{"id":"https://openalex.org/W4388197345","doi":"https://doi.org/10.1145/3630253","title":"On Detecting and Measuring Exploitable JavaScript Functions in Real-world Applications","display_name":"On Detecting and Measuring Exploitable JavaScript Functions in Real-world Applications","publication_year":2023,"publication_date":"2023-10-26","ids":{"openalex":"https://openalex.org/W4388197345","doi":"https://doi.org/10.1145/3630253"},"language":"en","primary_location":{"id":"doi:10.1145/3630253","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3630253","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3630253","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3630253","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088609004","display_name":"Maryna Kluban","orcid":"https://orcid.org/0009-0006-8042-8462"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Maryna Kluban","raw_affiliation_strings":["Concordia University, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia University, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5088609004"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":2.7533,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.92146817,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"27","issue":"1","first_page":"1","last_page":"37"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.9294091463088989},{"id":"https://openalex.org/keywords/unobtrusive-javascript","display_name":"Unobtrusive JavaScript","score":0.916216254234314},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.79619300365448},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6041507720947266},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5477903485298157},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4960380494594574},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.437887579202652},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.43609052896499634},{"id":"https://openalex.org/keywords/rich-internet-application","display_name":"Rich Internet application","score":0.3934161961078644},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3607223629951477},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2179645299911499}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.9294091463088989},{"id":"https://openalex.org/C198240166","wikidata":"https://www.wikidata.org/wiki/Q2298909","display_name":"Unobtrusive JavaScript","level":4,"score":0.916216254234314},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.79619300365448},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6041507720947266},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5477903485298157},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4960380494594574},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.437887579202652},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.43609052896499634},{"id":"https://openalex.org/C103048170","wikidata":"https://www.wikidata.org/wiki/Q725485","display_name":"Rich Internet application","level":3,"score":0.3934161961078644},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3607223629951477},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2179645299911499}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3630253","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3630253","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3630253","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3630253","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3630253","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3630253","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388197345.pdf","grobid_xml":"https://content.openalex.org/works/W4388197345.grobid-xml"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W1943075983","https://openalex.org/W1987647365","https://openalex.org/W1990762361","https://openalex.org/W2042711539","https://openalex.org/W2094568767","https://openalex.org/W2110311336","https://openalex.org/W2138756793","https://openalex.org/W2201782208","https://openalex.org/W2584966780","https://openalex.org/W2789570312","https://openalex.org/W2796335629","https://openalex.org/W2883359218","https://openalex.org/W2888047193","https://openalex.org/W2888934130","https://openalex.org/W2898614297","https://openalex.org/W2901560623","https://openalex.org/W2923698584","https://openalex.org/W2955082894","https://openalex.org/W2991044292","https://openalex.org/W3036270494","https://openalex.org/W3043078865","https://openalex.org/W3097608674","https://openalex.org/W3107551709","https://openalex.org/W3125307739","https://openalex.org/W3129991213","https://openalex.org/W3131584678","https://openalex.org/W3138230581","https://openalex.org/W3194926883","https://openalex.org/W4226032099","https://openalex.org/W4281398044","https://openalex.org/W4287591147","https://openalex.org/W4299301436","https://openalex.org/W4301168982","https://openalex.org/W4316038653"],"related_works":["https://openalex.org/W650647575","https://openalex.org/W597036300","https://openalex.org/W2795601048","https://openalex.org/W3009852816","https://openalex.org/W1844100222","https://openalex.org/W2513223212","https://openalex.org/W42576273","https://openalex.org/W2403324299","https://openalex.org/W2621177934","https://openalex.org/W2169602156"],"abstract_inverted_index":{"JavaScript":[0,23,47,63,143,185,353],"is":[1,75],"often":[2],"rated":[3,321,327],"as":[4,78,322,328],"the":[5,11,35,42,89,93,97,111,156,159,162,167,188,193,261,280,288,347,357,362,368],"most":[6],"popular":[7],"programming":[8],"language":[9],"for":[10,29,205,315],"development":[12],"of":[13,20,99,158,181,216,263,279,292,319,341,370],"both":[14],"client-side":[15],"and":[16,69,133,192,212,232,237,242,286,325,365,372],"server-side":[17],"applications.":[18],"Because":[19],"its":[21],"popularity,":[22],"has":[24],"become":[25],"a":[26,83,100,107,124,147,173,178],"frequent":[27],"target":[28],"attackers":[30],"who":[31],"exploit":[32],"vulnerabilities":[33,51,160],"in":[34,58,62,92,141,172,282],"source":[36],"code":[37,60],"to":[38,106,137,153,306,361],"take":[39],"control":[40],"over":[41],"application.":[43],"To":[44],"address":[45],"these":[46],"security":[48,108,290],"issues,":[49],"such":[50,72],"must":[52],"be":[53,114,170],"identified":[54],"first.":[55],"Existing":[56],"studies":[57],"vulnerable":[59,84,90,101,130,139,184,203],"detection":[61,126,355,371],"mostly":[64],"consider":[65],"package-level":[66,73],"vulnerability":[67,125,168,190,208,298,354],"tracking":[68],"measurements.":[70],"However,":[71],"analysis":[74,151,278],"largely":[76],"imprecise,":[77],"real-world":[79,142],"services":[80],"that":[81,128,336],"include":[82],"package":[85],"may":[86,103],"not":[87,104],"use":[88],"functions":[91,140,186,225],"package.":[94],"Moreover,":[95],"even":[96],"inclusion":[98],"function":[102,112,363],"lead":[105],"problem":[109],"if":[110],"cannot":[113],"triggered":[115],"with":[116,146,255],"exploitable":[117],"inputs.":[118],"In":[119,271],"this":[120,197],"article,":[121],"we":[122,200,222,259,273,301,332],"develop":[123],"framework":[127],"uses":[129],"pattern":[131],"recognition":[132],"textual":[134],"similarity":[135],"methods":[136],"detect":[138,238],"projects,":[144],"combined":[145],"static":[148],"multi-file":[149],"taint":[150,257],"mechanism":[152],"further":[154,247],"assess":[155],"impact":[157],"on":[161],"whole":[163],"project":[164,307],"(i.e.,":[165],"whether":[166],"can":[169,351],"exploited":[171],"given":[174],"project).":[175],"We":[176,309],"compose":[177],"comprehensive":[179],"dataset":[180],"1,360":[182],"verified":[183,304],"using":[187],"Snyk":[189],"database":[191],"VulnCode-DB":[194],"project.":[195],"From":[196],"ground-truth":[198],"dataset,":[199],"build":[201],"our":[202,220,256,296,316,349],"patterns":[204],"two":[206],"common":[207],"types:":[209],"prototype":[210,240],"pollution":[211,241],"Regular":[213],"Expression":[214],"Denial":[215],"Service":[217],"(ReDoS).":[218],"With":[219,295],"framework,":[221],"analyze":[223],"9,205,654":[224],"(from":[226],"3,000":[227],"NPM":[228,253,269],"packages,":[229],"1,892":[230],"websites":[231],"557":[233],"Chrome":[234],"Web":[235],"extensions),":[236],"117,601":[239],"7,333":[243],"ReDoS":[244],"vulnerabilities.":[245],"By":[246],"processing":[248],"all":[249,303],"5,839":[250],"findings":[251,281,305],"from":[252,346,356],"packages":[254],"analyzer,":[258],"verify":[260],"exploitability":[262],"290":[264],"zero-day":[265],"cases":[266],"across":[267],"134":[268],"packages.":[270],"addition,":[272],"conduct":[274],"an":[275],"in-depth":[276],"contextual":[277],"17":[283],"popular/critical":[284],"projects":[285],"study":[287],"practical":[289],"exposure":[291],"20":[293],"functions.":[294],"semi-automated":[297],"reporting":[299],"functionality,":[300],"disclosed":[302],"owners.":[308],"also":[310],"obtained":[311,333],"25":[312],"published":[313],"CVEs":[314,335],"findings,":[317],"19":[318],"them":[320],"\u201cCritical\u201d":[323],"severity":[324],"six":[326],"\u201cHigh\u201d":[329],"severity.":[330],"Additionally,":[331],"169":[334],"are":[337],"currently":[338],"\u201cReserved\u201d":[339],"(as":[340],"Apr.":[342],"2023).":[343],"As":[344],"evident":[345],"results,":[348],"approach":[350],"shift":[352],"coarse":[358],"package/library":[359],"level":[360,364],"thus":[366],"improve":[367],"accuracy":[369],"aid":[373],"timely":[374],"patching.":[375]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}