SemFi: Semantic Frame Interpolation & Fuzzing
- SemFi is a label for semantics-centered systems applied to generative video via Semantic Frame Interpolation and network protocol security via semantics-aware fuzzing.
- In video generation, it utilizes endpoint conditioning, text guidance, and a Mixture-of-LoRA module to achieve smooth, multi-rate frame interpolation.
- In network security, SemFi (alias SemFuzz) extracts structured semantic rules from RFCs to generate test cases that target protocol vulnerabilities.
Searching arXiv for the provided identifiers and the term "SemFi" to ground the article in the cited literature. SemFi is a label used in recent arXiv literature for two unrelated semantics-centered systems. In generative video, it denotes a model introduced with the task of Semantic Frame Interpolation (SFI), where intermediate frames are generated between a first frame and a last frame under text guidance and for variable target lengths (Hong et al., 7 Jul 2025). In network security, “SemFi” is used as an alias for SemFuzz, a semantics-aware fuzzing framework that extracts structured semantic rules from RFC documents, generates protocol test cases that intentionally violate those rules, and detects vulnerabilities by comparing observed and expected responses (Sun et al., 6 Mar 2026). This suggests that “SemFi” is not yet a standardized designation but a local shorthand attached to distinct research programs.
1. Terminological scope and disambiguation
The two documented uses of SemFi differ in objective, data modality, and formal apparatus.
| Usage of “SemFi” | Domain | Core object |
|---|---|---|
| SemFi model | Video generation | Semantic Frame Interpolation |
| Alias for SemFuzz | Network protocol security | Semantics-aware fuzzing |
In the video setting, the relevant paper formally defines SFI as conditional sequence generation from two endpoint frames, a text prompt, and a target number of intermediate frames (Hong et al., 7 Jul 2025). In the protocol-security setting, the relevant paper defines semantics-aware fuzzing through structured semantic rules extracted from RFC specifications and a semantic oracle that flags deviations between observed and expected responses (Sun et al., 6 Mar 2026).
The shared lexical element is “semantic,” but the technical meanings are distinct. In SFI, semantics concerns text-conditioned visual transition and consistency across frame counts. In SemFuzz, semantics concerns compliance with specification semantics and receiver behavior under rule violations.
2. SemFi in Semantic Frame Interpolation: task definition
Semantic Frame Interpolation is defined by the inputs for the first frame, for the last frame, a text prompt , and a positive integer specifying the number of intermediate frames to generate (Hong et al., 7 Jul 2025). The output is a sequence , each in , forming a smooth semantic transition from to under guidance (Hong et al., 7 Jul 2025).
The paper models SFI as conditional sequence generation under a diffusion or other generative model
with inference defined by sampling
0
This formulation unifies previously separated settings (Hong et al., 7 Jul 2025). When 1 is small and 2, the task recovers classic short-range Video Frame Interpolation. When 3 is large, it recovers long-range frame-to-frame generation as in Foundation Video Models (Hong et al., 7 Jul 2025).
The paper’s motivation is that traditional frame interpolation emphasizes a small number of frames, no text control, and minimal differences between the first and last frames, whereas recent community use of large video models represented by Wan yields frame-to-frame generation with a fixed number of frames and often unsatisfactory behavior for certain frame lengths (Hong et al., 7 Jul 2025). The proposed SFI task is therefore positioned as a practical academic definition that covers both short-range interpolation and long-range generation while supporting inference at multiple frame rates (Hong et al., 7 Jul 2025).
3. SemFi model architecture and multi-rate inference
The SemFi model is built upon Wan2.1, specifically Wan2.1-I2V, and uses a Wan-VAE, a Wan-DiT diffusion transformer, endpoint-image embeddings, text conditioning, and a Mixture-of-LoRA module (Hong et al., 7 Jul 2025). The backbone encodes a concatenated temporal tensor 4, where positions 5 and 6 hold 7 and 8, and positions 9 are zero-filled (Hong et al., 7 Jul 2025). A binary mask
0
with 1 and 2 is encoded in parallel (Hong et al., 7 Jul 2025).
Conditional information injection proceeds through three channels. First, the guidance tensor is 3. Second, the mask is 4. Third, a CLIP image encoder produces embeddings 5 and 6, which are summed and projected as 7, with 8 a linear projection; 9 is inserted via cross-attention in DiT layers alongside text-prompt tokens (Hong et al., 7 Jul 2025). Standard Wan text conditioning remains in place, and the endpoint image embedding and text tokens jointly attend in each block, aligning visual boundary conditions and semantic intent (Hong et al., 7 Jul 2025).
The principal architectural novelty is the Mixture-of-LoRA module. Its motivation is that a single LoRA adapts poorly across widely varying 0 (Hong et al., 7 Jul 2025). The module contains a universal LoRA 1 trained on all 2, together with expert LoRAs 3 for discrete frame counts 4 (Hong et al., 7 Jul 2025). For a target 5, the selected expert index is
6
and the combined low-rank update is
7
In each forward pass, the original weight 8 in all linear and attention projections is replaced by
9
The paper attributes distinct interpolation regimes to different scales: short-range 0 emphasizes high-frequency motion and texture, mid-range 1 emphasizes smooth semantic transitions, and long-range 2 emphasizes large semantic drift and creative generation (Hong et al., 7 Jul 2025).
The multi-rate inference mechanism follows this adapter-selection logic during sampling. A latent 3 is initialized; at each denoising step, the DiT predicts updates conditioned on 4, 5, 6, 7, and 8; and the decoded 9 yields 0 through Wan-VAE (Hong et al., 7 Jul 2025). Because the trained expert set 1 follows a geometric progression of frame counts and nearest-neighbor selection is used, 2 need not lie exactly in 3; the paper states that the universal LoRA helps prevent catastrophic performance drop for unseen 4 (Hong et al., 7 Jul 2025).
4. SFI-300K, SFIBench, and empirical behavior
The SFI paper introduces SFI-300K as the first general-purpose dataset and benchmark specifically designed for SFI (Hong et al., 7 Jul 2025). The source pool consists of high-quality clips from Open Sora Plan datasets. Clips are filtered by frame rate 5 FPS and clip length 6 with 7 (Hong et al., 7 Jul 2025). For each clip 8, the preprocessing computes a CLIP similarity
9
and a flow score
0
via RAFT; thresholds on 1 and 2 retain only clips with meaningful visual change (Hong et al., 7 Jul 2025). For each 3, centered segments are extracted by multi-frame trimming, and captions are produced with Qwen2.5-VL-32B using a specialized prompt. The final dataset is 4 (Hong et al., 7 Jul 2025).
SFIBench evaluates multiple dimensions. Video fidelity uses per-frame average LPIPS and FID between distributions of generated and ground-truth frames. Frame fidelity evaluates endpoints using PSNR, SSIM, and LPIPS. Semantic fidelity uses ViCLIP-score, defined as the cosine between video and text features. Additional video quality dimensions taken from VBench are Temporal Flickering, Motion Smoothness, Dynamic Degree, Aesthetic Quality, and Imaging Quality (Hong et al., 7 Jul 2025).
On aggregate across all 5, SemFi is compared against GI, FCVG, and Wan. Reported values are LPIPS 6 and FID 7 for Video Fidelity; PSNR 8, SSIM 9, and LPIPS 0 for Frame Fidelity; Semantic Fidelity 1; Flickering 2; Smoothness 3; Dynamic 4; Aesthetic 5; and Imaging 6 (Hong et al., 7 Jul 2025). The paper states that SemFi consistently outperforms or matches the best baseline across five out of eight metrics (Hong et al., 7 Jul 2025).
Performance varies by frame count. At small 7, SemFi is reported to dramatically reduce LPIPS and FID relative to Wan; at 8, LPIPS changes from 9 to 0, and FID from 1 to 2 (Hong et al., 7 Jul 2025). At mid-range 3, SemFi trades a slight fidelity drop for higher motion smoothness and aesthetic scores. At long range 4, it maintains semantic consistency and superior flicker and smoothness (Hong et al., 7 Jul 2025). The variance analysis reports that 5-variance over the six frame counts is lower for SemFi on nearly all metrics, with an example given as FID variance 6 versus 7, which the paper interprets as greater stability across 8 (Hong et al., 7 Jul 2025).
Ablation studies isolate the importance of multi-frame training and the Mixture-of-LoRA module. Without multi-frame training, LPIPS increases from 9 to 0, FID from 1 to 2, Flickering changes from 3 to 4, and Smoothness from 5 to 6 (Hong et al., 7 Jul 2025). Without MoL, LPIPS is 7, FID is 8, semantic fidelity remains approximately 9, Flickering is 00, and Smoothness is 01, while dynamic degree and aesthetic/imaging quality slightly degrade (Hong et al., 7 Jul 2025). The authors conclude that multi-frame data are crucial for scale adaptivity and that MoL refines temporal distribution and prevents artifacts (Hong et al., 7 Jul 2025).
The limitations explicitly noted are a current upper bound of 02, attributed to training-data constraints, and a domain gap for synthetic or heavily stylized footage. Proposed future directions are to extend MoL experts to larger 03, incorporate synthetic data, and investigate continuous-expert weighting instead of nearest-neighbor selection (Hong et al., 7 Jul 2025).
5. SemFi as an alias for SemFuzz: formal semantics-aware fuzzing
In the network-security usage, SemFi denotes SemFuzz, a semantics-aware fuzzing framework for network protocol implementations (Sun et al., 6 Mar 2026). The formal setting introduces a protocol 04 specified by an RFC, a set of message types 05, a set of real-world seed messages 06, and a set of raw specification items 07 extracted from the RFC (Sun et al., 6 Mar 2026). A structured semantic rule is represented as
08
where 09 is the protocol name, 10 is a message type, 11 is a field or subtree path, 12 is the construction constraint, and 13 is the processing expectation (Sun et al., 6 Mar 2026).
Semantics-aware fuzzing is then the generation of test cases 14 that systematically violate one or more construction constraints while remaining syntactically valid, followed by vulnerability detection through mismatch between observed and expected responses (Sun et al., 6 Mar 2026). For each rule 15 and seed 16, the target is
17
with a vulnerability flagged whenever
18
The framework therefore differs from crash-centric fuzzing by making semantic expectations explicit (Sun et al., 6 Mar 2026).
Rule extraction is implemented through two LLM-mediated stages. After cleaning the RFC and splitting it into paragraphs prefixed with section paths, a prompt named “IdentifySR” maps paragraph text and an allowed message-type list to zero or more triples 19 (Sun et al., 6 Mar 2026). A second prompt named “CompleteSR” takes a raw spec and a field-path list extracted from a matching seed and outputs 20, completing the structured rule (Sun et al., 6 Mar 2026). Few-shot examples distinguish correctly extracted rules from irrelevant paragraphs, and seed-message structure is provided so that the model can select the correct field path (Sun et al., 6 Mar 2026).
Mutation proceeds via a Mutation Strategy Generator that produces strategies
21
where 22 specifies how to violate 23 and 24 is the expected feedback (Sun et al., 6 Mar 2026). Test-case generation has two phases: an LLM prompt “GenerateActions” emits an action sequence 25, with each action belonging to 26, and then a deterministic message mutation engine applies add, remove, and update operations to produce a new test packet (Sun et al., 6 Mar 2026). The deterministic engine recalculates length fields, checksums, and related syntax, so all test cases remain syntactically valid (Sun et al., 6 Mar 2026).
The oracle is explicitly semantics-aware. Each mutation strategy carries an expected response 27; the actual response 28 is observed from live interaction; and the vulnerability predicate is
29
Rather than using a distance metric, responses are mapped into protocol-specific categories such as HTTP 2xx versus 4xx/5xx, TLS Alert versus HandshakeContinue, and DNS Answer versus Error (Sun et al., 6 Mar 2026).
6. End-to-end workflow, evaluation, and comparative significance
The end-to-end SemFuzz workflow begins from RFC documents 30, a message-type list 31, seed traffic 32, and a target implementation 33 (Sun et al., 6 Mar 2026). It then performs rule extraction, mutation strategy generation, test-case generation, execution and response collection, and analysis that flags all cases where observed response differs from expectation (Sun et al., 6 Mar 2026). Diagrammatically, the system is described as a pipeline from RFC preprocessing through LLM-based rule identification and completion, then LLM-based mutation and action generation, deterministic mutation, execution, and semantic verification (Sun et al., 6 Mar 2026).
The evaluation covers seven implementations: dns.exe for DNS, tcpip.sys for IPv6, schannel.dll, OpenSSL 3.1.3, and LibreSSL 3.4.0 for TLS 1.3, and http.sys and nginx 1.27.2 for HTTP/1.1 (Sun et al., 6 Mar 2026). Reported extraction metrics are average precision 34, recall 35, and 36 for semantic rule extraction, and average precision 37, recall 38, and 39 for rule completion (Sun et al., 6 Mar 2026). The framework generates 40 mutation strategies with accuracy 41, and 42 test cases with accuracy 43 (Sun et al., 6 Mar 2026).
In vulnerability discovery, the paper reports 44 potential vulnerabilities, 45 confirmed real bugs, 46 precision, 47 previously unknown vulnerabilities, and 48 assigned CVEs, including CVE-2021-24074, CVE-2022-34718, CVE-2023-28233, and CVE-2023-28234 (Sun et al., 6 Mar 2026). The confirmed bug classes include cache pollution in DNS, integer overflows and buffer overflows in IPv6 and HTTP.sys, use-after-free in TLS 1.3 and HTTP.sys, and request smuggling in HTTP.sys (Sun et al., 6 Mar 2026). Relative to the baselines BLEEM, ChatAFL, Hdiff, and Fuzztruction-Net, SemFuzz found 49 unique confirmed bugs and 50 of 51 unique bugs discovered by any tool (Sun et al., 6 Mar 2026).
Taken together, the two uses of SemFi exemplify a shared methodological preference for explicit semantic structure, but they should not be conflated. In Semantic Frame Interpolation, SemFi is a multi-rate generative video model centered on endpoint conditioning, text guidance, and Mixture-of-LoRA adaptation (Hong et al., 7 Jul 2025). In SemFuzz, “SemFi” names a fuzzing framework centered on rule extraction from RFC semantics, intent-driven mutation, and an expected-response oracle (Sun et al., 6 Mar 2026). A plausible implication is that the label currently functions as a paper-local abbreviation rather than as a stable term of art across machine learning and systems security.