{"id":"https://openalex.org/W3214251355","doi":"https://doi.org/10.1145/3460120.3484594","title":"Facilitating Vulnerability Assessment through PoC Migration","display_name":"Facilitating Vulnerability Assessment through PoC Migration","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3214251355","doi":"https://doi.org/10.1145/3460120.3484594","mag":"3214251355"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484594","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484594","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012269735","display_name":"Jiarun Dai","orcid":"https://orcid.org/0009-0002-5636-7808"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiarun Dai","raw_affiliation_strings":["Fudan University, Shanghai, UNK, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, UNK, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100368650","display_name":"Yuan Zhang","orcid":"https://orcid.org/0000-0001-5538-1478"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Zhang","raw_affiliation_strings":["Fudan University, Shanghai, UNK, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, UNK, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080670566","display_name":"Hailong Xu","orcid":"https://orcid.org/0000-0002-1739-8604"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hailong Xu","raw_affiliation_strings":["Fudan University, Shanghai, UNK, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, UNK, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032593920","display_name":"Haiming Lyu","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haiming Lyu","raw_affiliation_strings":["Fudan University, Shanghai, UNK, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, UNK, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014141188","display_name":"Zicheng Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zicheng Wu","raw_affiliation_strings":["Fudan University, Shanghai, UNK, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, UNK, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041094652","display_name":"Xinyu Xing","orcid":"https://orcid.org/0000-0001-6733-226X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinyu Xing","raw_affiliation_strings":["Pennsylvania State University, Philadelphia, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, Philadelphia, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052437722","display_name":"Min Yang","orcid":"https://orcid.org/0000-0001-9714-5545"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Min Yang","raw_affiliation_strings":["Fudan University, Shanghai, UNK, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, UNK, China","institution_ids":["https://openalex.org/I24943067"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5012269735"],"corresponding_institution_ids":["https://openalex.org/I24943067"],"apc_list":null,"apc_paid":null,"fwci":4.4066,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.94860401,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3300","last_page":"3317"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8942394256591797},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.821739912033081},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.8210676908493042},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8195112347602844},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.716869592666626},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6584768891334534},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.6010551452636719},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5988587141036987},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.4156067669391632},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28249359130859375},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.23079532384872437},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.23048275709152222},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.1453668177127838},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.065805584192276}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8942394256591797},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.821739912033081},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.8210676908493042},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8195112347602844},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.716869592666626},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6584768891334534},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.6010551452636719},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5988587141036987},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.4156067669391632},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28249359130859375},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.23079532384872437},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.23048275709152222},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.1453668177127838},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.065805584192276},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3460120.3484594","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484594","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6800000071525574,"display_name":"Reduced inequalities","id":"https://metadata.un.org/sdg/10"}],"awards":[{"id":"https://openalex.org/G3062299927","display_name":null,"funder_award_id":"21QA1400700","funder_id":"https://openalex.org/F4320327803","funder_display_name":"Shanghai Rising-Star Program"},{"id":"https://openalex.org/G4116449613","display_name":null,"funder_award_id":"U1836210,U1836213,U1736208,61972099,62172105,62102093","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5125653371","display_name":null,"funder_award_id":"19ZR1404800","funder_id":"https://openalex.org/F4320309612","funder_display_name":"Natural Science Foundation of Shanghai"}],"funders":[{"id":"https://openalex.org/F4320309612","display_name":"Natural Science Foundation of Shanghai","ror":null},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320327803","display_name":"Shanghai Rising-Star Program","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W1546956568","https://openalex.org/W1942295288","https://openalex.org/W1984978725","https://openalex.org/W1990762361","https://openalex.org/W2012604743","https://openalex.org/W2076620974","https://openalex.org/W2088479623","https://openalex.org/W2096522207","https://openalex.org/W2102443632","https://openalex.org/W2130200371","https://openalex.org/W2138385884","https://openalex.org/W2138756793","https://openalex.org/W2286236884","https://openalex.org/W2414803796","https://openalex.org/W2493109812","https://openalex.org/W2532717356","https://openalex.org/W2538458302","https://openalex.org/W2577142429","https://openalex.org/W2634106992","https://openalex.org/W2741600166","https://openalex.org/W2766540688","https://openalex.org/W2781491433","https://openalex.org/W2795027827","https://openalex.org/W2886694146","https://openalex.org/W2888320512","https://openalex.org/W2891235722","https://openalex.org/W2927166905","https://openalex.org/W2956095933","https://openalex.org/W2963408280","https://openalex.org/W2987375469","https://openalex.org/W3000514891","https://openalex.org/W3007413911","https://openalex.org/W3014957459","https://openalex.org/W3015365135","https://openalex.org/W3019415692","https://openalex.org/W3019428952","https://openalex.org/W3043519510","https://openalex.org/W3101228802","https://openalex.org/W3108766814","https://openalex.org/W3212502694","https://openalex.org/W4285719527","https://openalex.org/W4301168982"],"related_works":["https://openalex.org/W614438062","https://openalex.org/W4226494072","https://openalex.org/W4205454537","https://openalex.org/W4381785649","https://openalex.org/W3173990398","https://openalex.org/W4385301282","https://openalex.org/W3170526652","https://openalex.org/W2547155723","https://openalex.org/W2942625968","https://openalex.org/W4287849816"],"abstract_inverted_index":{"Recent":[0],"research":[1],"shows":[2],"that,":[3],"even":[4],"for":[5],"vulnerability":[6],"reports":[7],"archived":[8],"by":[9,36,183],"MITRE/NIST,":[10],"they":[11],"usually":[12],"contain":[13],"incomplete":[14],"information":[15],"about":[16],"the":[17,46,50,54,59,63,66,71,76,80,84,88,94,105,109,177],"software's":[18],"vulnerable":[19,25],"versions,":[20],"making":[21],"users":[22],"of":[23,53,65,103,129,171,179,190],"under-reported":[24],"versions":[26,128,189],"at":[27],"risk.":[28],"In":[29],"this":[30,34,42,114],"work,":[31],"we":[32,91,153,186],"address":[33],"problem":[35],"introducing":[37],"a":[38,100],"fuzzing-based":[39],"method.":[40],"Technically,":[41],"approach":[43],"first":[44],"collects":[45],"crashing":[47],"trace":[48,60,77],"on":[49,83,126],"reference":[51,85],"version":[52,73,149],"software.":[55],"Then,":[56],"it":[57],"utilizes":[58],"to":[61,79,134,150,195],"guide":[62],"mutation":[64],"PoC":[67,146,180],"input":[68],"so":[69],"that":[70,93,192],"target":[72,95],"could":[74,98],"follow":[75],"similar":[78],"one":[81,148],"observed":[82],"version.":[86],"Under":[87],"mutated":[89],"input,":[90],"argue":[92],"version's":[96],"execution":[97],"have":[99],"higher":[101],"chance":[102],"triggering":[104],"bug":[106],"and":[107,139,164],"demonstrating":[108],"vulnerability's":[110],"existence.":[111],"We":[112,166],"implement":[113],"idea":[115],"as":[116,197],"an":[117],"automated":[118],"tool,":[119],"named":[120],"VulScope.":[121],"Using":[122],"30":[123],"real-world":[124],"CVEs":[125],"470":[127],"software,":[130],"VulScope":[131,168],"is":[132],"demonstrated":[133],"introduce":[135],"no":[136],"false":[137,142],"positives":[138],"only":[140],"7.9%":[141],"negatives":[143],"while":[144,175],"migrating":[145],"from":[147],"another.":[151],"Besides,":[152],"also":[154],"compare":[155],"our":[156],"method":[157],"with":[158],"two":[159],"representative":[160],"fuzzing":[161],"tools":[162],"AFL":[163],"AFLGO.":[165],"find":[167],"outperforms":[169],"both":[170],"these":[172],"existing":[173],"techniques":[174],"taking":[176],"task":[178],"migration.":[181],"Finally,":[182],"using":[184],"VulScope,":[185],"identify":[187],"330":[188],"software":[191],"MITRE/NIST":[193],"fails":[194],"report":[196],"vulnerable.":[198]},"counts_by_year":[{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}