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016: 437-448.
[19] KIM J, YU J, KIM H, et al. FIRM-COV: high-coverage greybox fuzzing for IoT firmware via optimized process emulation[J]. IEEE Access, 2021, 9: 101627-101642.
[20] ReFirm Labs. Firmware analysis tool[EB/OL]. (2024-01-13)[2024-07-15]. https://github.com/ReFirmLabs/binwalk.
[21] MERA A, LIU C M, SUN R M, et al. SHiFT: semi-hosted fuzz testing for embedded applications[C]//Proceedings of the 33rd USENIX Conference on Security Symposium, 2024: 5323-5340.
[22] 况博裕, 张兆博, 杨善权, 等. HMFuzzer: 一种基于人机协同的物联网设备固件漏洞挖掘方案[J]. 计算机学报, 2024, 47(3): 703-716.
KUANG B Y, ZHANG Z B, YANG S Q, et al. HMFuzzer: a human-machine collaboration-based firmware vulnerability mining scheme for IoT devices[J]. Chinese Journal of Computers, 2024, 47(3): 703-716.
[23] SHOSHITAISHVILI Y, WANG R Y, HAUSER C, et al. Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware[C]//Proceedings of the Network and Distributed System Security Symposium, 2015.
[24] FENG Z W, MA J Y. TWFuzz: fuzzing embedded systems with three wires[C]//Proceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. New York: ACM, 2024: 107-118.
[25] 朱怀东, 蒋烈辉, 董卫宇. 基于内存模糊测试的嵌入式固件漏洞检测[J]. 计算机工程与设计, 2018, 39(9): 2992-2996.
ZHU H D, JIANG L H, DONG W Y. Embedded firmware vulnerability detection based on in-memory fuzzy test[J]. Computer Engineering and Design, 2018, 39(9): 2992-2996.
[26] 潘祖烈, 王泰彦, 周航, 等. 一种基于导向式模糊测试的IoT设备固件漏洞分析方法[J]. 信息对抗技术, 2023, 2(1): 38-54.
PAN Z L, WANG T Y, ZHOU H, et al. Vulnerability analysis method for internet of things device firmware based on guided fuzzing[J]. Information Countermeasure Technology, 2023, 2(1): 38-54.
[27] HERNANDEZ G, FOWZE F, TIAN D J, et al. FirmUSB: vetting USB device firmware using domain informed symbolic execution[C]//Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 2245-2262.
[28] LI X X, ZHAO L, WEI Q, et al. SHFuzz: service handler-aware fuzzing for detecting multi-type vulnerabilities in embedded devices[J]. Computers & Security, 2024, 138: 103618.
[29] 林欣康, 顾匡愚, 赵磊. UEFI的启发式逆向分析与模糊测试方法[J]. 软件学报, 2024, 35(8): 3577-3590.
LIN X K, GU K Y, ZHAO L. UEFI fuzz testing system and method based on heuristic reverse analysis[J]. Journal of Software, 2024, 35(8): 3577-3590.
[30] IDA Pro[EB/OL]. (2023-10-01)[2024-07-15]. https://hex-rays.com/.
[31] ZADDACH J, BRUNO L, FRANCILLON A, et al. Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares[C]//Proceedings of the Network and Distributed System Security Symposium, 2014:1-16.
[32] KIM M, KIM D, KIM E, et al. FirmAE: towards large-scale emulation of IoT firmware for dynamic analysis[C]//Proceedings of the Annual Computer Security Applications Conference. New York: ACM, 2020: 733-745.
[33] OLIINYK Y, SCOTT M, TSANG R, et al. Fuzzing BusyBox: leveraging LLM and crash reuse for embedded bug unearthing[J]. arXiv:2403.03897, 2024.
[34] CHEN L B, WANG Y H, CAI Q P, et al. Sharing more and checking less: leveraging common input keywords to detect bugs in embedded systems[C]//Proceedings of the USENIX Conference on Security Symposium, 2021.
[35] JOHNSON E, BLAND M, ZHU Y F, et al. Jetset: targeted firmware rehosting for embedded systems[C]//Proceedings of the USENIX Conference on Security Symposium, 2021:321-338.
[36] DU X C, CHEN A D, HE B Y, et al. AFLIot: fuzzing on linux-based IoT device with binary-level instrumentation[J]. Computers & Security, 2022, 122: 102889.
[37] CHEN J Y, DIAO W R, ZHAO Q C, et al. IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing[C]//Proceedings of the Network and Distributed System Security Symposium, 2018: 158965.
[38] SHAR L K, BINH DUONG T N, JIANG L X, et al. SmartFuzz: an automated smart fuzzing approach for testing SmartThings apps[C]//Proceedings of the 27th Asia-Pacific Software Engineering Conference. Piscataway: IEEE, 2020: 365-374.
[39] REDINI N, CONTINELLA A, DAS D, et al. Diane: identifying fuzzing triggers in apps to generate under-constrained inputs for IoT devices[C]//Proceedings of the 2021 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2021: 484-500.
[40] SCHARNOWSKI T, BARS N, SCHLOEGEL M, et al. Fuzzware: using precise MMIO modeling for effective firmware fuzzing[C]//Proceedings of the 31st USENIX Conference on Security Symposium, 2022: 1239-1256.
[41] YIN J W, LI M H, LI Y K, et al. RSFuzzer: discovering deep SMI handler vulnerabilities in UEFI firmware with hybrid fuzzing[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2023: 2155-2169.
[42] ZHAO H, LI Z H, WEI H S, et al. SeqFuzzer: an industrial protocol fuzzing framework from a deep learning perspective[C]//Proceedings of the 12th IEEE Conference on Software Testing, Validation and Verification. Piscataway: IEEE, 2019: 59-67.
[43] FENG B, MERA A, LU L. P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling (extended version)[C]//Proceedings of the USENIX Conference on Security Symposium, 2020.
[44] MA X Y, LUO L N, ZENG Q. From one thousand pages of specification to unveiling hidden bugs: large language model assisted fuzzing of matter IoT devices[C]//Proceedings of the 33rd USENIX Conference on Security Symposium, 2024:4783-4800.
[45] LIU Q, ZHANG C, MA L, et al. FirmGuide: boosting the capability of rehosting embedded linux kernels through model-guided kernel execution[C]//Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2021: 792-804.
[46] SHU Z, YAN G H. IoTInfer: automated blackbox fuzz testing of IoT network protocols guided by finite state machine inference[J]. IEEE Internet of Things Journal, 2022, 9(22): 22737-22751.
[47] CHESSER M, NEPAL S, RANASINGHE D C. Icicle: a re-designed emulator for grey?box firmware fuzzing[C]//Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2023: 76-88.
[48] ANGELAKOPOULOS I, STRINGHINI G, EGELE M. FirmSolo: enabling dynamic analysis of binary Linux-based IoT kernel modules[C]//Proceedings of the 32nd USENIX Conference on Security Symposium, 2023: 5021-5038.
[49] ZHANG Y, HUO W, JIAN K P, et al. ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities[J]. Cybersecurity, 2021, 4: 24.
[50] CELIK Z B, TAN G, MCDANIEL P. IoTGuard: dynamic enforcement of security and safety policy in commodity IoT[C]//Proceedings Network and Distributed System Security Symposium, 2019: 1-15.
[51] HERDT V, GRO?E D, WLOKA J, et al. Verification of embedded binaries using coverage-guided fuzzing with SystemC-based virtual prototypes[C]//Proceedings of the on Great Lakes Symposium on VLSI. New York: ACM, 2020: 101-106.
[52] GUI Z J, SHU H, KANG F, et al. FIRMCORN: vulnerability-oriented fuzzing of IoT firmware via optimized virtual execution[J]. IEEE Access, 2020, 8: 29826-29841.
[53] TYCHALAS D, MANIATAKOS M. IFFSET: in-field fuzzing of industrial control systems using system emulation[C]//Proceedings of the Design, Automation & Test in Europe Conference & Exhibition. Piscataway: IEEE, 2020: 662-665.
[54] MERA A, FENG B, LU L, et al. DICE: automatic emulation of DMA input channels for dynamic firmware analysis[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2021: 1938-1954.
[55]ZHOU W, GUAN L, LIU P, et al. Automatic firmware emulation through invalidity-guided knowledge inference[C]//Proceedings of the 30th USENIX Conference on Security Symposium, 2021: 2007-2024.
[56] HERNANDEZ G, MUENCH M, MAIER D, et al. FirmWire: transparent dynamic analysis for cellular baseband firmware[C]//Proceedings 2022 Network and Distributed System Security Symposium, 2022: 1-19.
[57] 司健鹏, 洪征, 周振吉, 等. 关键字敏感的嵌入式设备固件模糊测试方法[J]. 计算机科学, 2024, 51(10): 196-207.
SI J P, HONG Z, ZHOU Z J, et al. Keyword sensitive fuzzing method for embedded device firmware[J]. Computer Science, 2024, 51(10): 196-207.
[58] WEI Y, WANG Y J, ZHOU L, et al. IEmu: interrupt modeling from the logic hidden in the firmware[J]. Journal of Systems Architecture, 2024, 154: 103237.
[59] LIU H T, GAN S T, ZHANG C, et al. Labrador: response guided directed fuzzing for black-box IoT devices[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2024: 1920-1938.
[60] WANG J C, YU L, LUO X P. LLMIF: augmented large language model for fuzzing IoT devices[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2024: 881-896.
[61] EISELE M. Debugger-driven embedded fuzzing[C]//Proceedings of the IEEE Conference on Software Testing, Verification and Validation. Piscataway: IEEE, 2022: 483-485.
[62] EISELE M, EBERT D, HUTH C, et al. Fuzzing embedded systems using debug interfaces[C]//Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2023: 1031-1042.
[63] LI W Q, SHI J M, LI F J, et al. μAFL: non-intrusive feedback-driven fuzzing for microcontroller firmware[C]//Proceedings of the 44th International Conference on Software Engineering. New York: ACM, 2022: 1-12.
[64] LUO L N, ZENG Q, YANG B K, et al. Westworld: fuzzing-assisted remote dynamic symbolic execution of smart apps on IoT cloud platforms[C]//Proceedings of the Annual Computer Security Applications Conference. New York: ACM, 2021: 982-995.
[65] MA X Y, ZENG Q, CHI H T, et al. No more companion apps hacking but one dongle: hub-based blackbox fuzzing of IoT firmware[C]//Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services. New York:ACM, 2023: 205-218.
[66] BELLARD F. QEMU, a fast and portable dynamic translator[C]//Proceedings of the Conference on USENIX Annual Technical Conference, 2005: 41-46.
[67] QUYNH N, VU D. Unicorn: next generation CPU emulator framework[EB/OL]. (2022-11-13)[2024-07-15]. https://www. unicorn-engine.org.
[68] Qilingframework. Qiling: a true instrumentable binary emulation framework[EB/OL]. (2019?08?23)[2024?07?15]. https://github.com/qilingframework/qiling.
[69] NCC Group. TriforceAFL: AFL/QEMU fuzzing with full-system emulation[EB/OL]. (2016?06?14)[2024?07?15]. https://github.com/nccgroup/TriforceAFL.
[70] FENG K, COOK M M, MARNERIDES A K. Sizzler: sequential fuzzing in ladder diagrams for vulnerability detection and discovery in programmable logic controllers[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 1660-1671.
[71] FENG B, LUO M, LIU C M, et al. AIM: automatic interrupt modeling for dynamic firmware analysis[J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(4): 3866-3882.
[72] ZHENG Y W, LI Y K, ZHANG C, et al. Efficient greybox fuzzing of applications in Linux?based IoT devices via enhanced user-mode emulation[C]//Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2022: 417-428.
[73] SEIDEL L, MAIER D, MUENCH M. Forming faster firmware fuzzers[C]//Proceedings of the 32nd USENIX Conference on Security Symposium, 2023: 2903-2920.
[74] CORTEGGIANI N, FRANCILLON A. HardSnap: leveraging hardware snapshotting for embedded systems security testing[C]//Proceedings of the 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Piscataway: IEEE, 2020: 294-305.
[75] LIU P Y, JI S L, ZHANG X H, et al. IFIZZ: deep-state and efficient fault-scenario generation to test IoT firmware[C]//Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2021: 805-816.
[76] ZHANG C, LI Y K, CHEN H X, et al. BIFF: practical binary fuzzing framework for programs of IoT and mobile devices[C]//Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2021: 1161-1165.
[77] WANG Q Y, CHANG B Y, JI S L, et al. SyzTrust: state-aware fuzzing on trusted OS designed for IoT devices[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2024: 2310-2387.
[78] FENG X T, SUN R X, ZHU X G, et al. Snipuzz: black-box fuzzing of IoT firmware via message snippet inference[C]//Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2021: 337-350.
[79] SACHIDANANDA V, BHAIRAV S, GHOSH N, et al. PIT: a probe into Internet of Things by comprehensive security analysis[C]//Proceedings of the 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Piscataway: IEEE, 2019: 522-529.
[80] COSTIN A, ZARRAS A, FRANCILLON A. Automated dynamic firmware analysis at scale: a case study on embedded web interfaces[C]//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. New York:ACM, 2016: 437-448.
[81] YU B, WANG P F, YUE T, et al. Poster: fuzzing IoT firmware via multi-stage message generation[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2019: 2525-2527.
[82] GAO J, XU Y W, JIANG Y, et al. EM-Fuzz: augmented firmware fuzzing via memory checking[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2020, 39(11): 3420-3432.
[83] SITU L Y, ZHANG C, GUAN L, et al. Physical devices-agnostic hybrid fuzzing of IoT firmware[J]. IEEE Internet of Things Journal, 2023, 10(23): 20718-20734.
[84] CHENG Y, ZOU H J, HE J Y, et al. MMFuzz: towards enhancing RTL fuzz testing using metric feedbacks based on Markov chain[C]//Proceedings of the IEEE 32nd Asian Test Symposium. Piscataway:IEEE, 2023: 1-6.
[85] 卢昊良, 邹燕燕, 彭跃, 等. 基于物联网设备局部仿真的反馈式模糊测试技术[J]. 信息安全学报, 2023, 8(1): 78-92.
LU H L, ZOU Y Y, PENG Y, et al. Feedback-driven fuzzing technology based on partial simulation of IoT devices[J]. Journal of Cyber Security, 2023, 8(1): 78-92.
[86] YANG Z K, VIKTOROV Y, YANG J, et al. UEFI firmware fuzzing with simics virtual platform[C]//Proceedings of the 57th ACM/IEEE Design Automation Conference. Piscataway: IEEE, 2020: 1-6.
[87] SALEHI M, DEGANI L, ROVERI M, et al. Discovery and identification of memory corruption vulnerabilities on bare-metal embedded devices[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(2): 1124-1138.
[88] CHESSER M, NEPAL S, RANASINGHE D. MultiFuzz: a multi-stream fuzzer for testing monolithic firmware[C]//Proceedings of the USENIX Conference on Security Symposium, 2024:1-18.
[89] YU Z H, WANG H L, WANG D, et al. CGFuzzer: a fuzzing approach based on coverage-guided generative adversarial networks for industrial IoT protocols[J]. IEEE Internet of Things Journal, 2022, 9(21): 21607-21619.
[90] YU L, LI L Y, WANG H Y, et al. Towards automated detection of higher-order memory corruption vulnerabilities in embedded devices[C]//Proceedings of the Design, Automation & Test in Europe Conference & Exhibition. Piscataway: IEEE, 2021: 1707-1710.
[91] B?HME M, PHAM V T, NGUYEN M D, et al. Directed greybox fuzzing[C]//Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 2329-2344.
[92] ECEIZA M, FLORES J L, ITURBE M. Fuzzing the Internet of Things: a review on the techniques and challenges for efficient vulnerability discovery in embedded systems[J]. IEEE Internet of Things Journal, 2021, 8(13): 10390-10411.