{"id":"https://openalex.org/W4388692656","doi":"https://doi.org/10.1109/tse.2023.3332732","title":"PatchDiscovery: Patch Presence Test for Identifying Binary Vulnerabilities Based on Key Basic Blocks","display_name":"PatchDiscovery: Patch Presence Test for Identifying Binary Vulnerabilities Based on Key Basic Blocks","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388692656","doi":"https://doi.org/10.1109/tse.2023.3332732"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2023.3332732","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3332732","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101680618","display_name":"Xi Xu","orcid":"https://orcid.org/0000-0001-5089-6018"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xi Xu","raw_affiliation_strings":["School of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041083459","display_name":"Qinghua Zheng","orcid":"https://orcid.org/0000-0002-8436-4754"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qinghua Zheng","raw_affiliation_strings":["School of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078219471","display_name":"Zheng Yan","orcid":"https://orcid.org/0000-0002-9697-2108"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zheng Yan","raw_affiliation_strings":["State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi’an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100692958","display_name":"Ming Fan","orcid":"https://orcid.org/0000-0002-9327-0987"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ming Fan","raw_affiliation_strings":["Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028898936","display_name":"Ang Jia","orcid":"https://orcid.org/0000-0002-6464-5428"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ang Jia","raw_affiliation_strings":["Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101595170","display_name":"Zhaohui Zhou","orcid":"https://orcid.org/0000-0001-5420-4461"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhaohui Zhou","raw_affiliation_strings":["Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100419375","display_name":"Haijun Wang","orcid":"https://orcid.org/0009-0001-3509-3919"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haijun Wang","raw_affiliation_strings":["Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101554099","display_name":"Ting Liu","orcid":"https://orcid.org/0000-0002-7600-0934"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Liu","raw_affiliation_strings":["Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China"],"affiliations":[{"raw_affiliation_string":"Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an, China","institution_ids":["https://openalex.org/I87445476"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5101680618"],"corresponding_institution_ids":["https://openalex.org/I87445476"],"apc_list":null,"apc_paid":null,"fwci":3.6711,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.94058497,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"49","issue":"12","first_page":"5279","last_page":"5294"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7904126644134521},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6472429633140564},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.6139987707138062},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.564264714717865},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.510882556438446},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4802827537059784},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.4458600878715515},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.43436408042907715},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.41073736548423767},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.33127185702323914},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.27322202920913696},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12887880206108093},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11320850253105164}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7904126644134521},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6472429633140564},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.6139987707138062},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.564264714717865},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.510882556438446},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4802827537059784},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.4458600878715515},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.43436408042907715},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.41073736548423767},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.33127185702323914},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27322202920913696},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12887880206108093},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11320850253105164},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.0},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2023.3332732","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3332732","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities","score":0.550000011920929}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W1457363419","https://openalex.org/W1990762361","https://openalex.org/W2012604743","https://openalex.org/W2148781362","https://openalex.org/W2536311873","https://openalex.org/W2547625248","https://openalex.org/W2559935471","https://openalex.org/W2627063456","https://openalex.org/W2634106992","https://openalex.org/W2749008552","https://openalex.org/W2753693129","https://openalex.org/W2801712578","https://openalex.org/W2888698761","https://openalex.org/W2889354405","https://openalex.org/W2926178846","https://openalex.org/W2969597118","https://openalex.org/W3004040842","https://openalex.org/W3010126799","https://openalex.org/W3011088748","https://openalex.org/W3043519510","https://openalex.org/W3082091189","https://openalex.org/W3105926539","https://openalex.org/W3108766814","https://openalex.org/W3139086893","https://openalex.org/W3142656464","https://openalex.org/W3153398259","https://openalex.org/W3160616715","https://openalex.org/W4205981381","https://openalex.org/W4294733240","https://openalex.org/W6628365534","https://openalex.org/W6754298449","https://openalex.org/W6782047986","https://openalex.org/W6845730288"],"related_works":["https://openalex.org/W2095999892","https://openalex.org/W2372403409","https://openalex.org/W2018764758","https://openalex.org/W2383689843","https://openalex.org/W1550668881","https://openalex.org/W617913288","https://openalex.org/W1977400398","https://openalex.org/W2951745010","https://openalex.org/W4242726756","https://openalex.org/W2347958299"],"abstract_inverted_index":{"Software":[0],"vulnerabilities":[1,27,85,212],"are":[2,58,176],"easily":[3],"propagated":[4],"through":[5],"code":[6],"reuses,":[7],"which":[8,31],"pose":[9],"dire":[10],"threats":[11],"to":[12,24,60,82,130,150,184,192,239,248,256],"software":[13,36],"system":[14,37],"security.":[15],"Automatic":[16],"patch":[17,66,78,92,99,146,164,251,276],"presence":[18,79,165],"test":[19,80,240],"offers":[20],"an":[21,103],"effective":[22,225],"way":[23],"detect":[25],"whether":[26,186],"have":[28],"been":[29],"patched,":[30],"is":[32,189,223,245,262],"significant":[33],"for":[34,98,163,274],"large-scale":[35,275],"maintenance.":[38],"However,":[39],"most":[40],"existing":[41],"approaches":[42],"cannot":[43],"handle":[44],"binary":[45,84,206],"codes.":[46],"They":[47],"suffer":[48],"from":[49],"low":[50],"accuracy":[51],"and":[52,65,93,105,114,125,135,147,161,174,213,226,233,253,267],"poor":[53],"efficiency.":[54],"None":[55],"of":[56,91,120,159,172],"them":[57],"resilient":[59,247],"version":[61,249],"gap,":[62,250],"function":[63,123,128,182,254],"size,":[64,252],"size.":[67],"To":[68],"tackle":[69],"the":[70,112,145,148,157,168,187,264],"above":[71],"problems,":[72],"we":[73,139],"propose":[74,102],"PatchDiscovery":[75,222,279],",":[76],"a":[77,121,133,136,180,241,257,269],"approach":[81],"identify":[83,185],"by":[86],"extracting":[87],"key":[88,153,169],"basic":[89,107,154,170],"blocks":[90,155,171],"vulnerability":[94,134,149,285],"as":[95,156],"their":[96,152],"signatures":[97,158],"discovery.":[100],"We":[101],"efficient":[104],"accurate":[106],"block":[108],"matching":[109],"method":[110],"over":[111],"normalized":[113],"simplified":[115],"control":[116],"flow":[117],"graphs":[118],"(CFGs)":[119],"vulnerable":[122],"(VF)":[124],"its":[126],"patched":[127,197],"(PF)":[129],"precisely":[131],"locate":[132],"patch.":[137],"Then,":[138],"conduct":[140],"fine-grained":[141],"patch-level":[142],"analysis":[143],"on":[144,203,237],"gain":[151],"PF":[160,173,193],"VF":[162,175],"test.":[166],"Concretely,":[167],"separately":[177],"searched":[178],"in":[179,283],"target":[181,218,242],"(TF)":[183],"TF":[188],"more":[190],"similar":[191],"or":[194,198],"VF,":[195],"i.e.,":[196],"not.":[199],"Extensive":[200],"experiments":[201],"based":[202],"two":[204],"real-world":[205],"datasets":[207],"that":[208,221],"contain":[209],"524":[210],"common":[211],"exposures":[214],"(CVEs)":[215],"with":[216],"11607":[217],"functions":[219],"reveal":[220],"very":[224],"efficient.":[227],"It":[228,244],"achieves":[229,280],"$92.2\\%$":[231],"F-measure":[232],"takes":[234],"only":[235],"0.091s":[236],"average":[238],"function.":[243],"also":[246],"size":[255],"good":[258,281],"extent.":[259],"Moreover,":[260,278],"it":[261],"outperforming":[263],"state-of-the-art":[265],"works":[266],"has":[268],"much":[270],"faster":[271],"testing":[272],"speed":[273],"detection.":[277],"performance":[282],"firmware":[284],"discovery":[286],"scenario.":[287]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}