{"id":"https://openalex.org/W2888047193","doi":"https://doi.org/10.1145/3238147.3238159","title":"ReScue: crafting regular expression DoS attacks","display_name":"ReScue: crafting regular expression DoS attacks","publication_year":2018,"publication_date":"2018-08-20","ids":{"openalex":"https://openalex.org/W2888047193","doi":"https://doi.org/10.1145/3238147.3238159","mag":"2888047193"},"language":"en","primary_location":{"id":"doi:10.1145/3238147.3238159","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3238147.3238159","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076914169","display_name":"Yuju Shen","orcid":null},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuju Shen","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102987690","display_name":"Yanyan Jiang","orcid":"https://orcid.org/0000-0001-7651-9560"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanyan Jiang","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052203980","display_name":"Chang Xu","orcid":"https://orcid.org/0000-0002-6299-4704"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chang Xu","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102695656","display_name":"Yu Ping","orcid":null},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ping Yu","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041674680","display_name":"Xiaoxing Ma","orcid":"https://orcid.org/0000-0001-7970-1384"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoxing Ma","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066196985","display_name":"Jian L\u00fc","orcid":"https://orcid.org/0000-0003-4599-7281"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jian Lu","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5076914169"],"corresponding_institution_ids":["https://openalex.org/I881766915"],"apc_list":null,"apc_paid":null,"fwci":6.1626,"has_fulltext":false,"cited_by_count":50,"citation_normalized_percentile":{"value":0.9709244,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"225","last_page":"235"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/regular-expression","display_name":"Regular expression","score":0.8784496784210205},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7765855193138123},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.698342502117157},{"id":"https://openalex.org/keywords/string-searching-algorithm","display_name":"String searching algorithm","score":0.6099056601524353},{"id":"https://openalex.org/keywords/string","display_name":"String (physics)","score":0.5855768322944641},{"id":"https://openalex.org/keywords/pattern-matching","display_name":"Pattern matching","score":0.5519440174102783},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.44346508383750916},{"id":"https://openalex.org/keywords/expression","display_name":"Expression (computer science)","score":0.419400155544281},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.32388007640838623},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2827540636062622},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.22542092204093933},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14965534210205078},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.12427598237991333},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.10004541277885437}],"concepts":[{"id":"https://openalex.org/C121329065","wikidata":"https://www.wikidata.org/wiki/Q185612","display_name":"Regular expression","level":2,"score":0.8784496784210205},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7765855193138123},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.698342502117157},{"id":"https://openalex.org/C7757238","wikidata":"https://www.wikidata.org/wiki/Q374040","display_name":"String searching algorithm","level":3,"score":0.6099056601524353},{"id":"https://openalex.org/C157486923","wikidata":"https://www.wikidata.org/wiki/Q1376436","display_name":"String (physics)","level":2,"score":0.5855768322944641},{"id":"https://openalex.org/C68859911","wikidata":"https://www.wikidata.org/wiki/Q1503724","display_name":"Pattern matching","level":2,"score":0.5519440174102783},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.44346508383750916},{"id":"https://openalex.org/C90559484","wikidata":"https://www.wikidata.org/wiki/Q778379","display_name":"Expression (computer science)","level":2,"score":0.419400155544281},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.32388007640838623},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2827540636062622},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.22542092204093933},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14965534210205078},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.12427598237991333},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.10004541277885437},{"id":"https://openalex.org/C37914503","wikidata":"https://www.wikidata.org/wiki/Q156495","display_name":"Mathematical physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3238147.3238159","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3238147.3238159","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W42443178","https://openalex.org/W87129872","https://openalex.org/W157156687","https://openalex.org/W187049233","https://openalex.org/W639355536","https://openalex.org/W1563402047","https://openalex.org/W1570445666","https://openalex.org/W1813069714","https://openalex.org/W1977321274","https://openalex.org/W1980938256","https://openalex.org/W1983424264","https://openalex.org/W1986152782","https://openalex.org/W1999374439","https://openalex.org/W2003250112","https://openalex.org/W2044058194","https://openalex.org/W2047094503","https://openalex.org/W2054801208","https://openalex.org/W2056820901","https://openalex.org/W2072607050","https://openalex.org/W2083735143","https://openalex.org/W2092382400","https://openalex.org/W2097461793","https://openalex.org/W2099540492","https://openalex.org/W2105956753","https://openalex.org/W2107709519","https://openalex.org/W2113422425","https://openalex.org/W2114869486","https://openalex.org/W2124479173","https://openalex.org/W2460699391","https://openalex.org/W2506796853","https://openalex.org/W2523499347","https://openalex.org/W2592057610","https://openalex.org/W2603401210","https://openalex.org/W2606344517","https://openalex.org/W2752340395","https://openalex.org/W2806253293","https://openalex.org/W3007533873","https://openalex.org/W3106010854","https://openalex.org/W3146438627","https://openalex.org/W4285719527","https://openalex.org/W4302339081"],"related_works":["https://openalex.org/W1549877447","https://openalex.org/W3125261964","https://openalex.org/W3145288231","https://openalex.org/W2181888227","https://openalex.org/W2371263218","https://openalex.org/W2504957479","https://openalex.org/W1492858093","https://openalex.org/W2092552144","https://openalex.org/W3216580934","https://openalex.org/W1980331464"],"abstract_inverted_index":{"Regular":[0],"expression":[1],"(regex)":[2],"with":[3,77,108],"modern":[4],"extensions":[5],"is":[6],"one":[7],"of":[8,52],"the":[9,83,109],"most":[10],"popular":[11,117],"string":[12,33],"processing":[13],"tools.":[14],"However,":[15],"poorly-designed":[16],"regexes":[17,92],"can":[18],"yield":[19],"exponentially":[20],"many":[21],"matching":[22],"steps,":[23],"and":[24,67,86,113],"lead":[25],"to":[26,44,49,116],"regex":[27],"Denial-of-Service":[28],"(ReDoS)":[29],"attacks":[30],"under":[31],"well-conceived":[32],"inputs.":[34],"This":[35],"paper":[36],"presents":[37],"Rescue,":[38],"a":[39,59,71],"three-phase":[40],"gray-box":[41],"analytical":[42],"technique,":[43,112],"automatically":[45],"generate":[46],"ReDoS":[47,124],"strings":[48,76,106],"highlight":[50],"vulnerabilities":[51],"given":[53],"regexes.":[54],"Rescue":[55,84,101,115],"systematically":[56],"seeds":[57],"(by":[58,63,70],"genetic":[60,65],"search),":[61,66],"incubates":[62],"another":[64],"finally":[68],"pumps":[69],"regex-dedicated":[72],"algorithm)":[73],"for":[74],"generating":[75],"maximized":[78],"search":[79],"time.":[80],"We":[81],"implemenmted":[82],"tool":[85],"evaluated":[87],"it":[88],"against":[89],"29,088":[90],"practical":[91],"in":[93],"real-world":[94],"projects.":[95],"The":[96],"evaluation":[97],"results":[98],"show":[99],"that":[100],"found":[102],"49%":[103],"more":[104],"attack":[105],"compared":[107],"best":[110],"existing":[111],"applying":[114],"GitHub":[118],"projects":[119],"discovered":[120],"ten":[121],"previously":[122],"unknown":[123],"vulnerabilities.":[125]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":1}],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2025-10-10T00:00:00"}