{"id":"https://openalex.org/W4387385588","doi":"https://doi.org/10.1109/tifs.2023.3322319","title":"<i>AutoPwn</i>: Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions","display_name":"<i>AutoPwn</i>: Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions","publication_year":2023,"publication_date":"2023-10-05","ids":{"openalex":"https://openalex.org/W4387385588","doi":"https://doi.org/10.1109/tifs.2023.3322319"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2023.3322319","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3322319","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101875769","display_name":"Dandan Xu","orcid":"https://orcid.org/0000-0001-7289-1365"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dandan Xu","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100437976","display_name":"Kai Chen","orcid":"https://orcid.org/0000-0002-5624-2987"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Chen","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112361706","display_name":"M. C. Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Miaoqian Lin","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020243167","display_name":"Chaoyang Lin","orcid":"https://orcid.org/0000-0002-4845-2220"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chaoyang Lin","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075707588","display_name":"Xiao Feng Wang","orcid":"https://orcid.org/0000-0001-5966-6673"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaofeng Wang","raw_affiliation_strings":["Luddy School of Informatics, Computing and Engineering, Indiana University Bloomington, Bloomington, IN, USA"],"affiliations":[{"raw_affiliation_string":"Luddy School of Informatics, Computing and Engineering, Indiana University Bloomington, Bloomington, IN, USA","institution_ids":["https://openalex.org/I4210119109"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101875769"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":1.5763,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.86616442,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"19","issue":null,"first_page":"293","last_page":"306"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8227715492248535},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8029721975326538},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.5237557888031006},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.4124245345592499},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3137784004211426},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2254287600517273},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.1953575611114502}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8227715492248535},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8029721975326538},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.5237557888031006},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.4124245345592499},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3137784004211426},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2254287600517273},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.1953575611114502}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2023.3322319","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3322319","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.8299999833106995}],"awards":[{"id":"https://openalex.org/G5541525046","display_name":null,"funder_award_id":"92270204","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W1521626219","https://openalex.org/W1943511174","https://openalex.org/W2051990174","https://openalex.org/W2057698738","https://openalex.org/W2089938540","https://openalex.org/W2113864883","https://openalex.org/W2123442489","https://openalex.org/W2155877593","https://openalex.org/W2159059513","https://openalex.org/W2165597437","https://openalex.org/W2743785204","https://openalex.org/W2745087117","https://openalex.org/W2765857833","https://openalex.org/W2767521898","https://openalex.org/W2891427086","https://openalex.org/W2897668282","https://openalex.org/W2956068069","https://openalex.org/W2960453428","https://openalex.org/W2984993098","https://openalex.org/W2985495886","https://openalex.org/W2985831349","https://openalex.org/W3041936634","https://openalex.org/W3089969421","https://openalex.org/W3100802376","https://openalex.org/W3108020564","https://openalex.org/W3112712319","https://openalex.org/W3182829891","https://openalex.org/W3186456629","https://openalex.org/W3198215219","https://openalex.org/W3202894952","https://openalex.org/W4211247591","https://openalex.org/W4221146651","https://openalex.org/W4244413641","https://openalex.org/W4283264706","https://openalex.org/W4294170691","https://openalex.org/W4309193197","https://openalex.org/W4313191964","https://openalex.org/W4321787130","https://openalex.org/W4324007134","https://openalex.org/W6743683464","https://openalex.org/W6743884552","https://openalex.org/W6750652679","https://openalex.org/W6753690777","https://openalex.org/W6754182100","https://openalex.org/W6794102932","https://openalex.org/W6800957810"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786","https://openalex.org/W2296488620"],"abstract_inverted_index":{"Capture-the-flag":[0],"(CTF)":[1],"competitions":[2],"have":[3],"become":[4],"highly":[5],"successful":[6,222],"in":[7],"security":[8,51],"education,":[9],"and":[10,20,27,49,144,159,174,181,193,207,224],"heap":[11,33,58,119,142],"corruption":[12],"is":[13,35],"considered":[14],"one":[15],"of":[16,57,100,104,140,151,157,191,197,205],"the":[17,55,88,98,101,128,149,155,178,188,194],"most":[18],"difficult":[19],"rewarding":[21],"challenges":[22],"due":[23],"to":[24,45,71,78,85,147,163,176],"its":[25,230],"complexity":[26],"real-world":[28],"impact.":[29],"However,":[30],"developing":[31],"a":[32,36,165,203],"exploit":[34,90,105,136,179],"challenging":[37],"task":[38],"that":[39,65,111,133,218],"often":[40],"requires":[41],"significant":[42],"human":[43],"involvement":[44],"manipulate":[46],"memory":[47],"layouts":[48],"bypass":[50],"checks.":[52],"To":[53,92],"facilitate":[54],"exploitation":[56,150],"corruption,":[59],"existing":[60],"solutions":[61],"develop":[62,126],"automated":[63],"systems":[64],"rely":[66],"on":[67,210],"manually":[68],"crafted":[69],"patterns":[70,76,137],"generate":[72],"exploits.":[73,120],"Such":[74],"manual":[75],"tend":[77],"be":[79],"specific,":[80],"which":[81],"limits":[82],"their":[83,198],"flexibility":[84],"cope":[86],"with":[87,171],"evolving":[89],"techniques.":[91],"address":[93],"this":[94,123],"limitation,":[95],"we":[96,125,161],"explore":[97],"problem":[99],"automatic":[102],"summarization":[103],"patterns.":[106],"We":[107,201],"leverage":[108],"an":[109],"observation":[110],"public":[112],"attack":[113],"artifacts":[114,139],"provide":[115],"key":[116],"insights":[117],"into":[118],"Based":[121],"upon":[122],"observation,":[124],"AutoPwn,":[127],"first":[129],"artifact-assisted":[130],"AEG":[131],"system":[132],"automatically":[134],"summarizes":[135],"from":[138],"known":[141],"exploits":[143,192,223],"uses":[145],"them":[146],"guide":[148],"new":[152],"programs.":[153],"Considering":[154],"diversity":[156],"programs":[158],"exploits,":[160,227],"propose":[162],"use":[164],"novel":[166],"Exploitation":[167],"State":[168],"Machine":[169],"(ESM),":[170],"generic":[172],"states":[173],"transitions":[175],"model":[177],"patterns,":[180],"then":[182],"efficiently":[183],"construct":[184],"it":[185,209],"through":[186],"combining":[187],"dynamic":[189],"monitoring":[190],"semantic":[195],"analysis":[196],"text":[199],"descriptions.":[200],"implement":[202],"prototype":[204],"AutoPwn":[206,219],"evaluate":[208],"96":[211],"testing":[212],"CTF":[213],"binaries.":[214],"The":[215],"results":[216],"show":[217],"produces":[220],"22":[221],"13":[225],"partial":[226],"preliminarily":[228],"demonstrating":[229],"efficacy.":[231]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}