Publications

Download BibTeX.

2026
SP'26
Cottontail: LLM-Driven Concolic Execution for Highly Structured Test Input Generation. 
Haoxin Tu, Seongmin Lee, Yuxian Li, Peng Chen, Lingxiao Jiang, and Marcel Böhme.
Abstract: How to perform concolic execution to generate highly structured test inputs for systematically testing parsing programs.
47th IEEE Symposium on Security and Privacy (SP'26). 18pp.
Note: Accepted with shepherding.
2025
ISSTA'25
🏆
Top Score on the Wrong Exam: On Benchmarking in Machine Learning for Vulnerability Detection. 
Niklas Risse, Jing Liu, and Marcel Böhme.
🧑‍💻 Abstract: The most prevalent problem statement of ML4VD as function-level binary classification problem is ill-defined.
34th ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'25). 22pp.
 🏆 Award: Our paper was selected as ACM Distinguished Papers (Top 8% of accepted papers). Congrats Niklas and Jing!
Note: Supplementary material can be found here: ISSTA25-supplementary.pdf
S&P
How to Solve Cybersecurity Once and For All. 
Marcel Böhme.
Abstract: We should stop trying to confirm the effectiveness of our defenses and start failing to find counterexamples.
IEEE Security and Privacy, Vol. 23, Issue 3.
Note: Invited journal article. A much abbreviated version of the keynote at RAID'24
TOSEM
Software Security Analysis in 2030 and Beyond: A Research Roadmap. 
Marcel Böhme, Eric Bodden, Tevfik Bultan, Cristian Cadar, Yang Liu, and Giuseppe Scanniello.
Abstract: Challenges and opportunities for the security analysis of our software systems of the future.
ACM Transactions on Software Engineering and Methodology. 25pp.
Note: Invited article (Special Section: 2030 Software Engineering Roadmap).
TOSEM
Fuzzing: On Benchmarking Outcome as a Function of Benchmark Properties. 
Dylan Wolff, Marcel Böhme, and Abhik Roychoudhury.
Abstract: How would fuzzer ranking change if programs were larger or initial seeds had more coverage?
ACM Transactions on Software Engineering and Methodology. 24pp.
TSE
AFLNet Five Years Later: On Coverage-Guided Protocol Fuzzing. 
Ruijie Meng, Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury.
🧑‍💻 Abstract: State- and code-coverage-guided greybox fuzzing (Extended version of our ICSE'20 Tool Demo)
IEEE Transactions on Software Engineering. 14pp.
ICLR'25
🏆
How Much is Unseen Depends Chiefly on Information About the Seen. 
Seongmin Lee and Marcel Böhme.
🧑‍💻 Abstract: Significant progress on a beautiful statistical riddle. Can estimate data representativeness.
13th International Conference on Learning Representations (ICLR'25). 22pp.
 🏆 Award: Our paper was selected as ICLR'25 Spotlight (Top 5% of accepted papers). Congrats Seongmin!
ICSE'25
Invivo Fuzzing by Amplifying Actual Executions. 
Octavio Galland and Marcel Böhme.
🧑‍💻 Abstract: Don't attach a fuzzer using fuzz drivers! Inject a fuzzer and amplify any state.
47th International Conference on Software Engineering (ICSE'25). 13pp.
ICSE'25
Accounting for Missing Events in Statistical Information Leakage Analysis. 
Seongmin Lee, Shreyas Minocha, and Marcel Böhme.
🧑‍💻 Abstract: Estimating software privacy in the small sample regime.
47th International Conference on Software Engineering (ICSE'25). 12pp.
FSE'25
🏆
MendelFuzz: The Return of the Deterministic Stage. 
Han Zheng, Flavio Toffalini, Marcel Böhme, and Mathias Payer.
🧑‍💻 Abstract: Can a fuzzer cover more code with minimal corruption of the initial seed?
ACM International Conference on the Foundations of Software Engineering (FSE'25). 21pp.
 🏆 Award: Adopted as default mode in the most widely-used fuzzer AFL++ since v4.10c.
2024
TOSEM
On the Impact of Lower Recall and Precision in Defect Prediction for Guiding Search-based Software Testing. 
Anjana Perera, Burak Turhan, Aldeida Aleti, and Marcel Böhme.
🧑‍💻 ACM Transactions on Software Engineering and Methodology 33(6). 27pp.
USENIX Sec'24
Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection. 
Niklas Risse and Marcel Böhme.
🧑‍💻 Abstract: Are machine learning models for vulnerability discovery as good as they seem?
33rd USENIX Security Symposium (USENIX Sec'24). 19pp.
CCS'24
🏆
Testing Side-Channel Security of Cryptographic Implementations Against Future Microarchitectures. 
G. Barthe, M. Böhme, S. Cauligi, C. Chuengsatiansup, D. Genkin, M. Guarnieri, D. Romero, P. Schwabe, D. Wu, and Y. Yarom.
🧑‍💻 Abstract: How to find side-channels in crypto implementations running on future microarchitectures.
31st ACM Conference on Computer and Communications Security (CCS'24). 16pp.
 🏆 Award: Our paper won the ACM SIGSAC Distinguished Paper Award at CCS'24. Congrats all!
ICSE'24
Extrapolating Coverage Rate in Greybox Fuzzing. 
Danushka Liyanage, Seongmin Lee, Chakkrit Tantithamthavorn, and Marcel Böhme.
🧑‍💻 Abstract: How to *predict* the coverage rate of a greybox fuzzer in the future.
46th International Conference on Software Engineering (ICSE'24). 13pp.
NDSS'24
🏆
Large Language Model guided Protocol Fuzzing. 
Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury.
🧑‍💻 Abstract: How to make a fuzzer ask ChatGPT about the correct structure and order of messages as specified in 100+ pages of RFC.
Network and Distributed System Security Symposium (NDSS'24). 15pp.
 🏆 Award: Number 29 in the Normalized Top-100 Security Papers of all time.
TSE
Human-In-The-Loop Automatic Program Repair. 
Charaka Geethal Kapugama, Marcel Böhme, and Van-Thuan Pham.
🧑‍💻 Abstract: Learn2fix automatically negotiates with the user the condition under which the bug is observed before it repairs the bug.
IEEE Transactions on Software Engineering. 24pp.
Note: Journal extension of our homonymous ICST'20 paper.
2023
CACM
🏆
Boosting Fuzzer Efficiency: An Information Theoretic Perspective. 
Marcel Böhme, Valentin J. M. Manès, and Sang Kil Cha.
🧑‍💻 Abstract: Every generated input reveals some information about the program. Maximizing information maximizes efficiency.
Communcations of the ACM 66(11). 9pp.
 🏆 Award: CACM Research Highlight for the month of November. CACM a journal sent to all members of the ACM.
Note: CACM Technical Perspective: "What's all the fuss about fuzzing?" by the amazing Gordon Fraser!
ESEC / FSE'23
Statistical Reachability Analysis. 
Seongmin Lee and Marcel Böhme.
🧑‍💻 Abstract: Quantiative program analysis using a statistical rather than an analytical approach.
31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC / FSE'23). 12pp.
ASE'23
Precise Data-Driven Approximation for Program Analysis via Fuzzing. 
Nikhil Parasaram, Earl T. Barr, Sergey Mechtaev, and Marcel Böhme.
🧑‍💻 Abstract: Marry static analysis to over-/under-approx. the valid state space and fuzzing + stats to estimate the degree of validity.
38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23). 12pp.
ICSE'23
Reachable Coverage: Estimating Saturation in Fuzzing. 
Danushka Liyanage, Marcel Böhme, Chakkrit Tantithamthavorn, and Stephan Lipp.
🧑‍💻 Abstract: Estimating the maximum achievable coverage by automatic test input generation.
45th International Conference on Software Engineering (ICSE'23). 13pp.
Note: Featured in the Fuzzing Weekly Newsletter (CW5).
ICSE'23
Evaluating the Impact of Experimental Assumptions in Automated Fault Localization. 
Ezekiel Soremekun, Lukas Kirschner, Marcel Böhme, and Mike Papadakis.
🧑‍💻 Abstract: Evaluating the assumptions that researchers make during debugging tool evaluations.
ACM/IEEE 45th International Conference on Software Engineering (ICSE'23). 13pp.
ISSTA'23
Green Fuzzing: A Saturation-based Stopping Criterion using Vulnerability Prediction. 
Stephan Lipp, Daniel Elsner, Severin Kacianka, Alexander Pretschner, Marcel Böhme, and Sebastian Banescu.
🧑‍💻 Abstract: We suggest to stop a fuzzing campaign when the coverage of potentially vulnerable code saturates.
32nd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23). 13pp.
ESEC / FSE'23 (SRC)
🏆
Detecting Overfitting of Machine Learning Techniques for Automatic Vulnerability Detection. 
Niklas Risse.
Student Research Competition (SRC) at the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC / FSE'23 (SRC)). 3pp.
 🏆 Award: Niklas won 2nd place in the ACM FSE Student Research Competition. Congrats Niklas!
SBFT'23
Continuous Fuzzing: A Study of the Effectiveness and Scalability of Fuzzing in CI/CD Pipelines. 
Thijs Klooster, Fatih Turkmen, Gerben Broenink, Ruben Ten Hove, and Marcel Böhme.
🧑‍💻 Abstract: How to integrate fuzzing in a CI/CD pipeline, where time is limited but the analysis can be incremental?
2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT'23). 13pp.
TSE'22
An Experimental Assessment of Using Theoretical Defect Predictors to Guide Search-based Software Testing. 
Anjana Perera, Aldeida Aleti, Burak Turhan, and Marcel Böhme.
🧑‍💻 Abstract: What is the impact of defect predictor accuracy on defectiveness-guided test generation?
IEEE Transactions on Software Engineering.
2022
ICSE'22
On the Reliability of Coverage-based Fuzzer Benchmarking. 
Marcel Böhme, László Szekeres, and Jonathan Metzman.
🧑‍💻 Abstract: We find a strong correlation but no strong agreement on fuzzer superiority in terms of coverage versus bugs.
44th International Conference on Software Engineering (ICSE'22). 13pp.
USENIX SEC'22
Stateful Greybox Fuzzing. 
Jinsheng Ba, Marcel Böhme, Zahra Mirzamomen, and Abhik Roychoudhury.
🧑‍💻 Abstract: Navigating an unknown state space by identifying and monitoring state variables values.
31st USENIX Security Symposium (USENIX SEC'22). 18pp.
ISSTA'22
Human-in-the-Loop Oracle Learning for Semantic Bugs in String Processing Programs. 
Charaka Geethal, Van-Thuan Pham, Aldeida Aleti, and Marcel Böhme.
🧑‍💻 Abstract: Learning to identify semantic bugs for string processing programs.
31st ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'22). 12pp.
ICSE'22 (NIER)
Statistical Reasoning About Programs. 
Marcel Böhme.
Abstract: Open challenges and new research directions for automated program analysis at scale.
44th International Conference on Software Engineering (ICSE'22 (NIER)). 5pp.
2021
IEEE Software
Fuzzing: Challenges and Opportunities. 
Marcel Böhme, Cristian Cadar, and Abhik Roychoudhury.
Abstract: A resource for practitioners and researchers to learn about the main open challenges in fuzzing and symbolic execution.
IEEE Software. 9pp.
Note: This is the outcome of a 3-day meeting of thought leaders and rising stars, both in industry and academia. We are happy to publish these results in the premier magazine (and journal) for software practitioners.
CCS'21
Regression Greybox Fuzzing. 
Xiaogang Zhu and Marcel Böhme.
🧑‍💻 Abstract: Once a program is well-fuzzed, most bugs found are regressions. Fuzz all commits at once, but focus on recent ones.
28th ACM Conference on Computer and Communications Security (CCS'21). 12pp.
EMSE'21
Locating faults with program slicing: an empirical analysis. 
Ezekiel Soremekun, Lukas Kirschner, Marcel Böhme, and Andreas Zeller.
🧑‍💻 Abstract: Empirical comparison of statistical fault localization and dynamic program slicing along more realistic assumptions.
Empirical Software Engineering 26(3).
Note: Congrats to Ezekiel, Lukas, and Andreas! Ezekiel started this work with when I was still a PostDoc in Andreas' team.
ESEC / FSE'21
Estimating Residual Risk in Greybox Fuzzing. 
Marcel Böhme, Danushka Liyanage, and Valentin Wüstholz.
🧑‍💻 Abstract: After 24hrs no crashes, you abort the campaign. What is the change to see a crash if you generated one more input?
15th Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC / FSE'21). 12pp.
Note: Congrats Danushka on his first paper. Exciting work with our industry collaborator Valentin. We are breaking new ground! Shoutout J. Campbell (Microsoft) finds this direction interesting for large-scale fuzzing campaigns in OneFuzz to maximize bug finding within the compute budget.