{"id":"https://openalex.org/W2532962075","doi":"https://doi.org/10.1145/2976749.2978370","title":"Scalable Graph-based Bug Search for Firmware Images","display_name":"Scalable Graph-based Bug Search for Firmware Images","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2532962075","doi":"https://doi.org/10.1145/2976749.2978370","mag":"2532962075"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978370","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978370","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102893279","display_name":"Feng Qian","orcid":"https://orcid.org/0000-0003-2145-6683"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qian Feng","raw_affiliation_strings":["Syracuse university, syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse university, syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074296321","display_name":"Rundong Zhou","orcid":"https://orcid.org/0009-0000-8996-2852"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rundong Zhou","raw_affiliation_strings":["Syracuse university, syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse university, syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102356807","display_name":"Chengcheng Xu","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chengcheng Xu","raw_affiliation_strings":["Syracuse university, syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse university, syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114930038","display_name":"Yao Cheng","orcid":"https://orcid.org/0000-0002-5402-875X"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yao Cheng","raw_affiliation_strings":["Syracuse university, syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse university, syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091240794","display_name":"Brian Testa","orcid":null},"institutions":[{"id":"https://openalex.org/I1280414376","display_name":"United States Air Force Research Laboratory","ror":"https://ror.org/02e2egq70","country_code":"US","type":"facility","lineage":["https://openalex.org/I1280414376","https://openalex.org/I1330347796","https://openalex.org/I4210102105","https://openalex.org/I4389425425"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Testa","raw_affiliation_strings":["Air Force Research Lab, Rome, NY, USA"],"affiliations":[{"raw_affiliation_string":"Air Force Research Lab, Rome, NY, USA","institution_ids":["https://openalex.org/I1280414376"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073376805","display_name":"Heng Yin","orcid":"https://orcid.org/0000-0002-8942-7742"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Heng Yin","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5102893279"],"corresponding_institution_ids":["https://openalex.org/I70983195"],"apc_list":null,"apc_paid":null,"fwci":17.0568,"has_fulltext":false,"cited_by_count":388,"citation_normalized_percentile":{"value":0.99461736,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"480","last_page":"491"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10627","display_name":"Advanced Image and Video Retrieval Techniques","score":0.9865000247955322,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8185356259346008},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.724315881729126},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.6543794274330139},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4374716877937317},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.32367438077926636},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.3225324749946594},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3218449652194977},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.30097389221191406},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1410636603832245}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8185356259346008},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.724315881729126},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.6543794274330139},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4374716877937317},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32367438077926636},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.3225324749946594},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3218449652194977},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.30097389221191406},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1410636603832245},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978370","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978370","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":58,"referenced_works":["https://openalex.org/W200653874","https://openalex.org/W596492259","https://openalex.org/W614438062","https://openalex.org/W1412775481","https://openalex.org/W1445387515","https://openalex.org/W1535669030","https://openalex.org/W1541459201","https://openalex.org/W1546956568","https://openalex.org/W1550206324","https://openalex.org/W1563577331","https://openalex.org/W1567790484","https://openalex.org/W1604459715","https://openalex.org/W1690253345","https://openalex.org/W1875112053","https://openalex.org/W1942295288","https://openalex.org/W1976921161","https://openalex.org/W1981276685","https://openalex.org/W1984978725","https://openalex.org/W1990762361","https://openalex.org/W1991772852","https://openalex.org/W1995739251","https://openalex.org/W1999970330","https://openalex.org/W2004791968","https://openalex.org/W2012459404","https://openalex.org/W2012604743","https://openalex.org/W2013075750","https://openalex.org/W2020498246","https://openalex.org/W2036718463","https://openalex.org/W2038276547","https://openalex.org/W2043118292","https://openalex.org/W2048693719","https://openalex.org/W2051990174","https://openalex.org/W2068894463","https://openalex.org/W2069268700","https://openalex.org/W2091939272","https://openalex.org/W2103924867","https://openalex.org/W2112725702","https://openalex.org/W2114986399","https://openalex.org/W2119812052","https://openalex.org/W2131846894","https://openalex.org/W2138756793","https://openalex.org/W2141807666","https://openalex.org/W2145343266","https://openalex.org/W2165874743","https://openalex.org/W2168103835","https://openalex.org/W2170607286","https://openalex.org/W2251864938","https://openalex.org/W2403740588","https://openalex.org/W2574017551","https://openalex.org/W2576376563","https://openalex.org/W2577142429","https://openalex.org/W3116316749","https://openalex.org/W4238452917","https://openalex.org/W4285719527","https://openalex.org/W6619192471","https://openalex.org/W6628233427","https://openalex.org/W6636411187","https://openalex.org/W6691474080"],"related_works":["https://openalex.org/W2582981600","https://openalex.org/W4389238932","https://openalex.org/W4387467152","https://openalex.org/W4212885212","https://openalex.org/W4379115910","https://openalex.org/W3010413952","https://openalex.org/W4253989935","https://openalex.org/W2810560948","https://openalex.org/W2070793896","https://openalex.org/W4206124993"],"abstract_inverted_index":{"Because":[0],"of":[1,58,187,199,231,259,292,302],"rampant":[2],"security":[3],"breaches":[4],"in":[5,10,36,61,75,92,185,242,283,297],"IoT":[6,12,37,59],"devices,":[7],"searching":[8,278],"vulnerabilities":[9,282],"massive":[11],"ecosystems":[13],"is":[14],"more":[15,138],"crucial":[16],"than":[17],"ever.":[18],"Recent":[19],"studies":[20],"have":[21,158],"demonstrated":[22],"that":[23,106,176,214,268],"control-flow":[24],"graph":[25,68],"(CFG)":[26],"based":[27,110],"bug":[28,45,84,95,161,170],"search":[29,46,85,96,101,151,162,171,219,244],"techniques":[30,97,105],"can":[31,147,216],"be":[32],"effective":[33],"and":[34,77,98,146,165,189,208,256,300],"accurate":[35],"devices":[38,60,201],"across":[39,143,253],"different":[40,144],"architectures.":[41],"However,":[42],"these":[43,298],"CFG-based":[44],"approaches":[47,180],"are":[48,137,294],"far":[49],"from":[50,115,205,289],"being":[51],"scalable":[52],"to":[53,65,140,276],"handle":[54],"an":[55],"enormous":[56],"amount":[57],"the":[62,89,116,121,130,238,243],"wild,":[63],"due":[64],"their":[66],"expensive":[67],"matching":[69],"overhead.":[70],"Inspired":[71],"by":[72,152,261],"rich":[73],"experience":[74],"image":[76],"video":[78],"search,":[79],"we":[80,119,246],"propose":[81],"a":[82,160,196,218],"new":[83],"scheme":[86],"which":[87,202],"addresses":[88],"scalability":[90],"challenge":[91],"existing":[93,104],"cross-platform":[94],"further":[99],"improves":[100],"accuracy.":[102,190],"Unlike":[103],"directly":[107],"conduct":[108],"searches":[109],"upon":[111],"raw":[112],"features":[113],"(CFGs)":[114],"binary":[117],"code,":[118],"convert":[120],"CFGs":[122],"into":[123],"high-level":[124,133],"numeric":[125,134],"feature":[126,135],"vectors.":[127],"Compared":[128],"with":[129,168],"CFG":[131],"feature,":[132],"vectors":[136],"robust":[139],"code":[141],"variation":[142],"architectures,":[145],"easily":[148],"achieve":[149],"realtime":[150],"using":[153],"state-of-the-art":[154],"hashing":[155],"techniques.":[156],"We":[157,191,265],"implemented":[159],"engine,":[163],"Genius,":[164],"compared":[166],"it":[167,269],"state-of-art":[169],"approaches.":[172],"Experimental":[173],"results":[174],"show":[175],"Genius":[177,194,215],"outperforms":[178],"baseline":[179],"for":[181,279],"various":[182],"query":[183],"loads":[184],"terms":[186],"speed":[188],"also":[192,266],"evaluated":[193],"on":[195,223,274],"real-world":[197],"dataset":[198],"33,045":[200],"was":[203],"collected":[204],"public":[206],"sources":[207],"our":[209,262],"system.":[210],"The":[211],"experiment":[212],"showed":[213],"finish":[217,277],"within":[220],"1":[221],"second":[222],"average":[224,275],"when":[225],"performed":[226],"over":[227],"8,126":[228],"firmware":[229,251,287],"images":[230,252,288],"420,558,702":[232],"functions.":[233],"By":[234],"only":[235,271],"looking":[236],"at":[237],"top":[239],"50":[240],"candidates":[241],"result,":[245],"found":[247,267],"38":[248],"potentially":[249,295],"vulnerable":[250,296],"5":[254],"vendors,":[255],"confirmed":[257],"23":[258],"them":[260,293,303],"manual":[263],"analysis.":[264],"took":[270],"0.1":[272],"seconds":[273],"all":[280],"154":[281],"two":[284],"latest":[285],"commercial":[286],"D-LINK.":[290],"103":[291],"images,":[299],"16":[301],"were":[304],"confirmed.":[305]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":50},{"year":2024,"cited_by_count":42},{"year":2023,"cited_by_count":55},{"year":2022,"cited_by_count":55},{"year":2021,"cited_by_count":64},{"year":2020,"cited_by_count":53},{"year":2019,"cited_by_count":41},{"year":2018,"cited_by_count":18},{"year":2017,"cited_by_count":8}],"updated_date":"2026-04-22T08:38:42.863108","created_date":"2025-10-10T00:00:00"}