{"id":"https://openalex.org/W4385688172","doi":"https://doi.org/10.1145/3600160.3605034","title":"Program Characterization for Software Exploitation Detection","display_name":"Program Characterization for Software Exploitation Detection","publication_year":2023,"publication_date":"2023-08-09","ids":{"openalex":"https://openalex.org/W4385688172","doi":"https://doi.org/10.1145/3600160.3605034"},"language":"en","primary_location":{"id":"doi:10.1145/3600160.3605034","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3600160.3605034","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/conference_contribution/Program_Characterization_for_Software_Exploitation_Detection/23995986","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101764064","display_name":"Ayman Youssef","orcid":"https://orcid.org/0000-0002-0136-9534"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ayman Youssef","raw_affiliation_strings":["Deakin University, Australia"],"raw_orcid":"https://orcid.org/0000-0002-0136-9534","affiliations":[{"raw_affiliation_string":"Deakin University, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068173669","display_name":"Mohamed Abdelrazek","orcid":"https://orcid.org/0000-0003-3812-9785"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mohamed Abdelrazek","raw_affiliation_strings":["Deakin University, Australia"],"raw_orcid":"https://orcid.org/0000-0003-3812-9785","affiliations":[{"raw_affiliation_string":"Deakin University, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001203013","display_name":"Chandan Karmakar","orcid":"https://orcid.org/0000-0003-1814-0856"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Chandan Karmakar","raw_affiliation_strings":["Deakin University, Australia"],"raw_orcid":"https://orcid.org/0000-0003-1814-0856","affiliations":[{"raw_affiliation_string":"Deakin University, Australia","institution_ids":["https://openalex.org/I149704539"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.08722298,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/replicate","display_name":"Replicate","score":0.7586915493011475},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7402878999710083},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.6307895183563232},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5832321047782898},{"id":"https://openalex.org/keywords/novelty","display_name":"Novelty","score":0.5382001996040344},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.5325089693069458},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5267317295074463},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.41079992055892944},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3956446349620819},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.374938428401947},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08491450548171997},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.08415243029594421}],"concepts":[{"id":"https://openalex.org/C2781162219","wikidata":"https://www.wikidata.org/wiki/Q26250693","display_name":"Replicate","level":2,"score":0.7586915493011475},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7402878999710083},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.6307895183563232},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5832321047782898},{"id":"https://openalex.org/C2778738651","wikidata":"https://www.wikidata.org/wiki/Q16546687","display_name":"Novelty","level":2,"score":0.5382001996040344},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.5325089693069458},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5267317295074463},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.41079992055892944},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3956446349620819},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.374938428401947},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08491450548171997},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.08415243029594421},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C27206212","wikidata":"https://www.wikidata.org/wiki/Q34178","display_name":"Theology","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3600160.3605034","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3600160.3605034","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:figshare.com:article/23995986","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Program_Characterization_for_Software_Exploitation_Detection/23995986","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/23995986","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Program_Characterization_for_Software_Exploitation_Detection/23995986","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1856335686","https://openalex.org/W2054589004","https://openalex.org/W2088503757","https://openalex.org/W2495657724","https://openalex.org/W2534461193","https://openalex.org/W2597604324","https://openalex.org/W2795864650","https://openalex.org/W2804108441","https://openalex.org/W2883008388","https://openalex.org/W2950774332","https://openalex.org/W2962832406","https://openalex.org/W2976808284","https://openalex.org/W3000914570","https://openalex.org/W3008756550","https://openalex.org/W3160226526","https://openalex.org/W4205437532","https://openalex.org/W4229055032","https://openalex.org/W4250934777","https://openalex.org/W4306742290","https://openalex.org/W4312818044","https://openalex.org/W4377861489","https://openalex.org/W6600103761"],"related_works":["https://openalex.org/W4254851101","https://openalex.org/W3171007296","https://openalex.org/W22115721","https://openalex.org/W2211931904","https://openalex.org/W2065444835","https://openalex.org/W2321234655","https://openalex.org/W2381242807","https://openalex.org/W2470062578","https://openalex.org/W2952773340","https://openalex.org/W2413467815"],"abstract_inverted_index":{"Software":[0],"exploitation":[1,7,24,59,104,117,134],"is":[2,27,42,60,118],"an":[3,183,208],"ever-growing":[4],"problem.":[5],"Signature-based":[6],"detection":[8,25],"techniques":[9,99],"have":[10],"not":[11],"been":[12,161],"effective":[13],"as":[14],"malicious":[15],"actors":[16],"continuously":[17],"develop":[18],"circumvention":[19],"techniques.":[20,92],"Current":[21,52],"ML-based":[22,103,133],"(signature-less)":[23],"research":[26,128],"limited":[28],"in":[29,127,163,172],"quantity":[30],"and":[31,70,88,138,151,182,223],"use":[32,101],"cases.":[33],"Key":[34],"to":[35,46,120,196,231],"the":[36,43,72,122,220,226],"success":[37],"of":[38,111,180,186,205,211,219],"any":[39],"ML":[40,56,64,147],"model":[41],"characteristics":[44],"used":[45,119],"depict":[47],"program":[48,68,82,97],"behaviour":[49],"(i.e.,":[50],"features).":[51],"work":[53,125],"on":[54,62],"using":[55],"for":[57,74,100,132],"software":[58],"focused":[61],"novelty":[63],"algorithms":[65],"while":[66],"neglecting":[67],"characterization":[69,83,98],"under-reporting":[71],"approach":[73],"data":[75],"preparation.":[76],"There":[77],"are":[78,141,169],"two":[79,144],"main":[80],"competing":[81],"techniques,":[84],"micro-architecture":[85,89],"independent":[86],"(MAI)":[87],"dependent":[90],"(MAD)":[91],"This":[93],"study":[94,214],"evaluates":[95],"MAI":[96,131,166],"with":[102,143,207],"detection.":[105,135],"A":[106],"publicly":[107],"available":[108],"runtime-based":[109],"traces":[110],"11":[112],"Windows":[113],"applications":[114],"under":[115],"buffer-overflow":[116],"replicate":[121],"feature":[123,139,221],"engineering":[124],"found":[126],"that":[129,168,191,225],"uses":[130],"The":[136,153,213],"performance":[137],"importance":[140,222],"evaluated":[142],"different":[145],"ensemble":[146],"models":[148],"(Random":[149],"Forests":[150],"XGBoost).":[152],"results":[154],"demonstrate":[155],"that,":[156],"although":[157],"0%":[158],"FPR":[159],"has":[160],"achieved":[162],"all":[164],"datasets,":[165],"features":[167,190,198,229],"purely":[170],"fine-grained":[171,197],"nature":[173],"can":[174,200],"achieve":[175,201],"a":[176,193,202,216],"maximum":[177,203],"recall":[178,185,204],"value":[179,210],"100%":[181,206],"average":[184,209],"40%,":[187],"respectively.":[188],"While":[189],"contain":[192],"higher":[194],"coarse-grained":[195],"ratio":[199],"62%.":[212],"provides":[215],"detailed":[217],"discussion":[218],"reveals":[224],"most":[227],"important":[228],"relate":[230],"memory":[232],"traffic":[233],"characteristics.":[234]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}