{"id":"https://openalex.org/W4405182558","doi":"https://doi.org/10.1145/3658644.3690372","title":"VMud: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching","display_name":"VMud: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405182558","doi":"https://doi.org/10.1145/3658644.3690372"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690372","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690372","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690372","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690372","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011365470","display_name":"Kaifeng Huang","orcid":"https://orcid.org/0009-0000-1513-8254"},"institutions":[{"id":"https://openalex.org/I116953780","display_name":"Tongji University","ror":"https://ror.org/03rc6as71","country_code":"CN","type":"education","lineage":["https://openalex.org/I116953780"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Kaifeng Huang","raw_affiliation_strings":["School of Software Engineering, Tongji University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Tongji University, Shanghai, China","institution_ids":["https://openalex.org/I116953780"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Chenhao Lu","orcid":"https://orcid.org/0009-0003-3377-9807"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chenhao Lu","raw_affiliation_strings":["School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101821319","display_name":"Yuhua Cao","orcid":"https://orcid.org/0009-0007-6101-8270"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiheng Cao","raw_affiliation_strings":["School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059253116","display_name":"Bihuan Chen","orcid":"https://orcid.org/0000-0001-7238-7492"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bihuan Chen","raw_affiliation_strings":["School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101854992","display_name":"Xin Peng","orcid":"https://orcid.org/0000-0003-3376-2581"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Peng","raw_affiliation_strings":["School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5011365470"],"corresponding_institution_ids":["https://openalex.org/I116953780"],"apc_list":null,"apc_paid":null,"fwci":2.2808,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.9136531,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"3958","last_page":"3972"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7131138443946838},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.5839785933494568},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.5507987141609192},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.5401412844657898},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5396708250045776},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5052042603492737},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.49033117294311523},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.48555299639701843},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48030298948287964},{"id":"https://openalex.org/keywords/statement","display_name":"Statement (logic)","score":0.46857142448425293},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.46625956892967224},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.46265798807144165},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.4100411534309387},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.25452762842178345},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.2152079939842224},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20510941743850708},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13925662636756897},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.07243406772613525}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7131138443946838},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.5839785933494568},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.5507987141609192},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.5401412844657898},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5396708250045776},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5052042603492737},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.49033117294311523},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.48555299639701843},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48030298948287964},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.46857142448425293},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.46625956892967224},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.46265798807144165},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.4100411534309387},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.25452762842178345},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2152079939842224},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20510941743850708},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13925662636756897},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.07243406772613525},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C548081761","wikidata":"https://www.wikidata.org/wiki/Q180388","display_name":"Waste management","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690372","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690372","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690372","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690372","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690372","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690372","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.550000011920929,"display_name":"Reduced inequalities","id":"https://metadata.un.org/sdg/10"}],"awards":[{"id":"https://openalex.org/G1121271761","display_name":null,"funder_award_id":"Program","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1811626316","display_name":null,"funder_award_id":"62402342","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G258867281","display_name":null,"funder_award_id":"62402342, 62332005, 62372114","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"},{"id":"https://openalex.org/G3085993365","display_name":null,"funder_award_id":"(Grant No.","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G391238517","display_name":null,"funder_award_id":", and","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5070653614","display_name":null,"funder_award_id":"62332005","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7726157001","display_name":null,"funder_award_id":"Grant No.","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8656946690","display_name":null,"funder_award_id":"62372114","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322449","display_name":"Tongji University","ror":"https://ror.org/03rc6as71"},{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405182558.pdf","grobid_xml":"https://content.openalex.org/works/W4405182558.grobid-xml"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W2067776455","https://openalex.org/W2081365411","https://openalex.org/W2108395261","https://openalex.org/W2133961160","https://openalex.org/W2138110817","https://openalex.org/W2139885493","https://openalex.org/W2399550884","https://openalex.org/W2559935471","https://openalex.org/W2634106992","https://openalex.org/W2752929869","https://openalex.org/W2885030880","https://openalex.org/W2914982603","https://openalex.org/W2962960733","https://openalex.org/W3014307249","https://openalex.org/W3117923638","https://openalex.org/W3160189022","https://openalex.org/W4210493608","https://openalex.org/W4223937600","https://openalex.org/W4224323202","https://openalex.org/W4226043105","https://openalex.org/W4239025696","https://openalex.org/W4284690592","https://openalex.org/W4302039922","https://openalex.org/W4308643066","https://openalex.org/W4308644396","https://openalex.org/W4380763529","https://openalex.org/W4384154537","https://openalex.org/W4384345641","https://openalex.org/W4384345698","https://openalex.org/W4384345724","https://openalex.org/W4385080397","https://openalex.org/W4391558363","https://openalex.org/W4394745640","https://openalex.org/W4394769548"],"related_works":["https://openalex.org/W167088980","https://openalex.org/W2475705533","https://openalex.org/W186129870","https://openalex.org/W3200522959","https://openalex.org/W4389944781","https://openalex.org/W2997993211","https://openalex.org/W120415280","https://openalex.org/W4383099232","https://openalex.org/W2384475851","https://openalex.org/W2000444236"],"abstract_inverted_index":{"The":[0],"widespread":[1],"use":[2],"of":[3,103,153,205,236],"open-source":[4],"software":[5,51],"(OSS)":[6],"has":[7,223],"led":[8],"to":[9,21,42,130,180,197],"extensive":[10],"code":[11,22,31],"reuse,":[12],"making":[13],"vulnerabilities":[14,19,45,61],"in":[15,24,50,84,92,96,177,234],"OSS":[16,25],"significantly":[17],"pervasive.The":[18],"due":[20,179],"reuse":[23],"are":[26,150],"commonly":[27],"known":[28],"as":[29],"vulnerable":[30,48,122],"clones":[32,124],"(VCCs)":[33,125],"or":[34],"recurring":[35,44],"vulnerabilities.Existing":[36],"approaches":[37,231],"primarily":[38],"employ":[39],"clone-based":[40],"techniques":[41,53],"detect":[43],"by":[46,138,201,212,232],"matching":[47,128,191,210],"functions":[49,65,90,143,164],"projects.These":[52],"do":[54],"not":[55],"incorporate":[56],"specially":[57],"designed":[58],"mechanisms":[59],"for":[60,71,114,146],"with":[62,117,173],"multiple":[63],"fixing":[64,73,89,155,163,184],"(VM).Typically,":[66],"they":[67],"generate":[68],"a":[69,79,111,135,151],"signature":[70,147],"each":[72,206],"function":[74,123,127,208],"and":[75,209],"report":[76],"VM":[77,145,200],"using":[78,192],"matching-one-in-all":[80],"approach.However,":[81],"the":[82,101,141,154,170,174,182,219],"variation":[83],"vulnerability":[85,229],"context":[86],"across":[87],"diverse":[88],"results":[91],"varying":[93],"accuracy":[94],"levels":[95],"detecting":[97,115],"VM,":[98],"potentially":[99],"limiting":[100],"effectiveness":[102],"existing":[104,131],"methods.In":[105],"this":[106],"paper,":[107],"we":[108],"introduce":[109],"VMud,":[110],"novel":[112],"approach":[113,137],"Vulnerabilities":[116],"Multiple":[118],"Fixing":[119],"Functions.VMud":[120],"identifies":[121],"through":[126],"similar":[129],"methods.However,":[132],"VMud":[133,160,186,226],"takes":[134],"different":[136],"only":[139],"selecting":[140],"critical":[142,194,207],"from":[144],"generation,":[148],"which":[149],"subset":[152],"functions.This":[156],"step":[157],"ensures":[158],"that":[159,165,225],"focuses":[161],"on":[162,218],"offer":[166],"sufficient":[167],"knowledge":[168],"about":[169],"VM.To":[171],"cope":[172],"potential":[175],"decrease":[176],"recall":[178],"excluding":[181],"remaining":[183],"functions,":[185],"employs":[187],"semantic":[188,214],"equivalent":[189,215],"statement":[190,216],"these":[193],"functions.It":[195],"aims":[196],"uncover":[198],"more":[199],"creating":[202],"two":[203,220],"signatures":[204],"precisely":[211],"contextual":[213],"mapping":[217],"signatures.Our":[221],"evaluation":[222],"demonstrated":[224],"surpasses":[227],"state-of-the-art":[228],"detection":[230],"30.30%":[233],"terms":[235],"F1-Score.Furthermore,":[237]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}