{"id":"https://openalex.org/W1978991108","doi":"https://doi.org/10.1145/1455518.1455523","title":"Fast and Black-box Exploit Detection and Signature Generation for Commodity Software","display_name":"Fast and Black-box Exploit Detection and Signature Generation for Commodity Software","publication_year":2008,"publication_date":"2008-12-01","ids":{"openalex":"https://openalex.org/W1978991108","doi":"https://doi.org/10.1145/1455518.1455523","mag":"1978991108"},"language":"en","primary_location":{"id":"doi:10.1145/1455518.1455523","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1455518.1455523","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100333239","display_name":"Xiaofeng Wang","orcid":"https://orcid.org/0000-0002-3583-369X"},"institutions":[{"id":"https://openalex.org/I592451","display_name":"Indiana University","ror":"https://ror.org/01kg8sb98","country_code":"US","type":"education","lineage":["https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaofeng Wang","raw_affiliation_strings":["Indiana University"],"affiliations":[{"raw_affiliation_string":"Indiana University","institution_ids":["https://openalex.org/I592451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101627652","display_name":"Zhuowei Li","orcid":"https://orcid.org/0009-0009-5714-8739"},"institutions":[{"id":"https://openalex.org/I592451","display_name":"Indiana University","ror":"https://ror.org/01kg8sb98","country_code":"US","type":"education","lineage":["https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhuowei Li","raw_affiliation_strings":["Indiana University"],"affiliations":[{"raw_affiliation_string":"Indiana University","institution_ids":["https://openalex.org/I592451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5106660239","display_name":"Jong Youl Choi","orcid":null},"institutions":[{"id":"https://openalex.org/I592451","display_name":"Indiana University","ror":"https://ror.org/01kg8sb98","country_code":"US","type":"education","lineage":["https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jong Youl Choi","raw_affiliation_strings":["Indiana University"],"affiliations":[{"raw_affiliation_string":"Indiana University","institution_ids":["https://openalex.org/I592451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050722418","display_name":"Jun Xu","orcid":"https://orcid.org/0000-0001-7101-4280"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]},{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jun Xu","raw_affiliation_strings":["Google Inc. and North Carolina State University","Google Inc. and North Carolina State University#TAB#"],"affiliations":[{"raw_affiliation_string":"Google Inc. and North Carolina State University","institution_ids":["https://openalex.org/I1291425158","https://openalex.org/I137902535"]},{"raw_affiliation_string":"Google Inc. and North Carolina State University#TAB#","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074117167","display_name":"Michael K. Reiter","orcid":"https://orcid.org/0000-0001-7007-8274"},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael K. Reiter","raw_affiliation_strings":["University of North Carolina at Chapel Hill"],"affiliations":[{"raw_affiliation_string":"University of North Carolina at Chapel Hill","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068310253","display_name":"Chongkyung Kil","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chongkyung Kil","raw_affiliation_strings":["North Carolina0 State University"],"affiliations":[{"raw_affiliation_string":"North Carolina0 State University","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100333239"],"corresponding_institution_ids":["https://openalex.org/I592451"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.07211726,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"12","issue":"2","first_page":"1","last_page":"35"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.93607497215271},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8561853170394897},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.5110467672348022},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5105055570602417},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4742752015590668},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4341168701648712},{"id":"https://openalex.org/keywords/generator","display_name":"Generator (circuit theory)","score":0.4260454773902893},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.4195466935634613},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11050376296043396}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.93607497215271},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8561853170394897},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.5110467672348022},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5105055570602417},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4742752015590668},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4341168701648712},{"id":"https://openalex.org/C2780992000","wikidata":"https://www.wikidata.org/wiki/Q17016113","display_name":"Generator (circuit theory)","level":3,"score":0.4260454773902893},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.4195466935634613},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11050376296043396},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1455518.1455523","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1455518.1455523","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.142.1875","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.142.1875","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.unc.edu/~reiter/papers/2008/TISSEC.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.300.3498","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.300.3498","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.unc.edu/~reiter/papers/2008/TISSEC.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1565006760","display_name":null,"funder_award_id":"I3P/DHS 5-36423.5780","funder_id":"https://openalex.org/F4320306110","funder_display_name":"U.S. Department of Homeland Security"},{"id":"https://openalex.org/G391991289","display_name":null,"funder_award_id":"433540","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6799559339","display_name":null,"funder_award_id":"326472","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W11234669","https://openalex.org/W88694106","https://openalex.org/W139772808","https://openalex.org/W1502476232","https://openalex.org/W1510508184","https://openalex.org/W1525871769","https://openalex.org/W1566634528","https://openalex.org/W1580559113","https://openalex.org/W1581408521","https://openalex.org/W1587340728","https://openalex.org/W1597305440","https://openalex.org/W1656529189","https://openalex.org/W1671661096","https://openalex.org/W1876033015","https://openalex.org/W1964073704","https://openalex.org/W1978063312","https://openalex.org/W2033368661","https://openalex.org/W2033811087","https://openalex.org/W2034362794","https://openalex.org/W2039390926","https://openalex.org/W2098010707","https://openalex.org/W2098473740","https://openalex.org/W2100198871","https://openalex.org/W2100583963","https://openalex.org/W2100666033","https://openalex.org/W2101173463","https://openalex.org/W2102970979","https://openalex.org/W2103919170","https://openalex.org/W2106682888","https://openalex.org/W2111427271","https://openalex.org/W2116065364","https://openalex.org/W2117520528","https://openalex.org/W2118377455","https://openalex.org/W2120361464","https://openalex.org/W2121020193","https://openalex.org/W2126059122","https://openalex.org/W2134514889","https://openalex.org/W2136337200","https://openalex.org/W2137786570","https://openalex.org/W2140073981","https://openalex.org/W2142892618","https://openalex.org/W2145027384","https://openalex.org/W2146630266","https://openalex.org/W2151996777","https://openalex.org/W2153164877","https://openalex.org/W2153242493","https://openalex.org/W2163762767","https://openalex.org/W2165100126","https://openalex.org/W2165952552","https://openalex.org/W2167271900","https://openalex.org/W4213362721","https://openalex.org/W4236406743","https://openalex.org/W4254762831","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W2906845177","https://openalex.org/W4200107511","https://openalex.org/W2891427086","https://openalex.org/W1968625315","https://openalex.org/W4378505289","https://openalex.org/W2298968419"],"abstract_inverted_index":{"In":[0,133,177],"biology,":[1],"a":[2,5,9,33,56,62,71,90,96,144,155,197,208],"vaccine":[3,35,137,225],"is":[4,14,120,204],"weakened":[6],"strain":[7],"of":[8,23,98,154,174,185,200,206,210,222,230,242],"virus":[10],"or":[11,215],"bacterium":[12],"that":[13,37,87,147],"intentionally":[15],"injected":[16],"into":[17],"the":[18,21,79,103,110,114,127,152,167,172,183,187,201,220,223,240],"body":[19],"for":[20,113,171],"purpose":[22,173],"stimulating":[24],"antibody":[25],"production.":[26],"Inspired":[27],"by":[28],"this":[29,134],"idea,":[30],"we":[31],"propose":[32],"packet":[34,42,136,224],"mechanism":[36,226],"randomizes":[38],"address-like":[39],"strings":[40],"in":[41,70,105,143],"payloads":[43],"to":[44,77,101,108,116,125],"carry":[45],"out":[46],"fast":[47,195],"exploit":[48,54,88,115],"detection":[49],"and":[50,82,140,159,203,227,239],"signature":[51,93,119,209],"generation.":[52],"An":[53],"with":[55],"randomized":[57],"jump":[58],"address":[59],"behaves":[60],"like":[61],"vaccine:":[63],"it":[64,163,191],"will":[65],"likely":[66],"cause":[67],"an":[68,106,228],"exception":[69],"vulnerable":[72,156],"program\u2019s":[73,157,188],"process":[74],"when":[75],"attempting":[76],"hijack":[78],"control":[80],"flow,":[81,190],"thereby":[83],"expose":[84],"itself.":[85],"Taking":[86],"as":[89,194,196],"template,":[91],"our":[92,180,236,243],"generator":[94],"creates":[95],"set":[97],"new":[99],"vaccines":[100],"probe":[102],"program":[104,202],"attempt":[107],"uncover":[109],"necessary":[111],"conditions":[112,124],"happen.":[117],"A":[118],"built":[121],"upon":[122],"these":[123],"shield":[126],"underlying":[128],"vulnerability":[129],"from":[130],"further":[131],"attacks.":[132],"way,":[135],"detects":[138],"exploits":[139],"generates":[141],"signatures":[142],"black-box":[145],"fashion,":[146],"is,":[148],"not":[149],"relying":[150],"on":[151,166],"knowledge":[153],"source":[158],"binary":[160],"code.":[161],"Therefore,":[162],"even":[164,216],"works":[165],"commodity":[168],"software":[169],"obfuscated":[170],"copyright":[175],"protection.":[176],"addition,":[178],"since":[179],"approach":[181],"avoids":[182],"expense":[184],"tracking":[186],"execution":[189],"performs":[192],"almost":[193],"normal":[198],"run":[199],"capable":[205],"generating":[207],"high":[211],"quality":[212],"within":[213],"seconds":[214],"subseconds.":[217],"We":[218,233],"present":[219],"design":[221],"example":[229],"its":[231],"application.":[232],"also":[234],"describe":[235],"proof-of-concept":[237],"implementation":[238],"evaluation":[241],"technique":[244],"using":[245],"real":[246],"exploits.":[247]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2015,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}