{"id":"https://openalex.org/W3167325648","doi":"https://doi.org/10.1145/3433210.3437528","title":"Localizing Vulnerabilities Statistically From One Exploit","display_name":"Localizing Vulnerabilities Statistically From One Exploit","publication_year":2021,"publication_date":"2021-05-24","ids":{"openalex":"https://openalex.org/W3167325648","doi":"https://doi.org/10.1145/3433210.3437528","mag":"3167325648"},"language":"en","primary_location":{"id":"doi:10.1145/3433210.3437528","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3437528","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101919635","display_name":"Shiqi Shen","orcid":"https://orcid.org/0009-0002-5442-2121"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Shiqi Shen","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002158482","display_name":"Aashish Kolluri","orcid":"https://orcid.org/0000-0003-1792-4448"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Aashish Kolluri","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060673251","display_name":"Zhen Dong","orcid":"https://orcid.org/0000-0003-4433-5171"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zhen Dong","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034054081","display_name":"Prateek Saxena","orcid":"https://orcid.org/0000-0002-1875-8675"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Prateek Saxena","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060115298","display_name":"Abhik Roychoudhury","orcid":"https://orcid.org/0000-0002-7127-1137"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Abhik Roychoudhury","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101919635"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":5.4299,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.95741196,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"537","last_page":"549"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9546935558319092},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8397778868675232},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7803267240524292},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.6249030828475952},{"id":"https://openalex.org/keywords/test-suite","display_name":"Test suite","score":0.6048861145973206},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.6002784967422485},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5671955347061157},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5263917446136475},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4642959535121918},{"id":"https://openalex.org/keywords/fidelity","display_name":"Fidelity","score":0.46274474263191223},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.45833805203437805},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.44271910190582275},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.41510629653930664},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.37275511026382446},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36146295070648193},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3017549514770508},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.26492369174957275},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2151455283164978},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.17316922545433044},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.09537401795387268}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9546935558319092},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8397778868675232},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7803267240524292},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.6249030828475952},{"id":"https://openalex.org/C151552104","wikidata":"https://www.wikidata.org/wiki/Q7705809","display_name":"Test suite","level":4,"score":0.6048861145973206},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.6002784967422485},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5671955347061157},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5263917446136475},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4642959535121918},{"id":"https://openalex.org/C2776459999","wikidata":"https://www.wikidata.org/wiki/Q2119376","display_name":"Fidelity","level":2,"score":0.46274474263191223},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.45833805203437805},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.44271910190582275},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.41510629653930664},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.37275511026382446},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36146295070648193},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3017549514770508},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.26492369174957275},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2151455283164978},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.17316922545433044},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.09537401795387268},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3433210.3437528","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3437528","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5299999713897705,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W23405769","https://openalex.org/W101671200","https://openalex.org/W1984248430","https://openalex.org/W2040900440","https://openalex.org/W2052844069","https://openalex.org/W2062154010","https://openalex.org/W2077085538","https://openalex.org/W2102970979","https://openalex.org/W2107709519","https://openalex.org/W2110311336","https://openalex.org/W2133074421","https://openalex.org/W2137008041","https://openalex.org/W2138788987","https://openalex.org/W2151996777","https://openalex.org/W2153418968","https://openalex.org/W2162045655","https://openalex.org/W2164649341","https://openalex.org/W2170224888","https://openalex.org/W2295705535","https://openalex.org/W2296178404","https://openalex.org/W2320110444","https://openalex.org/W2343875716","https://openalex.org/W2467903332","https://openalex.org/W2515891506","https://openalex.org/W2620081107","https://openalex.org/W2766540688","https://openalex.org/W2897044322","https://openalex.org/W2946864865","https://openalex.org/W2958754741","https://openalex.org/W2974889942","https://openalex.org/W2998011150","https://openalex.org/W3026664326","https://openalex.org/W3049474072","https://openalex.org/W3129269689","https://openalex.org/W3140804348","https://openalex.org/W4240558819","https://openalex.org/W4245671428","https://openalex.org/W4248489389","https://openalex.org/W4250942327"],"related_works":["https://openalex.org/W2392503306","https://openalex.org/W2393340519","https://openalex.org/W2390459954","https://openalex.org/W4220885008","https://openalex.org/W2057803998","https://openalex.org/W2892115998","https://openalex.org/W4298219515","https://openalex.org/W2123075981","https://openalex.org/W2796094063","https://openalex.org/W2980033082"],"abstract_inverted_index":{"Automatic":[0],"vulnerability":[1,15,77],"diagnosis":[2],"can":[3,33,120],"help":[4],"security":[5,142],"analysts":[6],"identify":[7],"and,":[8],"therefore,":[9],"quickly":[10],"patch":[11,119],"disclosed":[12],"vulnerabilities.":[13],"The":[14],"localization":[16,41],"problem":[17],"is":[18,52],"to":[19,43,56],"automatically":[20,75],"find":[21],"a":[22,39,45,53,59,70,117],"program":[23],"point":[24],"at":[25],"which":[26,61,74],"the":[27,31,93,104,147],"\"root":[28],"cause\"":[29],"of":[30,95,103,106,126,141,150],"bug":[32],"be":[34,121],"fixed.":[35],"This":[36],"paper":[37],"employs":[38],"statistical":[40,151],"approach":[42],"analyze":[44],"given":[46,79],"exploit.":[47],"Our":[48,144],"main":[49],"technical":[50],"contribution":[51],"novel":[54],"procedure":[55],"systematically":[57],"construct":[58],"test-suite":[60],"enables":[62],"high-fidelity":[63],"localization.":[64],"We":[65],"build":[66],"our":[67],"techniques":[68],"in":[69,112,130],"tool":[71],"called":[72],"VulnLoc":[73,86],"pinpoints":[76],"locations,":[78],"just":[80],"one":[81],"exploit,":[82],"with":[83,155],"high":[84],"accuracy.":[85],"does":[87],"not":[88],"make":[89],"any":[90],"assumptions":[91],"about":[92,124],"availability":[94],"source":[96],"code,":[97],"test":[98],"suites,":[99],"or":[100],"specialized":[101],"knowledge":[102],"type":[105],"vulnerability.":[107],"It":[108],"identifies":[109],"actionable":[110],"locations":[111],"its":[113],"Top-5":[114],"outputs,":[115],"where":[116],"correct":[118],"applied,":[122],"for":[123],"88%":[125],"43":[127],"CVEs":[128],"arising":[129],"large":[131],"real-world":[132],"applications":[133],"we":[134],"study.":[135],"These":[136],"include":[137],"6":[138],"different":[139],"classes":[140],"flaws.":[143],"results":[145],"highlight":[146],"under-explored":[148],"power":[149],"analyses,":[152],"when":[153],"combined":[154],"suitable":[156],"test-generation":[157],"techniques.":[158]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}