{"id":"https://openalex.org/W4389076258","doi":"https://doi.org/10.1109/tdsc.2023.3334762","title":"PKVIC: Supplement Missing Software Package Information in Security Vulnerability Reports","display_name":"PKVIC: Supplement Missing Software Package Information in Security Vulnerability Reports","publication_year":2023,"publication_date":"2023-11-28","ids":{"openalex":"https://openalex.org/W4389076258","doi":"https://doi.org/10.1109/tdsc.2023.3334762"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3334762","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3334762","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018529229","display_name":"Jinke Song","orcid":"https://orcid.org/0000-0003-1458-9410"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jinke Song","raw_affiliation_strings":["Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100429920","display_name":"Qiang Li","orcid":"https://orcid.org/0000-0001-9833-2836"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiang Li","raw_affiliation_strings":["Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100664241","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-9665-7511"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070828650","display_name":"Jiqiang Liu","orcid":"https://orcid.org/0000-0003-1147-4327"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiqiang Liu","raw_affiliation_strings":["Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5018529229"],"corresponding_institution_ids":["https://openalex.org/I21193070"],"apc_list":null,"apc_paid":null,"fwci":0.2033,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.47643488,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"21","issue":"4","first_page":"3785","last_page":"3800"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9908000230789185,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6857867240905762},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5671787261962891},{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.5100141763687134},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.41809237003326416},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.34111231565475464},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3266952633857727},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.22452998161315918}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6857867240905762},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5671787261962891},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.5100141763687134},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.41809237003326416},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.34111231565475464},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3266952633857727},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.22452998161315918},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2023.3334762","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3334762","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7411430048","display_name":null,"funder_award_id":"61972024","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8091154262","display_name":null,"funder_award_id":"62272029","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2478661203","https://openalex.org/W2004830053","https://openalex.org/W3008115697","https://openalex.org/W2349167760","https://openalex.org/W2145175947","https://openalex.org/W3124949371","https://openalex.org/W4287864641","https://openalex.org/W2120643196","https://openalex.org/W1567555513"],"abstract_inverted_index":{"Nowadays":[0],"security":[1,99,204],"vulnerability":[2,43,100,121,197,210],"reports":[3,44,101,127,198,211],"contain":[4],"commercial":[5],"vendor-centric":[6],"information":[7,13,51],"but":[8],"fail":[9],"to":[10,30,96,116,138,162,186],"include":[11],"accurate":[12,222],"of":[14,33,35,154,180,203],"open-source":[15,58,108,215,232],"software":[16,49,54,104,139,150,216,228],"packages.":[17,38,217],"Open-source":[18],"ecosystems":[19],"use":[20],"package":[21,50,55,165],"managers,":[22],"such":[23],"as":[24,92],"Maven,":[25],"NuGet,":[26],"NPM,":[27,237],"and":[28,145,172,182,206,240],"Gem,":[29,236],"cover":[31],"hundreds":[32],"thousands":[34],"free":[36],"code":[37],"However,":[39],"we":[40,65,156,192],"uncover":[41],"that":[42,212],"frequently":[45],"miss":[46],"the":[47,53,93,126,134,148,164,169,178,221],"vulnerable":[48],"when":[52],"comes":[56],"from":[57,106,152,199],"ecosystems.":[59,109,142],"To":[60,143],"fill":[61],"in":[62,129,141],"this":[63],"gap,":[64],"propose":[66,157],"a":[67,120,158],"framework":[68],"called":[69],"PKVIC":[70,111,132,181,194,218],"(software":[71],"<bold":[72,76,80,84,88],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[73,77,81,85,89],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">p</b>":[74],"ac":[75],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">k</b>":[78],"age":[79],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">v</b>":[82],"ulnerability":[83],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">i</b>":[86],"nformation":[87],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">c</b>":[90],"alibration),":[91],"first":[94],"tool":[95],"automatically":[97],"associate":[98],"with":[102],"affected":[103,149,213],"packages":[105,151,229],"different":[107],"Specifically,":[110],"designs":[112],"an":[113],"ecosystem":[114,119],"classifier":[115],"determine":[117],"which":[118],"report":[122],"belongs":[123],"to.":[124],"From":[125],"written":[128],"natural":[130],"language,":[131],"extracts":[133],"entities":[135],"closely":[136],"related":[137],"names":[140],"efficiently":[144],"accurately":[146],"locate":[147],"millions":[153],"packages,":[155],"recursive":[159],"traversal":[160],"method":[161],"generate":[163],"identifier":[166],"based":[167],"on":[168],"naming":[170],"scheme":[171],"candidate":[173],"named":[174],"entities.":[175],"We":[176],"implemented":[177],"prototype":[179],"conducted":[183],"comprehensive":[184],"experiments":[185],"validate":[187],"its":[188],"efficacy.":[189],"In":[190],"particular,":[191],"ran":[193],"over":[195],"421,808":[196],"20":[200],"well-known":[201],"sources":[202],"vulnerabilities":[205],"identified":[207],"11,279":[208],"unique":[209],"2,703":[214,227],"successfully":[219],"found":[220],"reference":[223],"URLs":[224],"for":[225],"these":[226],"across":[230],"6":[231],"ecosystems,":[233],"including":[234],"Pypi,":[235],"Packagist,":[238],"Nuget,":[239],"Maven.":[241]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}