{"id":"https://openalex.org/W2043914943","doi":"https://doi.org/10.1145/2351676.2351691","title":"Supporting automated vulnerability analysis using formalized vulnerability signatures","display_name":"Supporting automated vulnerability analysis using formalized vulnerability signatures","publication_year":2012,"publication_date":"2012-09-03","ids":{"openalex":"https://openalex.org/W2043914943","doi":"https://doi.org/10.1145/2351676.2351691","mag":"2043914943"},"language":"en","primary_location":{"id":"doi:10.1145/2351676.2351691","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2351676.2351691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/conference_contribution/Supporting_automated_vulnerability_analysis_using_formalized_vulnerability_signatures/26219357","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076382877","display_name":"Mohamed Almorsy","orcid":null},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mohamed Almorsy","raw_affiliation_strings":["Swinburne University of Technology, Australia","Swinburne University of Technology, AUSTRALIA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Swinburne University of Technology, Australia","institution_ids":["https://openalex.org/I57093077"]},{"raw_affiliation_string":"Swinburne University of Technology, AUSTRALIA","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082913979","display_name":"John Grundy","orcid":"https://orcid.org/0000-0003-4928-7076"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"John Grundy","raw_affiliation_strings":["Swinburne University of Technology, Australia","Swinburne University of Technology, AUSTRALIA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Swinburne University of Technology, Australia","institution_ids":["https://openalex.org/I57093077"]},{"raw_affiliation_string":"Swinburne University of Technology, AUSTRALIA","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000097766","display_name":"Amani S. Ibrahim","orcid":"https://orcid.org/0000-0001-8747-1419"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Amani S. Ibrahim","raw_affiliation_strings":["Swinburne University of Technology, Australia","Swinburne University of Technology, AUSTRALIA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Swinburne University of Technology, Australia","institution_ids":["https://openalex.org/I57093077"]},{"raw_affiliation_string":"Swinburne University of Technology, AUSTRALIA","institution_ids":["https://openalex.org/I57093077"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I57093077"],"apc_list":null,"apc_paid":null,"fwci":8.7557,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.97328188,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"100","last_page":"109"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.833896279335022},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.8212813138961792},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7869843244552612},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7384965419769287},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5934619903564453},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5934456586837769},{"id":"https://openalex.org/keywords/reachability","display_name":"Reachability","score":0.5037195086479187},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.460955411195755},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.45951712131500244},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.42003726959228516},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.2935168147087097},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21640652418136597},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.149769127368927},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.10289227962493896}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.833896279335022},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.8212813138961792},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7869843244552612},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7384965419769287},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5934619903564453},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5934456586837769},{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.5037195086479187},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.460955411195755},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.45951712131500244},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.42003726959228516},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2935168147087097},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21640652418136597},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.149769127368927},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.10289227962493896},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.1145/2351676.2351691","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2351676.2351691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:researchbank.swinburne.edu.au:0b1c9847-8c74-4c76-ba54-d4a1e9cb71cc/1","is_oa":false,"landing_page_url":"http://hdl.handle.net/1959.3/236437","pdf_url":null,"source":{"id":"https://openalex.org/S4306401157","display_name":"Swinburne Research Bank (Swinburne University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I57093077","host_organization_name":"Swinburne University of Technology","host_organization_lineage":["https://openalex.org/I57093077"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Essen, Germany, 03-07 September 2012, pp. 100-109","raw_type":"acceptedVersion"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.258.7143","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.258.7143","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.ict.swin.edu.au/personal/jgrundy/papers/ase2012_1.pdf","raw_type":"text"},{"id":"pmh:oai:dro.deakin.edu.au:DU:30086549","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306402457","display_name":"Deakin Research Online (Deakin University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I149704539","host_organization_name":"Deakin University","host_organization_lineage":["https://openalex.org/I149704539"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Paper"},{"id":"pmh:oai:figshare.com:article/26219357","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Supporting_automated_vulnerability_analysis_using_formalized_vulnerability_signatures/26219357","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference contribution"},{"id":"doi:10.25916/sut.26219357.v1","is_oa":true,"landing_page_url":"https://doi.org/10.25916/sut.26219357.v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306401157","display_name":"Swinburne Research Bank (Swinburne University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I57093077","host_organization_name":"Swinburne University of Technology","host_organization_lineage":["https://openalex.org/I57093077"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"ConferenceProceeding"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/26219357","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Supporting_automated_vulnerability_analysis_using_formalized_vulnerability_signatures/26219357","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference contribution"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4399999976158142,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320313655","display_name":"Foundation for Research, Science and Technology","ror":null},{"id":"https://openalex.org/F4320320973","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W33764377","https://openalex.org/W136264416","https://openalex.org/W1522692903","https://openalex.org/W1917555234","https://openalex.org/W1973556339","https://openalex.org/W1979931683","https://openalex.org/W2029684113","https://openalex.org/W2056740472","https://openalex.org/W2085925880","https://openalex.org/W2098129634","https://openalex.org/W2111487235","https://openalex.org/W2113714600","https://openalex.org/W2129586531","https://openalex.org/W2132791332","https://openalex.org/W2134429122","https://openalex.org/W2134646643","https://openalex.org/W2140943194","https://openalex.org/W2147478478","https://openalex.org/W2166381878","https://openalex.org/W2169868363","https://openalex.org/W2625790148","https://openalex.org/W2917037265"],"related_works":["https://openalex.org/W2392503306","https://openalex.org/W3041665175","https://openalex.org/W2393340519","https://openalex.org/W2390459954","https://openalex.org/W4220885008","https://openalex.org/W2892115998","https://openalex.org/W2057803998","https://openalex.org/W4298219515","https://openalex.org/W2123075981","https://openalex.org/W2980033082"],"abstract_inverted_index":{"Adopting":[0],"publicly":[1],"accessible":[2,46],"platforms":[3],"such":[4,44,63],"as":[5,66,68],"cloud":[6],"computing":[7],"model":[8],"to":[9,21,112,119,122,148],"host":[10],"IT":[11],"systems":[12],"has":[13,32],"become":[14],"a":[15,73,94,129,165,170,179,212],"leading":[16],"trend.":[17],"Although":[18],"this":[19,137],"helps":[20],"minimize":[22],"cost":[23],"and":[24,27,206],"increase":[25],"availability":[26],"reachability":[28],"of":[29,52,88,107,144,154,201,214],"applications,":[30],"it":[31,174],"serious":[33],"implications":[34],"on":[35,109,186],"applications\u2019":[36],"security.":[37],"Hackers":[38],"can":[39,160],"easily":[40,162],"exploit":[41],"vulnerabilities":[42,57,65,71,205],"in":[43,164,198,210],"publically":[45],"services.":[47],"In":[48],"addition":[49],"to,":[50],"75%":[51],"the":[53,89,145,202],"total":[54],"reported":[55],"application":[56,60],"are":[58],"web":[59],"specific.":[61],"Identifying":[62],"known":[64,90],"well":[67],"newly":[69],"discovered":[70],"is":[72],"key":[74],"challenging":[75],"security":[76],"requirement.":[77],"However,":[78],"existing":[79],"vulnerability":[80,100,104,114,131,159,182,189],"analysis":[81,101,143,183],"tools":[82],"cover":[83],"no":[84],"more":[85],"than":[86],"47%":[87],"vulnerabilities.":[91],"We":[92,176,193],"introduce":[93],"new":[95],"solution":[96],"that":[97,169],"supports":[98],"automated":[99],"using":[102,134],"formalized":[103,188],"signatures.":[105],"Instead":[106],"depending":[108],"formal":[110,130,138,171],"methods":[111],"locate":[113,123,149],"instances":[115],"where":[116],"analyzers":[117],"have":[118,177,194],"be":[120,161],"developed":[121,178],"specific":[124],"vulnerabilities,":[125],"our":[126,187,196],"approach":[127,197],"incorporates":[128],"signature":[132,150,172],"described":[133],"OCL.":[135],"Using":[136],"signature,":[139],"we":[140],"perform":[141],"program":[142,167],"target":[146,166],"system":[147],"matches":[151],"(i.e.":[152],"signs":[153],"possible":[155],"vulnerabilities).":[156],"A":[157],"newly\u2013discovered":[158],"identified":[163],"provided":[168],"for":[173],"exists.":[175],"prototype":[180],"static":[181],"tool":[184],"based":[185],"signatures":[190,200,209],"specification":[191],"approach.":[192],"validated":[195],"capturing":[199],"OWSAP":[203],"Top10":[204],"applied":[207],"these":[208],"analyzing":[211],"set":[213],"seven":[215],"benchmark":[216],"applications.":[217]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":8},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}
