{"id":"https://openalex.org/W2068612839","doi":"https://doi.org/10.1145/2786805.2786810","title":"Automatically deriving pointer reference expressions from binary code for memory dump analysis","display_name":"Automatically deriving pointer reference expressions from binary code for memory dump analysis","publication_year":2015,"publication_date":"2015-08-26","ids":{"openalex":"https://openalex.org/W2068612839","doi":"https://doi.org/10.1145/2786805.2786810","mag":"2068612839"},"language":"en","primary_location":{"id":"doi:10.1145/2786805.2786810","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2786805.2786810","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059583347","display_name":"Yangchun Fu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yangchun Fu","raw_affiliation_strings":["University of Texas at Dallas, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Texas at Dallas, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026864098","display_name":"Zhiqiang Lin","orcid":"https://orcid.org/0000-0001-6527-5994"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhiqiang Lin","raw_affiliation_strings":["University of Texas at Dallas, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Texas at Dallas, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016565332","display_name":"David Brumley","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Brumley","raw_affiliation_strings":["Carnegie Mellon University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.2256,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.9039253,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"614","last_page":"624"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/pointer","display_name":"Pointer (user interface)","score":0.8506962656974792},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8144994974136353},{"id":"https://openalex.org/keywords/pointer-analysis","display_name":"Pointer analysis","score":0.6574325561523438},{"id":"https://openalex.org/keywords/snapshot","display_name":"Snapshot (computer storage)","score":0.556710958480835},{"id":"https://openalex.org/keywords/traverse","display_name":"Traverse","score":0.5229154825210571},{"id":"https://openalex.org/keywords/crash","display_name":"Crash","score":0.4215036928653717},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.4181503653526306},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3696303367614746},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3388751149177551},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.3261002004146576},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.30148133635520935},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.27530723810195923},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.19416987895965576},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.13611668348312378},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.0846112072467804}],"concepts":[{"id":"https://openalex.org/C150202949","wikidata":"https://www.wikidata.org/wiki/Q107602","display_name":"Pointer (user interface)","level":2,"score":0.8506962656974792},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8144994974136353},{"id":"https://openalex.org/C7263679","wikidata":"https://www.wikidata.org/wiki/Q5978076","display_name":"Pointer analysis","level":3,"score":0.6574325561523438},{"id":"https://openalex.org/C55282118","wikidata":"https://www.wikidata.org/wiki/Q252683","display_name":"Snapshot (computer storage)","level":2,"score":0.556710958480835},{"id":"https://openalex.org/C176809094","wikidata":"https://www.wikidata.org/wiki/Q15401496","display_name":"Traverse","level":2,"score":0.5229154825210571},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.4215036928653717},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.4181503653526306},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3696303367614746},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3388751149177551},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.3261002004146576},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.30148133635520935},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.27530723810195923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.19416987895965576},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.13611668348312378},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0846112072467804},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2786805.2786810","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2786805.2786810","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.705.464","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.705.464","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.utdallas.edu/%7Ezhiqiang.lin/file/FSE15.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1615661958","display_name":null,"funder_award_id":"FA9550- 14-1-0119","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G8484359774","display_name":"CAREER: A Dual-VM Binary Code Reuse Based Framework for Automated Virtual Machine Introspection","funder_award_id":"1453011","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W5790907","https://openalex.org/W129452389","https://openalex.org/W143519483","https://openalex.org/W145782308","https://openalex.org/W173413620","https://openalex.org/W1489801944","https://openalex.org/W1533125894","https://openalex.org/W1549154409","https://openalex.org/W1557252148","https://openalex.org/W1710734607","https://openalex.org/W1981984793","https://openalex.org/W2005886648","https://openalex.org/W2035290250","https://openalex.org/W2065566278","https://openalex.org/W2089560940","https://openalex.org/W2102970979","https://openalex.org/W2110756602","https://openalex.org/W2122097147","https://openalex.org/W2124814646","https://openalex.org/W2126220112","https://openalex.org/W2135162105","https://openalex.org/W2137530017","https://openalex.org/W2146431583","https://openalex.org/W2151200195","https://openalex.org/W2166293939","https://openalex.org/W2167356302","https://openalex.org/W2168468057","https://openalex.org/W2397854955","https://openalex.org/W2399247437"],"related_works":["https://openalex.org/W2553375745","https://openalex.org/W2363386825","https://openalex.org/W2188526093","https://openalex.org/W1996094959","https://openalex.org/W2999115679","https://openalex.org/W2891057055","https://openalex.org/W2370320024","https://openalex.org/W3147482974","https://openalex.org/W2362627649","https://openalex.org/W2260512874"],"abstract_inverted_index":{"Given":[0],"a":[1,5,15,57,80,101,109,113,136,166],"crash":[2],"dump":[3],"or":[4,30],"kernel":[6,141,151],"memory":[7,167],"snapshot,":[8],"it":[9],"is":[10,76,103],"often":[11],"desirable":[12],"to":[13,22,34,49,128],"have":[14,124],"capability":[16],"that":[17,77,144],"can":[18,146],"traverse":[19],"its":[20],"pointers":[21,53,89,153],"locate":[23,50],"the":[24,28,36,52,61,66,106,149,158],"root":[25],"cause":[26],"of":[27,65,82,108,138],"crash,":[29],"check":[31],"their":[32],"integrity":[33],"detect":[35],"control":[37],"flow":[38],"hijacks.":[39],"To":[40],"achieve":[41],"this,":[42],"one":[43],"key":[44],"challenge":[45],"lies":[46],"in":[47],"how":[48,100],"where":[51],"are.":[54],"While":[55],"locating":[56,155],"pointer":[58,96,102,121,160],"usually":[59],"requires":[60],"data":[62,85],"structure":[63],"knowledge":[64],"corresponding":[67],"program,":[68],"an":[69],"important":[70],"advance":[71],"made":[72],"by":[73,154],"this":[74],"work":[75],"we":[78,145],"show":[79,143],"technique":[81],"extracting":[83],"address-independent":[84],"reference":[86,97,161],"expressions":[87,162],"for":[88],"through":[90,105],"dynamic":[91],"binary":[92],"analysis.":[93],"This":[94],"novel":[95],"expression":[98],"encodes":[99],"accessed":[104],"combination":[107],"base":[110],"address":[111],"(usually":[112],"global":[114],"variable)":[115],"with":[116,135],"certain":[117],"offset":[118],"and":[119,131],"further":[120],"dereferences.":[122],"We":[123],"applied":[125],"our":[126,132],"techniques":[127],"OS":[129],"kernels,":[130],"experimental":[133],"results":[134],"number":[137],"real":[139],"world":[140],"malware":[142],"correctly":[147],"identify":[148],"hijacked":[150],"function":[152],"them":[156],"using":[157],"extracted":[159],"when":[163],"only":[164],"given":[165],"snapshot.":[168]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":3}],"updated_date":"2026-06-22T08:00:12.763002","created_date":"2025-10-10T00:00:00"}