{"id":"https://openalex.org/W4293235803","doi":"https://doi.org/10.1145/3517036","title":"Scanner++: Enhanced Vulnerability Detection of Web Applications with Attack Intent Synchronization","display_name":"Scanner++: Enhanced Vulnerability Detection of Web Applications with Attack Intent Synchronization","publication_year":2022,"publication_date":"2022-04-23","ids":{"openalex":"https://openalex.org/W4293235803","doi":"https://doi.org/10.1145/3517036"},"language":"en","primary_location":{"id":"doi:10.1145/3517036","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3517036","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075865017","display_name":"Zijing Yin","orcid":"https://orcid.org/0000-0002-4914-836X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zijing Yin","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007432837","display_name":"Yiwen Xu","orcid":"https://orcid.org/0000-0002-8767-6454"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiwen Xu","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002804998","display_name":"Fuchen Ma","orcid":"https://orcid.org/0000-0002-1360-9814"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fuchen Ma","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059617536","display_name":"Haohao Gao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Haohao Gao","raw_affiliation_strings":["China Central Depository &amp; Clearing Co., Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"China Central Depository &amp; Clearing Co., Ltd., Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100393688","display_name":"Lei Qiao","orcid":"https://orcid.org/0000-0002-2637-9683"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lei Qiao","raw_affiliation_strings":["Beijing Institute of Control Engineering, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Control Engineering, Beijing, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060117799","display_name":"Yu Jiang","orcid":"https://orcid.org/0000-0003-0955-503X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yu Jiang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5075865017"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":2.5505,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.9142871,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"32","issue":"1","first_page":"1","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8276387453079224},{"id":"https://openalex.org/keywords/scanner","display_name":"Scanner","score":0.7813853621482849},{"id":"https://openalex.org/keywords/synchronization","display_name":"Synchronization (alternating current)","score":0.4658786654472351},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.441714882850647},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3767203092575073},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.35662978887557983},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3536991477012634},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2393609881401062},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2179635465145111}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8276387453079224},{"id":"https://openalex.org/C2779751349","wikidata":"https://www.wikidata.org/wiki/Q1474480","display_name":"Scanner","level":2,"score":0.7813853621482849},{"id":"https://openalex.org/C2778562939","wikidata":"https://www.wikidata.org/wiki/Q1298791","display_name":"Synchronization (alternating current)","level":3,"score":0.4658786654472351},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.441714882850647},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3767203092575073},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.35662978887557983},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3536991477012634},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2393609881401062},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2179635465145111},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3517036","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3517036","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5199999809265137}],"awards":[{"id":"https://openalex.org/G7483945918","display_name":null,"funder_award_id":"62022046, No.92167101, U1911401, 62021002, 61802223","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1489243061","https://openalex.org/W1536145689","https://openalex.org/W2111487235","https://openalex.org/W2120109169","https://openalex.org/W2149801502","https://openalex.org/W2162720432","https://openalex.org/W2620487885","https://openalex.org/W2773162022","https://openalex.org/W2894043771","https://openalex.org/W2956434198","https://openalex.org/W3039344911","https://openalex.org/W3111332788","https://openalex.org/W3125989628","https://openalex.org/W4299960733"],"related_works":["https://openalex.org/W4232857084","https://openalex.org/W4245233074","https://openalex.org/W1517555227","https://openalex.org/W2653993779","https://openalex.org/W762151464","https://openalex.org/W2389610024","https://openalex.org/W4239804034","https://openalex.org/W2911295078","https://openalex.org/W2001485867","https://openalex.org/W2031096545"],"abstract_inverted_index":{"Scanners":[0],"are":[1,15],"commonly":[2],"applied":[3],"for":[4],"detecting":[5],"vulnerabilities":[6,42,244],"in":[7,17],"web":[8,65,185,191],"applications.":[9],"Various":[10],"scanners":[11,70,145,251],"with":[12,75,170],"different":[13],"strategies":[14],"widely":[16,172],"use,":[18],"but":[19],"their":[20,73,140,148],"performance":[21],"is":[22],"challenged":[23],"by":[24,48],"the":[25,114,134,204,249],"increasing":[26],"diversity":[27],"of":[28,68,106,193,255],"target":[29],"applications":[30,186,192],"that":[31,43,63],"have":[32],"more":[33,49,152,218,225,234],"complex":[34],"attack":[35,51,76,103,107,110,130,149,154,226],"surfaces":[36,108],"(i.e.,":[37,53],"website":[38],"paths)":[39],"and":[40,101,109,156,166,178,187,211,228],"covert":[41],"can":[44,146],"only":[45,252],"be":[46],"exploited":[47],"sophisticated":[50],"vectors":[52,111,155],"payloads).":[54],"In":[55],"this":[56],"paper,":[57],"we":[58,164],"propose":[59],"Scanner++,":[60],"a":[61,83,88,96,122,194],"framework":[62,206],"improves":[64],"vulnerability":[66,159],"detection":[67,136,160],"existing":[69],"through":[71],"combining":[72],"capabilities":[74],"intent":[77,90,124],"synchronization.":[78],"We":[79],"design":[80],"Scanner++":[81,93,120,168,205,238],"as":[82],"proxy-based":[84],"architecture":[85],"while":[86,248],"using":[87],"package-based":[89],"synchronization":[91,125],"approach.":[92],"first":[94],"uses":[95,121],"purification":[97],"mechanism":[98,126],"to":[99,127,133,138],"aggregate":[100],"refine":[102],"intents,":[104],"consisting":[105],"extracted":[112],"from":[113,198],"base":[115,144,250],"scanners\u2019":[116,135],"request":[117],"packets.":[118],"Then,":[119],"runtime":[123],"select":[128],"relevant":[129],"intents":[131],"according":[132],"spots":[137],"guide":[139],"scanning":[141],"process.":[142],"Consequently,":[143],"expand":[147],"surfaces,":[150],"generate":[151],"diverse":[153],"achieve":[157],"better":[158],"performance.":[161],"For":[162],"evaluation,":[163],"implemented":[165],"integrated":[167],"together":[169],"four":[171],"used":[173],"scanners,":[174],"BurpSuite,":[175,208],"AWVS,":[176,209],"Arachni,":[177,210],"ZAP,":[179],"testing":[180],"it":[181],"on":[182,245],"ten":[183],"benchmark":[184],"three":[188,254],"well-tested":[189],"real-world":[190,246],"critical":[195],"financial":[196],"platform":[197],"our":[199],"industry":[200],"partner.":[201],"Working":[202],"under":[203],"helps":[207],"ZAP":[212],"cover":[213],"15.26%,":[214],"37.14%,":[215],"59.21%,":[216],"68.54%":[217],"pages,":[219],"construct":[220],"12.95\u00d7,":[221],"1.13\u00d7,":[222],"15.03\u00d7,":[223],"52.66\u00d7":[224],"packets,":[227],"discover":[229],"77,":[230,232],"55,":[231],"176":[233],"bugs,":[235],"respectively.":[236],"Furthermore,":[237],"detected":[239],"eight":[240],"serious":[241],"previously":[242],"unknown":[243],"applications,":[247],"found":[253],"them.":[256]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}