Coverage-Based Greybox Fuzzing as Markov Chain

Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests ex...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on software engineering Vol. 45; no. 5; pp. 489 - 506
Main Authors Bohme, Marcel, Van-Thuan Pham, Roychoudhury, Abhik
Format Journal Article
LanguageEnglish
Published New York IEEE 01.05.2019
IEEE Computer Society
Subjects
automated testing
Computer crashes
Crashes
Exposure
fuzzing
Markov analysis
Markov chains
Markov processes
path exploration
Program verification (computers)
Schedules
Search problems
Seeds
symbolic execution
Systematics
Vulnerability detection
Online AccessGet full text

Cover

Abstract Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few "high-frequency" paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of CGF using a Markov chain model which specifies the probability that fuzzing the seed that exercises path i generates an input that exercises path j. Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented several schedules by extending AFL. In 24 hours, AFLFast exposes 3 previously unreported CVEs that are not exposed by AFL and exposes 6 previously unreported CVEs 7x faster than AFL. AFLFast produces at least an order of magnitude more unique crashes than AFL. We compared AFLFast to the symbolic executor Klee. In terms of vulnerability detection, AFLFast is significantly more effective than Klee on the same subject programs that were discussed in the original Klee paper. In terms of code coverage, AFLFast only slightly outperforms Klee while a combination of both tools achieves best results by mitigating the individual weaknesses.
AbstractList Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few "high-frequency" paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of CGF using a Markov chain model which specifies the probability that fuzzing the seed that exercises path i generates an input that exercises path j. Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented several schedules by extending AFL. In 24 hours, AFLFast exposes 3 previously unreported CVEs that are not exposed by AFL and exposes 6 previously unreported CVEs 7x faster than AFL. AFLFast produces at least an order of magnitude more unique crashes than AFL. We compared AFLFast to the symbolic executor Klee. In terms of vulnerability detection, AFLFast is significantly more effective than Klee on the same subject programs that were discussed in the original Klee paper. In terms of code coverage, AFLFast only slightly outperforms Klee while a combination of both tools achieves best results by mitigating the individual weaknesses.
Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few “high-frequency” paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of CGF using a Markov chain model which specifies the probability that fuzzing the seed that exercises path $i$ i generates an input that exercises path $j$ j . Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented several schedules by extending AFL. In 24 hours, AFLFast exposes 3 previously unreported CVEs that are not exposed by AFL and exposes 6 previously unreported CVEs 7x faster than AFL. AFLFast produces at least an order of magnitude more unique crashes than AFL. We compared AFLFast to the symbolic executor Klee. In terms of vulnerability detection, AFLFast is significantly more effective than Klee on the same subject programs that were discussed in the original Klee paper. In terms of code coverage, AFLFast only slightly outperforms Klee while a combination of both tools achieves best results by mitigating the individual weaknesses.
Author Van-Thuan Pham
Bohme, Marcel
Roychoudhury, Abhik
Author_xml – sequence: 1
  givenname: Marcel
  surname: Bohme
  fullname: Bohme, Marcel
  email: marcel@comp.nus.edu.sg
  organization: Dept. of Comput. Sci., Nat. Univ. of Singpore, Singapore, Singapore
– sequence: 2
  surname: Van-Thuan Pham
  fullname: Van-Thuan Pham
  email: thuanpv@comp.nus.edu.sg
  organization: Dept. of Comput. Sci., Nat. Univ. of Singpore, Singapore, Singapore
– sequence: 3
  givenname: Abhik
  surname: Roychoudhury
  fullname: Roychoudhury, Abhik
  email: abhik@comp.nus.edu.sg
  organization: Dept. of Comput. Sci., Nat. Univ. of Singpore, Singapore, Singapore
BookMark eNp9kEFPwjAUgBuDiYDeTbws8bz5Xrdu7VEXQBOMB_HctKPDIq7YDiL8ekcgHjx4al7yfe-l34D0GtcYQq4REkQQd7PXUUIBi4QWnPEMz0gfRSrilFHokT6A4DFjXFyQQQhLAGBFwfokKd3WeLUw8YMKZh5NvNlp9x2NN_u9bRaRCtGz8h9uG5XvyjaX5LxWq2CuTu-QvI1Hs_Ixnr5Mnsr7aVxRgW3Ma8NrNJpnGQMBlQJQuqKFylUmuiGnlZrTXIOGTBesA7A-UKnGSmMm0iG5Pe5de_e1MaGVS7fxTXdSUkpzzKH7V0flR6ryLgRvalnZVrXWNa1XdiUR5KGN7NrIQxt5atOJ8Edce_up_O4_5eaoWGPML85pmiLD9AfeZ289
CODEN IESEDJ
CitedBy_id crossref_primary_10_1145_3628160
crossref_primary_10_1109_TDSC_2023_3253120
crossref_primary_10_1155_2021_1987844
crossref_primary_10_3390_electronics13244935
crossref_primary_10_1186_s42400_022_00120_1
crossref_primary_10_1016_j_cose_2022_102894
crossref_primary_10_1109_TIFS_2022_3192991
crossref_primary_10_1109_TSE_2023_3326144
crossref_primary_10_1145_3697014
crossref_primary_10_1145_3647994
crossref_primary_10_32604_cmc_2021_017697
crossref_primary_10_1016_j_cose_2023_103618
crossref_primary_10_1109_TSE_2020_3016778
crossref_primary_10_1109_TNNLS_2022_3156620
crossref_primary_10_1145_3510416
crossref_primary_10_1007_s11432_020_3403_2
crossref_primary_10_1016_j_ins_2025_121959
crossref_primary_10_3390_app132312556
crossref_primary_10_1109_ACCESS_2021_3114202
crossref_primary_10_1186_s42400_022_00116_x
crossref_primary_10_1109_TSE_2019_2956932
crossref_primary_10_1007_s11390_021_1693_1
crossref_primary_10_1109_TR_2022_3161634
crossref_primary_10_1109_TIFS_2023_3237370
crossref_primary_10_32604_cmc_2023_042361
crossref_primary_10_3390_electronics10243142
crossref_primary_10_1007_s11390_021_1196_0
crossref_primary_10_1109_TSE_2021_3121994
crossref_primary_10_1109_ACCESS_2019_2936235
crossref_primary_10_1145_3674725
crossref_primary_10_3390_math12213431
crossref_primary_10_1109_TSE_2023_3338129
crossref_primary_10_1145_3527317
crossref_primary_10_1093_comjnl_bxad110
crossref_primary_10_4236_jsea_2023_166010
crossref_primary_10_1007_s11227_020_03245_7
crossref_primary_10_1145_3623375
crossref_primary_10_3390_s22031265
crossref_primary_10_1016_j_cose_2022_102813
crossref_primary_10_1016_j_jss_2023_111886
crossref_primary_10_1016_j_swevo_2024_101747
crossref_primary_10_1109_ACCESS_2024_3421989
crossref_primary_10_1109_TSE_2023_3321381
crossref_primary_10_1016_j_compeleceng_2025_110266
crossref_primary_10_1145_3538644
crossref_primary_10_1002_cpe_5756
crossref_primary_10_2139_ssrn_4129684
crossref_primary_10_3390_fi12040074
crossref_primary_10_1145_3665337
crossref_primary_10_1145_3712186
crossref_primary_10_1109_JIOT_2021_3056179
crossref_primary_10_1016_j_cose_2024_104099
crossref_primary_10_1016_j_eswa_2022_118162
crossref_primary_10_1016_j_engappai_2025_110094
crossref_primary_10_3390_math9111245
crossref_primary_10_1016_j_cose_2022_102995
crossref_primary_10_1109_ACCESS_2022_3233875
crossref_primary_10_1109_ACCESS_2020_3025037
crossref_primary_10_1109_TSE_2022_3219520
crossref_primary_10_3390_math9030272
crossref_primary_10_1016_j_cose_2021_102308
crossref_primary_10_1016_j_jss_2022_111379
crossref_primary_10_1038_s41598_022_07355_5
crossref_primary_10_1002_stvr_1869
crossref_primary_10_1145_3643895
crossref_primary_10_1109_JAS_2022_105860
crossref_primary_10_1007_s11390_021_1663_7
crossref_primary_10_1109_ACCESS_2020_2973043
crossref_primary_10_1007_s11390_021_1600_9
crossref_primary_10_1109_TDSC_2024_3361008
crossref_primary_10_1109_TSE_2022_3156637
crossref_primary_10_1145_3526088
crossref_primary_10_1109_TCAD_2021_3076970
crossref_primary_10_1109_TSE_2022_3195640
crossref_primary_10_1007_s42979_024_03234_0
crossref_primary_10_3390_electronics12194033
crossref_primary_10_1109_TITS_2021_3098353
crossref_primary_10_1016_j_jnca_2024_103835
crossref_primary_10_1109_JIOT_2022_3183952
crossref_primary_10_1016_j_jss_2024_111963
crossref_primary_10_1145_3586027
crossref_primary_10_1016_j_sysarc_2022_102483
crossref_primary_10_1109_TCAD_2020_3013046
crossref_primary_10_1109_TSE_2023_3305052
crossref_primary_10_3390_app10165449
crossref_primary_10_1109_ACCESS_2021_3097807
crossref_primary_10_1155_2021_6698311
crossref_primary_10_1002_stvr_1897
crossref_primary_10_1007_s10664_023_10340_9
crossref_primary_10_1016_j_est_2020_101459
crossref_primary_10_1109_ACCESS_2022_3202005
crossref_primary_10_1109_TNSE_2020_2997359
crossref_primary_10_1109_TSE_2021_3117966
crossref_primary_10_3390_math9030205
Cites_doi 10.1145/2090147.2094081
10.1145/1950365.1950396
10.1109/ICSE.2009.5070546
10.1126/science.220.4598.671
10.1109/ACSAC.2007.27
10.1145/2508859.2516736
10.1109/SP.2015.50
10.14722/ndss.2016.23368
10.1109/SP.2010.37
10.1145/2338965.2336773
10.1145/3133956.3134020
10.1145/2491411.2491430
10.1145/2908080.2908095
10.1109/TSE.2015.2487274
10.1145/96267.96279
10.1145/2976749.2978428
10.1145/2970276.2970316
10.1016/S0169-7552(98)00110-X
ContentType Journal Article
Copyright Copyright IEEE Computer Society 2019
Copyright_xml – notice: Copyright IEEE Computer Society 2019
DBID 97E
RIA
RIE
AAYXX
CITATION
JQ2
K9.
DOI 10.1109/TSE.2017.2785841
DatabaseName IEEE Xplore (IEEE)
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
ProQuest Computer Science Collection
ProQuest Health & Medical Complete (Alumni)
DatabaseTitle CrossRef
ProQuest Health & Medical Complete (Alumni)
ProQuest Computer Science Collection
DatabaseTitleList
ProQuest Health & Medical Complete (Alumni)
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1939-3520
EndPage 506
ExternalDocumentID 10_1109_TSE_2017_2785841
8233151
Genre orig-research
GrantInformation_xml – fundername: National Research Foundation
  grantid: NRF2014NCR-NCR001-21
  funderid: 10.13039/100011512
GroupedDBID --Z
-DZ
-~X
.DC
0R~
29I
4.4
5GY
6IK
85S
8R4
8R5
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABPPZ
ABQJQ
ABVLG
ACGFO
ACGOD
ACIWK
ACNCT
AENEX
AGQYO
AHBIQ
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ASUFR
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BKOMP
BPEOZ
CS3
DU5
EBS
EDO
EJD
HZ~
I-F
IEDLZ
IFIPE
IPLJI
JAVBF
LAI
M43
MS~
O9-
OCL
P2P
Q2X
RIA
RIE
RNS
RXW
S10
TAE
TN5
TWZ
UHB
UPT
WH7
YZZ
AAYXX
ALIPV
CITATION
RIG
JQ2
K9.
ID FETCH-LOGICAL-c291t-8fe8f1eb8445090ca00abc27a6a49a0062cad26b0b04b750ca1f0ca03b1cb1493
IEDL.DBID RIE
ISSN 0098-5589
IngestDate Mon Jun 30 11:03:42 EDT 2025
Tue Jul 01 01:53:16 EDT 2025
Thu Apr 24 23:06:47 EDT 2025
Wed Aug 27 05:51:33 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 5
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c291t-8fe8f1eb8445090ca00abc27a6a49a0062cad26b0b04b750ca1f0ca03b1cb1493
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-4470-1824
0000-0002-9871-3695
PQID 2226160352
PQPubID 21418
PageCount 18
ParticipantIDs crossref_citationtrail_10_1109_TSE_2017_2785841
ieee_primary_8233151
proquest_journals_2226160352
crossref_primary_10_1109_TSE_2017_2785841
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2019-05-01
PublicationDateYYYYMMDD 2019-05-01
PublicationDate_xml – month: 05
  year: 2019
  text: 2019-05-01
  day: 01
PublicationDecade 2010
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle IEEE transactions on software engineering
PublicationTitleAbbrev TSE
PublicationYear 2019
Publisher IEEE
IEEE Computer Society
Publisher_xml – name: IEEE
– name: IEEE Computer Society
References ref37
ref15
ref36
bellard (ref17) 2005
ref31
ref30
ref33
chen (ref35) 2016
(ref5) 2017
ref32
rebert (ref28) 2014
ref1
kirkpatrick (ref21) 1983; 220
ref16
norris (ref19) 1998
(ref2) 2015
cadar (ref7) 2008
(ref18) 2017
(ref11) 2017
(ref9) 2017
(ref13) 2017
pak (ref34) 2012
rizzi (ref22) 2016
(ref26) 0
ref20
(ref25) 2017
godefroid (ref14) 2012; 10
(ref23) 2017
(ref10) 2017
(ref6) 2014
ref27
ref29
ref8
ref4
ref3
(ref12) 2017
serebryany (ref24) 2012
References_xml – year: 2014
  ident: ref6
  article-title: Pulling jpegs out of thin air
– volume: 10
  start-page: 20:20
  year: 2012
  ident: ref14
  article-title: Sage: Whitebox fuzzing for security testing
  publication-title: Queue
  doi: 10.1145/2090147.2094081
– year: 2015
  ident: ref2
  article-title: Symbolic execution in vulnerability research.
– year: 2017
  ident: ref10
  article-title: SPIKE Fuzzer Platform.
– ident: ref15
  doi: 10.1145/1950365.1950396
– ident: ref16
  doi: 10.1109/ICSE.2009.5070546
– volume: 220
  start-page: 671
  year: 1983
  ident: ref21
  article-title: Optimization by simulated annealing
  publication-title: Sci
  doi: 10.1126/science.220.4598.671
– year: 2017
  ident: ref25
  article-title: OpenSSL: Secure communication library.
– year: 2017
  ident: ref11
  article-title: Suley Fuzzer.
– ident: ref36
  doi: 10.1109/ACSAC.2007.27
– year: 2017
  ident: ref18
  article-title: Afl binary instrumentation.
– start-page: 861
  year: 2014
  ident: ref28
  article-title: Optimizing seed selection for fuzzing
  publication-title: Proc 23rd USENIX Secur Symp
– year: 2017
  ident: ref9
  article-title: Peach Fuzzer Platform.
– ident: ref27
  doi: 10.1145/2508859.2516736
– year: 2017
  ident: ref23
  article-title: GNU Coreutils.
– ident: ref29
  doi: 10.1109/SP.2015.50
– start-page: 209
  year: 2008
  ident: ref7
  article-title: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs
  publication-title: Proc 8th USENIX Conf Operating Syst Des Implementation
– ident: ref3
  doi: 10.14722/ndss.2016.23368
– year: 2017
  ident: ref5
  article-title: Afl vulnerability trophy case
– ident: ref32
  doi: 10.1109/SP.2010.37
– year: 1998
  ident: ref19
  publication-title: Markov Chains (Cambridge Series in Statistical and Probabilistic Mathematics)
– ident: ref30
  doi: 10.1145/2338965.2336773
– start-page: 41
  year: 2005
  ident: ref17
  article-title: Qemu, a fast and portable dynamic translator
  publication-title: Proc Annu Conf USENIX Annu Tech Conf
– ident: ref37
  doi: 10.1145/3133956.3134020
– ident: ref31
  doi: 10.1145/2491411.2491430
– start-page: 28
  year: 2012
  ident: ref24
  article-title: Addresssanitizer: A fast address sanity checker
  publication-title: Proc USENIX Conf Annu Tech Conf 2012
– start-page: 132
  year: 2016
  ident: ref22
  article-title: On the techniques we create, the tools we build, and their misalignments: A study of klee
  publication-title: Proc 38th Int Conf Softw Eng
– start-page: 2017
  year: 0
  ident: ref26
  article-title: LibXML2: XML parser library for C.
– start-page: 85
  year: 2016
  ident: ref35
  article-title: Coverage-directed differential testing of JVM implementations
  publication-title: Proc ACM SIGPLAN Conf Programming Lang Des Implementation
  doi: 10.1145/2908080.2908095
– year: 2017
  ident: ref13
  article-title: Zzuf: multi-purpose fuzzer.
– ident: ref4
  doi: 10.1109/TSE.2015.2487274
– ident: ref8
  doi: 10.1145/96267.96279
– year: 2012
  ident: ref34
  article-title: Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution
– ident: ref1
  doi: 10.1145/2976749.2978428
– ident: ref33
  doi: 10.1145/2970276.2970316
– year: 2017
  ident: ref12
  article-title: American fuzzy lop (afl) fuzzer.
– ident: ref20
  doi: 10.1016/S0169-7552(98)00110-X
SSID ssj0005775
ssib053395008
Score 2.6816404
Snippet Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input....
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 489
SubjectTerms automated testing
Computer crashes
Crashes
Exposure
fuzzing
Markov analysis
Markov chains
Markov processes
path exploration
Program verification (computers)
Schedules
Search problems
Seeds
symbolic execution
Systematics
Vulnerability detection
Title Coverage-Based Greybox Fuzzing as Markov Chain
URI https://ieeexplore.ieee.org/document/8233151
https://www.proquest.com/docview/2226160352
Volume 45
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELZKJxYKFEShIA8sSCS1HcdxRqhaKqSy0ErdIr8iEChBtEGovx47jyIeQmwZzpZ1Z_u-i-_uA-AcUy1ThS1yYynzaBoZjytNPKoJ0ZoxEXNX7zy9Y5M5vV2Eixa43NTCGGPK5DPju8_yLV_nqnC_ygacBAF29dJbNnCrarU-0zmiKGz6Y4Yhj5snSRQPZvcjl8MV-STi1t_iLy6o5FT5cRGX3mXcAdNmXVVSyZNfrKSv1t9aNv534btgp4aZ8KraF3ugZbJ90GkoHGB9orvAH7oUTnuneNfWnWl4Yy0r83c4LtZr69SgWEJXzZO_weGDeMwOwHw8mg0nXk2h4CkS45XHU8NTbCSn1CIDpARCQioSCSZoLFwBpRKaMIkkotKCByVw6qQCiZW0wVNwCNpZnpkjAHEaaOV4rrRClBrOjeDaKI2xsiCRhz0waLSaqLq_uKO5eE7KOAPFibVD4uyQ1HbogYvNiJeqt8Yfsl2n1o1crdEe6DeGS-rDt0ws5GGOPTskx7-POgHbdu64ylvsg_bqtTCnFlus5Fm5qT4Au43JVw
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwED5VMMBCgYIoFMjAgkTS2HESZ4SqpUDbhVbqFvkVgUAtoglC_fXYeRTxEGLLcJYtn-3vc_zdHcAZIpInAmnmFiSBTZJQ2VRIbBOJsZRBwCJq4p2Ho6A_IbdTf1qDi1UsjFIqF58px3zmb_lyLjLzq6xNsechEy-9rnHfR0W01qegIwz9KkOm79OoepR0o_b4vmtUXKGDQ6oRF30Bobyqyo-jOMeXXh2G1cgKWcmTk6XcEctvSRv_O_Rt2CqJpnVZrIwdqKnZLtSrIg5Wuacb4HSMiFOfKvaVBjRpXWvf8vm71cuWSw1rFltYJp5n_mZ1HtjjbA8mve6407fLIgq2wBFKbZoomiDFKSGaG7iCuS7jAocsYCRiJoRSMIkD7nKXcE0fBEOJsfI4Elxfn7x9WJvNZ-oALJR4UphKV1K4hChKFaNSCYmQ0DSR-k1oV7MaizLDuCl08RznNw03irUfYuOHuPRDE85XLV6K7Bp_2DbMtK7syhltQqtyXFxuv0WsSU9g6mf7-PD3Vqew0R8PB_HgZnR3BJu6n6hQMbZgLX3N1LFmGik_yRfYB2vBzKA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Coverage-Based+Greybox+Fuzzing+as+Markov+Chain&rft.jtitle=IEEE+transactions+on+software+engineering&rft.au=Bohme%2C+Marcel&rft.au=Pham%2C+Van-Thuan&rft.au=Roychoudhury%2C+Abhik&rft.date=2019-05-01&rft.issn=0098-5589&rft.eissn=1939-3520&rft.volume=45&rft.issue=5&rft.spage=489&rft.epage=506&rft_id=info:doi/10.1109%2FTSE.2017.2785841&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TSE_2017_2785841
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0098-5589&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0098-5589&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0098-5589&client=summon