{"id":"https://openalex.org/W2403740588","doi":"https://doi.org/10.1145/2897845.2897850","title":"ORIGEN","display_name":"ORIGEN","publication_year":2016,"publication_date":"2016-05-27","ids":{"openalex":"https://openalex.org/W2403740588","doi":"https://doi.org/10.1145/2897845.2897850","mag":"2403740588"},"language":"en","primary_location":{"id":"doi:10.1145/2897845.2897850","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897845.2897850","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102893279","display_name":"Feng Qian","orcid":"https://orcid.org/0000-0003-2145-6683"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qian Feng","raw_affiliation_strings":["Syracuse University, Syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse University, Syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110290219","display_name":"Aravind Prakash","orcid":"https://orcid.org/0000-0002-2994-0480"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aravind Prakash","raw_affiliation_strings":["Binghamton University, Binghamton, NY, USA"],"affiliations":[{"raw_affiliation_string":"Binghamton University, Binghamton, NY, USA","institution_ids":["https://openalex.org/I123946342"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100325519","display_name":"Minghua Wang","orcid":"https://orcid.org/0000-0002-2270-2076"},"institutions":[{"id":"https://openalex.org/I98301712","display_name":"Baidu (China)","ror":"https://ror.org/03vs3wt56","country_code":"CN","type":"company","lineage":["https://openalex.org/I98301712"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Minghua Wang","raw_affiliation_strings":["Baidu Inc., Beijing, China"],"affiliations":[{"raw_affiliation_string":"Baidu Inc., Beijing, China","institution_ids":["https://openalex.org/I98301712"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069123336","display_name":"Curtis Carmony","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Curtis Carmony","raw_affiliation_strings":["Syracuse University, Syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse University, Syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073376805","display_name":"Heng Yin","orcid":"https://orcid.org/0000-0002-8942-7742"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Heng Yin","raw_affiliation_strings":["Syracuse University, Syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse University, Syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5102893279"],"corresponding_institution_ids":["https://openalex.org/I70983195"],"apc_list":null,"apc_paid":null,"fwci":0.23811105,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.53355082,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"11","last_page":"22"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8341234922409058},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6533973217010498},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5305923223495483},{"id":"https://openalex.org/keywords/offset","display_name":"Offset (computer science)","score":0.5275746583938599},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5178961753845215},{"id":"https://openalex.org/keywords/software-versioning","display_name":"Software versioning","score":0.4719128906726837},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.41937392950057983},{"id":"https://openalex.org/keywords/data-structure","display_name":"Data structure","score":0.4188777506351471},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.36347126960754395},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.35593581199645996},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3406216502189636},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.29894107580184937}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8341234922409058},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6533973217010498},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5305923223495483},{"id":"https://openalex.org/C175291020","wikidata":"https://www.wikidata.org/wiki/Q1156822","display_name":"Offset (computer science)","level":2,"score":0.5275746583938599},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5178961753845215},{"id":"https://openalex.org/C198140048","wikidata":"https://www.wikidata.org/wiki/Q10859422","display_name":"Software versioning","level":3,"score":0.4719128906726837},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41937392950057983},{"id":"https://openalex.org/C162319229","wikidata":"https://www.wikidata.org/wiki/Q175263","display_name":"Data structure","level":2,"score":0.4188777506351471},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.36347126960754395},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.35593581199645996},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3406216502189636},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.29894107580184937},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2897845.2897850","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897845.2897850","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4099999964237213,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W200653874","https://openalex.org/W224410497","https://openalex.org/W596492259","https://openalex.org/W1580559113","https://openalex.org/W1641762327","https://openalex.org/W1690253345","https://openalex.org/W1942295288","https://openalex.org/W1966973702","https://openalex.org/W1979400615","https://openalex.org/W1991563835","https://openalex.org/W2006172326","https://openalex.org/W2012604743","https://openalex.org/W2029491280","https://openalex.org/W2048134700","https://openalex.org/W2048693719","https://openalex.org/W2068211976","https://openalex.org/W2068612839","https://openalex.org/W2106270115","https://openalex.org/W2112725702","https://openalex.org/W2112731379","https://openalex.org/W2114067856","https://openalex.org/W2135162105","https://openalex.org/W2138580357","https://openalex.org/W2140807364","https://openalex.org/W2144006591","https://openalex.org/W2149674423","https://openalex.org/W2150204531","https://openalex.org/W2159265516","https://openalex.org/W2160637255","https://openalex.org/W2398729674","https://openalex.org/W2504609973","https://openalex.org/W3011088748","https://openalex.org/W6677084613"],"related_works":["https://openalex.org/W1503327463","https://openalex.org/W2197476572","https://openalex.org/W2224782615","https://openalex.org/W106189515","https://openalex.org/W2014294357","https://openalex.org/W2166862480","https://openalex.org/W2787993192","https://openalex.org/W2026622245","https://openalex.org/W2986645471","https://openalex.org/W2163048279"],"abstract_inverted_index":{"Semantic":[0],"gap":[1],"is":[2,100],"a":[3,36,65,83,91,112,142,177,193,247,254,261],"prominent":[4],"problem":[5],"in":[6,11,49,141,155],"raw":[7],"memory":[8,17,23,95,279],"analysis,":[9],"especially":[10],"Virtual":[12],"Machine":[13],"Introspection":[14],"(VMI)":[15],"and":[16,25,42,145,184,211,229],"forensics.":[18],"For":[19],"COTS":[20],"software,":[21],"common":[22],"forensics":[24],"VMI":[26,262],"tools":[27],"rely":[28],"on":[29,126,238],"the":[30,39,47,50,57,61,103,116,119,148,160,169,172,204,218,277,288,300],"so-called":[31],"\"data":[32],"structure":[33,48,220],"profiles\"":[34],"--":[35],"mapping":[37],"between":[38],"semantic":[40,267],"variables":[41],"their":[43],"relative":[44],"offsets":[45],"within":[46,207],"binary.":[51],"Construction":[52],"of":[53,64,105,111,159,186,195,241,249,296],"such":[54,136],"profiles":[55,221],"requires":[56,73],"expert":[58],"knowledge":[59,117],"about":[60],"internal":[62],"working":[63],"specified":[66],"software":[67,113,144],"version.":[68,129,174],"At":[69],"most":[70],"time,":[71],"it":[72],"considerable":[74],"manual":[75],"efforts,":[76],"which":[77],"often":[78],"turns":[79],"out":[80],"to":[81,101,152,264,276],"be":[82],"cumbersome":[84],"process.":[85],"In":[86],"this":[87,131],"paper,":[88],"we":[89,133,166,214,257],"propose":[90],"notion":[92],"named":[93],"\"cross-version":[94],"analysis\",":[96],"wherein":[97],"our":[98],"goal":[99],"alleviate":[102],"process":[104],"profile":[106,170],"construction":[107],"for":[108,171,222,270,283,290],"new":[109,173],"versions":[110,240],"by":[114,192,202,303],"transferring":[115],"from":[118],"model":[120],"that":[121,201],"has":[122],"already":[123],"been":[124,189],"trained":[125],"its":[127],"old":[128],"To":[130],"end,":[132],"first":[134],"identify":[135],"Offset":[137],"Revealing":[138],"Instructions":[139],"(ORI)":[140],"given":[143],"then":[146],"leverage":[147],"code":[149],"search":[150,206],"techniques":[151],"label":[153],"ORIs":[154],"an":[156],"unknown":[157],"version":[158],"same":[161],"software.":[162],"With":[163],"labeled":[164],"ORIs,":[165],"can":[167,215,245,298],"localize":[168],"We":[175,272],"provide":[176],"proof-of-concept":[178],"implementation":[179],"called":[180],"ORIGEN.":[181,304],"The":[182,197,235],"efficacy":[183],"efficiency":[185],"ORIGEN":[187,244,259],"have":[188],"empirically":[190],"verified":[191],"number":[194],"softwares.":[196],"experimental":[198],"results":[199],"show":[200],"conducting":[203],"ORI":[205],"Windows":[208,223],"XP":[209,224],"SP0":[210],"Linux":[212,230],"3.5.0,":[213],"successfully":[216],"recover":[217],"data":[219],"SP2,":[225],"Vista,":[226],"Win":[227],"7,":[228],"2.6.32,":[231],"3.8.0,":[232],"3.13.0,":[233],"respectively.":[234],"systematical":[236],"evaluation":[237],"40":[239],"OpenSSH":[242,284],"demonstrates":[243],"achieve":[246,299],"precision":[248],"more":[250],"than":[251],"90%.":[252],"As":[253],"case":[255],"study,":[256],"integrate":[258],"into":[260],"tool":[263],"automatically":[265],"extract":[266],"information":[268],"required":[269],"VMI.":[271],"develop":[273],"two":[274],"plugins":[275],"Volatility":[278],"forensic":[280],"framework,":[281],"one":[282],"session":[285],"key":[286,293],"extraction,":[287],"other":[289],"encrypted":[291],"filesystem":[292],"extraction.":[294],"Both":[295],"them":[297],"cross-version":[301],"analysis":[302]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}