@inproceedings{ICSE25-leak,
  author       = {Seongmin Lee and Shreyas Minocha and Marcel B{\"o}hme},
  title        = {Accounting for Missing Events in Statistical Information Leakage Analysis},
  year         = {2025},
  booktitle    = {Proceedings of the 47th International Conference on Software Engineering},
  series       = {ICSE'25},
  abstract     = {Estimating software privacy in the small sample regime.},
  numpages     = {12},
  pdf_url      = {papers/ICSE25-leak.pdf},
}

@inproceedings{USENIX24-ml4sec,
  author       = {Niklas Risse and Marcel B{\"o}hme},
  title        = {Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection},
  year         = {2024},
  booktitle    = {Proceedings of the 33rd USENIX Security Symposium},
  series       = {USENIX Sec'24},
  abstract     = {Are machine learning models for vulnerability discovery as good as they seem?},
  numpages     = {19},
  pdf_url      = {papers/USENIX24-ml4sec.pdf},
}

@inproceedings{CCS24-lmtest,
  author       = {G. Barthe and M. B{\"o}hme and S. Cauligi and C. Chuengsatiansup and D. Genkin and M. Guarnieri and D. Romero and P. Schwabe and D. Wu and Y. Yarom},
  title        = {Testing Side-Channel Security of Cryptographic Implementations Against Future Microarchitectures},
  year         = {2024},
  booktitle    = {Proceedings of the 31st ACM Conference on Computer and Communications Security},
  series       = {CCS'24},
  abstract     = {How to find side-channels in crypto implementations running on future microarchitectures.},
  numpages     = {16},
  pdf_url      = {papers/CCS24-lmtest.pdf},
  artifact_url = {https://github.com/hw-sw-contracts/leakage-model-testing},
}

@inproceedings{ICSE24-predict,
  author       = {Liyanage, Danushka and Lee, Seongmin and Tantithamthavorn, Chakkrit and B{\"o}hme, Marcel},
  title        = {Extrapolating Coverage Rate in Greybox Fuzzing},
  year         = {2024},
  booktitle    = {Proceedings of the 46th International Conference on Software Engineering},
  series       = {ICSE'24},
  abstract     = {How to *predict* the coverage rate of a greybox fuzzer in the future.},
  numpages     = {13},
  pdf_url      = {papers/ICSE24-predict.pdf},
  artifact_url = {https://doi.org/10.5281/zenodo.10460578},
  artifact_doi = {10.5281/zenodo.10460578}
}

@inproceedings{NDSS24-chatafl,
  author       = {Ruijie Meng and Martin Mirchev and Marcel B\"{o}hme and Abhik Roychoudhury},
  booktitle    = {Proceedings of the Network and Distributed System Security Symposium},
  series       = {NDSS'24},
  title        = {Large Language Model guided Protocol Fuzzing},
  abstract     = {How to make a fuzzer ask ChatGPT about the correct structure and order of messages as specified in 100+ pages of RFC.},
  year         = {2024},
  numpages     = {15},
  pdf_url      = {papers/NDSS24-chatafl.pdf},
  artifact_url = {https://zenodo.org/doi/10.5281/zenodo.8373804},
  artifact_doi = {10.5281/zenodo.8373804},
  github_url   = {https://github.com/ChatAFLndss/ChatAFL}
}

@article{TSE24-learn2fix,
  author       = {Charaka Geethal Kapugama and B\"{o}hme, Marcel and Pham, Van-Thuan},
  journal      = {IEEE Transactions on Software Engineering},
  series       = {TSE'24},
  title        = {Human-In-The-Loop Automatic Program Repair},
  abstract     = {Learn2fix automatically negotiates with the user the condition under which the bug is observed before it repairs the bug.},
  year         = {2024},
  numpages     = {24},
  doi          = {10.1109/TSE.2023.3305052},
  note         = {Journal extension of our homonymous <a href="papers/ICST20-learn2fix.pdf">ICST'20</a> paper.},
  pdf_url      = {papers/TSE24-learn2fix.pdf},
  artifact_url = {https://github.com/charakageethal/learn2fix-journal-ext/}
}

@article{TOSEM24-dpsbst,
  author  = {Perera, Anjana and Turhan, Burak and Aleti, Aldeida and B\"{o}hme, Marcel},
  journal = {ACM Transactions on Software Engineering and Methodology},
  series  = {TOSEM'24},
  title   = {On the Impact of Lower Recall and Precision in Defect Prediction for Guiding Search-Based Software Testing},
  year    = {2024},
  note    = {Accepted subject to minor revisions.}
}

@article{CACM23-entropic,
  author       = {B\"{o}hme, Marcel and Man\`{e}s, Valentin J. M. and Cha, Sang Kil},
  title        = {Boosting Fuzzer Efficiency: An Information Theoretic Perspective},
  year         = {2023},
  issue_date   = {November 2023},
  publisher    = {Association for Computing Machinery},
  address      = {New York, NY, USA},
  volume       = {66},
  number       = {11},
  issn         = {0001-0782},
  url          = {https://doi.org/10.1145/3611019},
  doi          = {10.1145/3611019},
  journal      = {Communcations of the ACM},
  series       = {CACM'23 Research Highlight},
  month        = {Oct},
  pages        = {89–97},
  numpages     = {9},
  abstract     = {Every generated input reveals some information about the program. Maximizing information maximizes efficiency.},
  pdf_url      = {papers/CACM23-entropic.pdf},
  artifact_url = {https://doi.org/10.6084/m9.figshare.12415622},
  artifact_doi = {10.6084/m9.figshare.12415622},
  award        = {CACM Research Highlight for the month of November. CACM a journal sent to all members of the ACM.},
  note         = {CACM Technical Perspective: <a href="https://cacm.acm.org/magazines/2023/11/277438-technical-perspective-whats-all-the-fuss-about-fuzzing">"What's all the fuss about fuzzing?"</a> by the amazing Gordon Fraser!}
}

@inproceedings{FSE23-reachability,
  author       = {Lee, Seongmin and B{\"o}hme, Marcel},
  title        = {Statistical Reachability Analysis},
  booktitle    = {Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  series       = {ESEC / FSE'23},
  year         = {2023},
  numpages     = {12},
  doi          = {10.1145/3611643.3616268},
  abstract     = {Quantiative program analysis using a statistical rather than an analytical approach.},
  pdf_url      = {papers/FSE23-reachability.pdf},
  artifact_url = {https://doi.org/10.5281/zenodo.8267404},
  artifact_doi = {10.5281/zenodo.8267404}
}


@inproceedings{ASE23-preciseApprox,
  author       = {Nikhil Parasaram and Earl T. Barr and Sergey Mechtaev and Marcel B{\"o}hme},
  booktitle    = {Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering},
  numpages     = {12},
  publisher    = {Association for Computing Machinery},
  series       = {ASE'23},
  title        = {Precise Data-Driven Approximation for Program Analysis via Fuzzing},
  year         = {2023},
  abstract     = {Marry static analysis to over-/under-approx. the valid state space and fuzzing + stats to estimate the degree of validity.},
  pdf_url      = {papers/ASE23-preciseApprox.pdf},
  artifact_url = {https://doi.org/10.5281/zenodo.7902214},
  artifact_doi = {10.5281/zenodo.7902214}
}

@inproceedings{ICSE23-effectiveness,
  author       = {Liyanage, Danushka and B{\"o}hme, Marcel and Tantithamthavorn, Chakkrit and Lipp, Stephan},
  title        = {Reachable Coverage: Estimating Saturation in Fuzzing},
  year         = {2023},
  booktitle    = {Proceedings of the 45th International Conference on Software Engineering},
  series       = {ICSE'23},
  numpages     = {13},
  abstract     = {Estimating the maximum achievable coverage by automatic test input generation.},
  note         = {Featured in the <a href="https://www.fuzztesting.io/fuzzing-weekly/2023/cw5">Fuzzing Weekly Newsletter (CW5)</a>.},
  pdf_url      = {papers/ICSE23-effectiveness.pdf},
  artifact_url = {https://doi.org/10.5281/zenodo.7571359},
  artifact_doi = {10.5281/zenodo.7571359}
}

@inproceedings{ICSE23-debug-assumptions,
  author       = {Soremekun, Ezekiel and Kirschner, Lukas and B\"{o}hme, Marcel and Papadakis, Mike},
  title        = {Evaluating the Impact of Experimental Assumptions in Automated Fault Localization},
  booktitle    = {Proceedings of the ACM/IEEE 45th International Conference on Software Engineering},
  series       = {ICSE'23},
  numpages     = {13},
  year         = {2023},
  abstract     = {Evaluating the assumptions that researchers make during debugging tool evaluations.},
  pdf_url      = {papers/ICSE23-debug-assumptions.pdf},
  artifact_url = {https://figshare.com/articles/conference_contribution/Debugging_Assumptions_Artifact/21786743},
  artifact_doi = {10.6084/m9.figshare.21786743.v6},
  website_url  = {https://debugging-assumptions.github.io/}
}

@inproceedings{ISSTA23-green,
  author       = {Lipp, Stephan and Elsner, Daniel and Kacianka, Severin and Pretschner, Alexander and B{\"o}hme, Marcel and Banescu, Sebastian},
  title        = {Green Fuzzing: A Saturation-based Stopping Criterion using Vulnerability Prediction},
  booktitle    = {Proceedings of the 32nd ACM/SIGSOFT International Symposium on Software Testing and Analysis},
  series       = {ISSTA'23},
  doi          = {10.1145/3597926.3598043},
  year         = {2023},
  numpages     = {13},
  abstract     = {We suggest to stop a fuzzing campaign when the coverage of potentially vulnerable code saturates.},
  pdf_url      = {papers/ISSTA23-green.pdf},
  artifact_url = {https://doi.org/10.5281/zenodo.7944722},
  artifact_doi = {10.5281/zenodo.7944722},
  github_url   = {https://github.com/tum-i4/green-fuzzing-artifacts/tree/1.0.0}
}

@inproceedings{FSE23-src,
  author    = {Niklas Risse},
  title     = {Detecting Overfitting of Machine Learning Techniques for Automatic Vulnerability Detection},
  booktitle = {Student Research Competition (SRC) at the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  series    = {ESEC / FSE'23 (SRC)},
  year      = {2023},
  numpages  = {3}
}