{"id":"https://openalex.org/W3109124773","doi":"https://doi.org/10.1145/3372297.3420014","title":"LPET -- Mining MS-Windows Software Privilege Escalation Vulnerabilities by Monitoring Interactive Behavior","display_name":"LPET -- Mining MS-Windows Software Privilege Escalation Vulnerabilities by Monitoring Interactive Behavior","publication_year":2020,"publication_date":"2020-10-30","ids":{"openalex":"https://openalex.org/W3109124773","doi":"https://doi.org/10.1145/3372297.3420014","mag":"3109124773"},"language":"en","primary_location":{"id":"doi:10.1145/3372297.3420014","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3372297.3420014","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051083658","display_name":"Can Huang","orcid":"https://orcid.org/0000-0002-4317-1016"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Can Huang","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102438645","display_name":"Xinhui Han","orcid":null},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinhui Han","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025995421","display_name":"Guorui Yu","orcid":null},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guorui Yu","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5051083658"],"corresponding_institution_ids":["https://openalex.org/I20231570"],"apc_list":null,"apc_paid":null,"fwci":0.1515,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.45839368,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"2089","last_page":"2091"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7827122807502747},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.7806967496871948},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6243007183074951},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5930570363998413},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4499564468860626},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4384695887565613},{"id":"https://openalex.org/keywords/backporting","display_name":"Backporting","score":0.4211951494216919},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.3161960542201996},{"id":"https://openalex.org/keywords/component-based-software-engineering","display_name":"Component-based software engineering","score":0.23468929529190063}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7827122807502747},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.7806967496871948},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6243007183074951},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5930570363998413},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4499564468860626},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4384695887565613},{"id":"https://openalex.org/C21491501","wikidata":"https://www.wikidata.org/wiki/Q430253","display_name":"Backporting","level":5,"score":0.4211951494216919},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.3161960542201996},{"id":"https://openalex.org/C174683762","wikidata":"https://www.wikidata.org/wiki/Q609588","display_name":"Component-based software engineering","level":4,"score":0.23468929529190063}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3372297.3420014","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3372297.3420014","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7300000190734863,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":2,"referenced_works":["https://openalex.org/W1976878954","https://openalex.org/W2806226817"],"related_works":["https://openalex.org/W2004157367","https://openalex.org/W2382234213","https://openalex.org/W2367207301","https://openalex.org/W4241145270","https://openalex.org/W2049696050","https://openalex.org/W2623459055","https://openalex.org/W1579538314","https://openalex.org/W2005453250","https://openalex.org/W1989927717","https://openalex.org/W1985927726"],"abstract_inverted_index":{"Local":[0],"Privilege":[1],"Escalation":[2],"(LPE)":[3],"is":[4,36,40],"a":[5,21,56,59,74,129,181],"common":[6,130],"attack":[7],"vector":[8],"used":[9],"by":[10,43,97,138],"attackers":[11,160],"to":[12,25,78,171],"gain":[13],"higher-level":[14],"permissions.":[15],"In":[16,116],"this":[17,65,188],"poster,":[18],"we":[19,127],"present":[20],"system":[22],"called":[23],"LPET":[24,67,90,106,120],"mine":[26],"LPE":[27,39],"vulnerabilities":[28,122],"of":[29,169,184],"third-party":[30],"software":[31,70,139,170,185],"in":[32,123,146],"MS-Windows.":[33],"Our":[34],"insight":[35],"that":[37,133,180],"the":[38,44,95,108,117,147,158,166],"often":[41],"caused":[42],"interactions":[45,53],"between":[46],"high-privilege":[47],"processes":[48],"and":[49,61,72,84,86,101,154],"user-controllable":[50,99,148],"files.":[51],"The":[52],"include":[54],"creating":[55],"file,":[57],"starting":[58],"process":[60],"others.":[62],"Based":[63],"on":[64],"observation,":[66],"first":[68],"monitors":[69],"behaviors":[71],"constructs":[73],"directed":[75],"interaction":[76],"graph":[77,96],"abstract":[79],"entities,":[80],"such":[81],"as":[82],"files":[83],"processes,":[85],"their":[87,103,173],"interactions.":[88],"Then":[89],"analyzes":[91],"exploiting":[92,109],"paths":[93,110],"from":[94,187],"extracting":[98],"entities":[100],"checking":[102],"privileges.":[104],"Finally,":[105],"verifies":[107],"using":[111],"replacement":[112],"or":[113],"hijacking":[114],"attacks.":[115],"preliminary":[118],"experiments,":[119],"found":[121,179],"various":[124],"software.":[125],"Moreover,":[126],"discovered":[128],"weakness":[131,189],"pattern":[132],"some":[134],"components":[135],"were":[136],"executed":[137],"with":[140,161,175],"high":[141,176],"privilege":[142,163],"after":[143],"being":[144],"released":[145],"temporary":[149],"directory":[150],"during":[151],"installation,":[152],"update,":[153],"uninstallation.":[155],"By":[156],"replacing":[157],"components,":[159],"low":[162],"can":[164],"hijack":[165],"execution":[167],"flow":[168],"execute":[172],"codes":[174],"privilege.":[177],"We":[178],"wide":[182],"range":[183],"suffers":[186],"pattern,":[190],"including":[191],"Cisco":[192],"AnyConnect,":[193],"Dropbox,":[194],"Notepad++.":[195]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-25T14:43:58.451035","created_date":"2025-10-10T00:00:00"}