{"id":"https://openalex.org/W4306406268","doi":"https://doi.org/10.1145/3545948.3545981","title":"Towards Deceptive Defense in Software Security with Chaff Bugs","display_name":"Towards Deceptive Defense in Software Security with Chaff Bugs","publication_year":2022,"publication_date":"2022-10-17","ids":{"openalex":"https://openalex.org/W4306406268","doi":"https://doi.org/10.1145/3545948.3545981"},"language":"en","primary_location":{"id":"doi:10.1145/3545948.3545981","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3545948.3545981","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048666984","display_name":"Zhenghao Hu","orcid":"https://orcid.org/0000-0002-2146-888X"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zhenghao Hu","raw_affiliation_strings":["New York University, United States of America"],"affiliations":[{"raw_affiliation_string":"New York University, United States of America","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103058328","display_name":"Yu Hu","orcid":"https://orcid.org/0000-0003-2194-2163"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yu Hu","raw_affiliation_strings":["New York University, United States of America"],"affiliations":[{"raw_affiliation_string":"New York University, United States of America","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060815601","display_name":"Brendan Dolan-Gavitt","orcid":"https://orcid.org/0000-0002-8867-4282"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brendan Dolan-Gavitt","raw_affiliation_strings":["New York University, United States of America"],"affiliations":[{"raw_affiliation_string":"New York University, United States of America","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5048666984"],"corresponding_institution_ids":["https://openalex.org/I57206974"],"apc_list":null,"apc_paid":null,"fwci":0.4462,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.58924659,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"43","last_page":"55"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.956391453742981},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.8642070889472961},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7759432196617126},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.7035426497459412},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6102313995361328},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5437125563621521},{"id":"https://openalex.org/keywords/chaff","display_name":"Chaff","score":0.5082408785820007},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4774627983570099},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3423922061920166},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1853671371936798},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.10680398344993591}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.956391453742981},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.8642070889472961},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7759432196617126},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.7035426497459412},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6102313995361328},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5437125563621521},{"id":"https://openalex.org/C78573896","wikidata":"https://www.wikidata.org/wiki/Q30470787","display_name":"Chaff","level":2,"score":0.5082408785820007},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4774627983570099},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3423922061920166},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1853671371936798},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.10680398344993591},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3545948.3545981","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3545948.3545981","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1480909796","https://openalex.org/W1965369505","https://openalex.org/W1996058992","https://openalex.org/W2030906223","https://openalex.org/W2051990174","https://openalex.org/W2072610876","https://openalex.org/W2089448621","https://openalex.org/W2093397575","https://openalex.org/W2109219878","https://openalex.org/W2126851641","https://openalex.org/W2156858199","https://openalex.org/W2215262239","https://openalex.org/W2560041978","https://openalex.org/W2574017551","https://openalex.org/W2734941459","https://openalex.org/W2884962025","https://openalex.org/W2898930465","https://openalex.org/W2964241064","https://openalex.org/W3195156628","https://openalex.org/W4289038676"],"related_works":["https://openalex.org/W4283750846","https://openalex.org/W2537809616","https://openalex.org/W2100022726","https://openalex.org/W2007984522","https://openalex.org/W1978034799","https://openalex.org/W2297096600","https://openalex.org/W3048815537","https://openalex.org/W2003584227","https://openalex.org/W2167539342","https://openalex.org/W2886678613"],"abstract_inverted_index":{"Sophisticated":[0],"attackers":[1,181],"find":[2,83,93],"bugs":[3,16,30,75,86,123,136,160,171],"in":[4,87,103,124],"software,":[5],"evaluate":[6],"their":[7],"exploitability,":[8],"and":[9,12,58,84,99,127,143,156,182],"then":[10],"create":[11],"launch":[13],"exploits":[14],"for":[15,117,120],"found":[17],"to":[18,23,28,32,82,105,130,137,163],"be":[19],"exploitable.":[20],"Most":[21],"efforts":[22],"secure":[24],"software":[25,88,139,152],"attempt":[26,81],"either":[27],"eliminate":[29],"or":[31],"add":[33,71,132],"mitigations":[34],"that":[35,76,147,158,169],"make":[36],"exploitation":[37],"more":[38],"difficult.":[39],"In":[40,110],"this":[41,63],"paper,":[42],"we":[43,69,113,145],"propose":[44],"a":[45,107,111],"new":[46],"defensive":[47],"technique":[48],"called":[49],"chaff":[50,170],"bugs,":[51,68],"which":[52],"instead":[53,70],"targets":[54],"the":[55,148,151],"bug":[56,98],"discovery":[57],"exploit":[59,85],"creation":[60],"stages":[61],"of":[62,74,134,150],"process.":[64],"Rather":[65],"than":[66],"eliminating":[67],"large":[72],"numbers":[73],"are":[77],"non-exploitable.":[78],"Attackers":[79],"who":[80],"will,":[89],"with":[90],"high":[91],"probability,":[92],"an":[94,175],"intentionally":[95],"placed":[96],"non-exploitable":[97,135],"waste":[100],"precious":[101],"resources":[102],"trying":[104],"build":[106],"working":[108],"exploit.":[109],"prototype,":[112],"demonstrate":[114,157],"two":[115],"strategies":[116],"ensuring":[118],"non-exploitability":[119],"memory":[121],"safety":[122],"C/C++":[125],"programs":[126],"use":[128],"them":[129],"automatically":[131],"thousands":[133],"real-world":[138],"such":[140],"as":[141,174],"nginx":[142],"libFLAC;":[144],"show":[146],"functionality":[149],"is":[153],"not":[154],"impaired":[155],"our":[159],"look":[161],"exploitable":[162],"current":[164],"triage":[165],"tools.":[166,185],"We":[167],"believe":[168],"can":[172],"serve":[173],"effective":[176],"deterrent":[177],"against":[178],"both":[179],"human":[180],"automated":[183],"bug-finding":[184]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}