{"id":"https://openalex.org/W2165004968","doi":"https://doi.org/10.1145/2420950.2421003","title":"Generalized vulnerability extrapolation using abstract syntax trees","display_name":"Generalized vulnerability extrapolation using abstract syntax trees","publication_year":2012,"publication_date":"2012-12-03","ids":{"openalex":"https://openalex.org/W2165004968","doi":"https://doi.org/10.1145/2420950.2421003","mag":"2165004968"},"language":"en","primary_location":{"id":"doi:10.1145/2420950.2421003","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2420950.2421003","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089184320","display_name":"Fabian Yamaguchi","orcid":null},"institutions":[{"id":"https://openalex.org/I74656192","display_name":"University of G\u00f6ttingen","ror":"https://ror.org/01y9bpm73","country_code":"DE","type":"education","lineage":["https://openalex.org/I74656192"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Fabian Yamaguchi","raw_affiliation_strings":["University of G\u00f6ttingen, G\u00f6ttingen, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of G\u00f6ttingen, G\u00f6ttingen, Germany","institution_ids":["https://openalex.org/I74656192"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067153081","display_name":"Markus Lottmann","orcid":null},"institutions":[{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Markus Lottmann","raw_affiliation_strings":["Technische Universit\u00e4t Berlin, Berlin, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066077721","display_name":"Konrad Rieck","orcid":"https://orcid.org/0000-0002-5054-8758"},"institutions":[{"id":"https://openalex.org/I74656192","display_name":"University of G\u00f6ttingen","ror":"https://ror.org/01y9bpm73","country_code":"DE","type":"education","lineage":["https://openalex.org/I74656192"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Konrad Rieck","raw_affiliation_strings":["University of G\u00f6ttingen, G\u00f6ttingen, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of G\u00f6ttingen, G\u00f6ttingen, Germany","institution_ids":["https://openalex.org/I74656192"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":14.6984,"has_fulltext":false,"cited_by_count":229,"citation_normalized_percentile":{"value":0.98682758,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"359","last_page":"368"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8428614139556885},{"id":"https://openalex.org/keywords/abstract-syntax-tree","display_name":"Abstract syntax tree","score":0.7920968532562256},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.7740397453308105},{"id":"https://openalex.org/keywords/syntax","display_name":"Syntax","score":0.607755720615387},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5929444432258606},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5437484979629517},{"id":"https://openalex.org/keywords/abstract-syntax","display_name":"Abstract syntax","score":0.5125095844268799},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4683890640735626},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.4498922526836395},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.32811155915260315},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.2714078426361084},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20810535550117493},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.1950978934764862}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8428614139556885},{"id":"https://openalex.org/C58646249","wikidata":"https://www.wikidata.org/wiki/Q127380","display_name":"Abstract syntax tree","level":3,"score":0.7920968532562256},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.7740397453308105},{"id":"https://openalex.org/C60048249","wikidata":"https://www.wikidata.org/wiki/Q37437","display_name":"Syntax","level":2,"score":0.607755720615387},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5929444432258606},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5437484979629517},{"id":"https://openalex.org/C114408938","wikidata":"https://www.wikidata.org/wiki/Q333373","display_name":"Abstract syntax","level":3,"score":0.5125095844268799},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4683890640735626},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.4498922526836395},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32811155915260315},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.2714078426361084},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20810535550117493},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.1950978934764862},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2420950.2421003","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2420950.2421003","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.645.8832","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.645.8832","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.714.5638","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.714.5638","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://user.informatik.uni-goettingen.de/%7Ekrieck/docs/2012-acsac.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W109951691","https://openalex.org/W127238549","https://openalex.org/W133470593","https://openalex.org/W1496222301","https://openalex.org/W1505465226","https://openalex.org/W1850047186","https://openalex.org/W1956559956","https://openalex.org/W1964795700","https://openalex.org/W1972429847","https://openalex.org/W1988524530","https://openalex.org/W1990762361","https://openalex.org/W2002089154","https://openalex.org/W2018951244","https://openalex.org/W2031006315","https://openalex.org/W2039390926","https://openalex.org/W2042033151","https://openalex.org/W2043811931","https://openalex.org/W2051990174","https://openalex.org/W2054520963","https://openalex.org/W2085925880","https://openalex.org/W2090044595","https://openalex.org/W2098629748","https://openalex.org/W2102970979","https://openalex.org/W2104301886","https://openalex.org/W2124666592","https://openalex.org/W2128888088","https://openalex.org/W2137952932","https://openalex.org/W2138756793","https://openalex.org/W2147152072","https://openalex.org/W2157532207","https://openalex.org/W2164233915","https://openalex.org/W2325227998","https://openalex.org/W4239812996","https://openalex.org/W6629841029","https://openalex.org/W6640862754","https://openalex.org/W6647398271"],"related_works":["https://openalex.org/W2077104824","https://openalex.org/W2536864162","https://openalex.org/W2613250302","https://openalex.org/W2095633838","https://openalex.org/W2390421503","https://openalex.org/W3184653409","https://openalex.org/W1988370859","https://openalex.org/W2185876338","https://openalex.org/W2387926336","https://openalex.org/W319507398"],"abstract_inverted_index":{"The":[0],"discovery":[1],"of":[2,17,30,58,92,134,146,162],"vulnerabilities":[3,32,37,155],"in":[4,24,76,83],"source":[5,59,132],"code":[6,71,85,109,133,164],"is":[7],"a":[8,49,53,90,101,108,159],"key":[9],"for":[10,51],"securing":[11],"computer":[12],"systems.":[13],"While":[14],"specific":[15],"types":[16],"security":[18,54],"flaws":[19],"can":[20,86,120],"be":[21,34,87,121],"identified":[22],"automatically,":[23],"the":[25,28,70,84,117,124,131,163],"general":[26],"case":[27],"process":[29],"finding":[31],"cannot":[33],"automated":[35],"and":[36,72,104,142],"are":[38,150],"mainly":[39],"discovered":[40],"by":[41,64,156],"manual":[42],"analysis.":[43],"In":[44],"this":[45],"paper,":[46],"we":[47,149],"propose":[48],"method":[50,62,129],"assisting":[52],"analyst":[55],"during":[56],"auditing":[57],"code.":[60],"Our":[61],"proceeds":[63],"extracting":[65],"abstract":[66],"syntax":[67],"trees":[68],"from":[69,116],"determining":[73],"structural":[74],"patterns":[75],"these":[77,93,147],"trees,":[78],"such":[79,111],"that":[80,112],"each":[81],"function":[82],"described":[88],"as":[89],"mixture":[91],"patterns.":[94],"This":[95],"representation":[96],"enables":[97],"us":[98],"to":[99,107,123,152],"decompose":[100],"known":[102],"vulnerability":[103],"extrapolate":[105],"it":[106],"base,":[110],"functions":[113],"potentially":[114],"suffering":[115],"same":[118],"flaw":[119],"suggested":[122],"analyst.":[125],"We":[126],"evaluate":[127],"our":[128],"on":[130],"four":[135],"popular":[136],"open-source":[137],"projects:":[138],"LibTIFF,":[139],"FFmpeg,":[140],"Pidgin":[141],"Asterisk.":[143],"For":[144],"three":[145],"projects,":[148],"able":[151],"identify":[153],"zero-day":[154],"inspecting":[157],"only":[158],"small":[160],"fraction":[161],"bases.":[165]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":17},{"year":2023,"cited_by_count":25},{"year":2022,"cited_by_count":25},{"year":2021,"cited_by_count":31},{"year":2020,"cited_by_count":26},{"year":2019,"cited_by_count":24},{"year":2018,"cited_by_count":16},{"year":2017,"cited_by_count":14},{"year":2016,"cited_by_count":13},{"year":2015,"cited_by_count":8},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":6}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}