{"id":"https://openalex.org/W3040278417","doi":"https://doi.org/10.1587/transinf.2019icp0016","title":"ROPminer: Learning-Based Static Detection of ROP Chain Considering Linkability of ROP Gadgets","display_name":"ROPminer: Learning-Based Static Detection of ROP Chain Considering Linkability of ROP Gadgets","publication_year":2020,"publication_date":"2020-06-30","ids":{"openalex":"https://openalex.org/W3040278417","doi":"https://doi.org/10.1587/transinf.2019icp0016","mag":"3040278417"},"language":"en","primary_location":{"id":"doi:10.1587/transinf.2019icp0016","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2019icp0016","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/7/E103.D_2019ICP0016/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/7/E103.D_2019ICP0016/_pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056722177","display_name":"Usui Toshinori","orcid":null},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Toshinori USUI","raw_affiliation_strings":["Institute of Industrial Science, The University of Tokyo","NTT Secure Platform Laboratories"],"affiliations":[{"raw_affiliation_string":"Institute of Industrial Science, The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]},{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042634142","display_name":"Tomonori Ikuse","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tomonori IKUSE","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019011248","display_name":"Yuto Otsuki","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuto OTSUKI","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058925200","display_name":"Yuhei Kawakoya","orcid":"https://orcid.org/0009-0005-9310-0493"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuhei KAWAKOYA","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102143401","display_name":"Makoto Iwamura","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Makoto IWAMURA","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031557291","display_name":"Jun Miyoshi","orcid":"https://orcid.org/0000-0002-4496-4800"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jun MIYOSHI","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060665991","display_name":"K. Matsuura","orcid":"https://orcid.org/0009-0005-0348-026X"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Kanta MATSUURA","raw_affiliation_strings":["Institute of Industrial Science, The University of Tokyo"],"affiliations":[{"raw_affiliation_string":"Institute of Industrial Science, The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5056722177"],"corresponding_institution_ids":["https://openalex.org/I74801974"],"apc_list":null,"apc_paid":null,"fwci":0.6061,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.66122449,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"E103.D","issue":"7","first_page":"1476","last_page":"1492"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9006471037864685},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.8197891116142273},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6299986839294434},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.569843053817749},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.5647153258323669},{"id":"https://openalex.org/keywords/millisecond","display_name":"Millisecond","score":0.48510944843292236},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.41282349824905396},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.40952610969543457},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.31688907742500305},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.29902446269989014},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.29318445920944214},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17494234442710876}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9006471037864685},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.8197891116142273},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6299986839294434},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.569843053817749},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.5647153258323669},{"id":"https://openalex.org/C60327585","wikidata":"https://www.wikidata.org/wiki/Q723733","display_name":"Millisecond","level":2,"score":0.48510944843292236},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.41282349824905396},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.40952610969543457},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.31688907742500305},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.29902446269989014},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.29318445920944214},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17494234442710876},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C1276947","wikidata":"https://www.wikidata.org/wiki/Q333","display_name":"Astronomy","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1587/transinf.2019icp0016","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2019icp0016","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/7/E103.D_2019ICP0016/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1587/transinf.2019icp0016","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2019icp0016","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/7/E103.D_2019ICP0016/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.4699999988079071,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3040278417.pdf","grobid_xml":"https://content.openalex.org/works/W3040278417.grobid-xml"},"referenced_works_count":26,"referenced_works":["https://openalex.org/W88849960","https://openalex.org/W102746433","https://openalex.org/W199961241","https://openalex.org/W1515653707","https://openalex.org/W1544471297","https://openalex.org/W1751925959","https://openalex.org/W1963947298","https://openalex.org/W1969501726","https://openalex.org/W1982829328","https://openalex.org/W1993651556","https://openalex.org/W2027966661","https://openalex.org/W2042058229","https://openalex.org/W2046215758","https://openalex.org/W2066293121","https://openalex.org/W2076342816","https://openalex.org/W2089448621","https://openalex.org/W2125838338","https://openalex.org/W2157912940","https://openalex.org/W2158302406","https://openalex.org/W2159216827","https://openalex.org/W2162800072","https://openalex.org/W2294586387","https://openalex.org/W2322247318","https://openalex.org/W2341443489","https://openalex.org/W2523221082","https://openalex.org/W2597604324"],"related_works":["https://openalex.org/W2546192109","https://openalex.org/W2189476992","https://openalex.org/W1512042544","https://openalex.org/W1480100973","https://openalex.org/W2491116732","https://openalex.org/W2913596058","https://openalex.org/W2109894153","https://openalex.org/W78927574","https://openalex.org/W2389314945","https://openalex.org/W3173353251"],"abstract_inverted_index":{"Return-oriented":[0],"programming":[1],"(ROP)":[2],"has":[3,200],"been":[4],"crucial":[5],"for":[6,54,73,119,138,171],"attackers":[7],"to":[8,38,58,77,82,101,108],"evade":[9],"the":[10,46,65,129,133,153,161],"security":[11],"mechanisms":[12],"of":[13],"recent":[14],"operating":[15],"systems.":[16],"Although":[17],"existing":[18,49,172],"ROP":[19,122,139,150,192,203],"detection":[20,27,32,205],"approaches":[21,50,63,90],"mainly":[22],"focus":[23],"on":[24,45,71],"host-based":[25],"intrusion":[26,31],"systems":[28,33],"(HIDSes),":[29],"network-based":[30],"(NIDSes)":[34],"are":[35,51,136,188],"also":[36],"desired":[37],"protect":[39],"various":[40],"hosts":[41],"including":[42],"IoT":[43],"devices":[44],"network.":[47],"However,":[48],"not":[52],"enough":[53],"network-level":[55],"protection":[56],"due":[57],"two":[59],"problems:":[60],"(1)":[61],"Dynamic":[62],"take":[64],"time":[66,86],"with":[67,206],"second-":[68],"or":[69],"minute-order":[70],"average":[72],"inspection.":[74],"For":[75,99],"applying":[76,100],"NIDSes,":[78,102],"millisecond-order":[79,202],"is":[80],"required":[81],"achieve":[83],"near":[84],"real":[85],"detection.":[87],"(2)":[88],"Static":[89],"generate":[91],"false":[92,103,110,168],"positives":[93,104,169],"because":[94],"they":[95,187],"use":[96],"heuristic":[97],"patterns.":[98],"should":[105],"be":[106],"minimized":[107],"suppress":[109],"alarms.":[111],"In":[112,164],"this":[113],"paper,":[114],"we":[115,166],"propose":[116],"a":[117,179,191],"method":[118,142,199],"statically":[120,176],"detecting":[121],"chains":[123],"in":[124,152],"malicious":[125],"data":[126],"by":[127,146,175],"learning":[128,157],"target":[130,154],"libraries":[131,134,155],"(i.e.,":[132],"that":[135,197],"used":[137],"gadgets).":[140],"Our":[141],"accelerates":[143],"its":[144],"inspection":[145,162,174],"exhaustively":[147],"collecting":[148],"feasible":[149],"gadgets":[151],"and":[156],"them":[158],"separated":[159],"from":[160],"step.":[163],"addition,":[165],"reduce":[167],"inevitable":[170],"static":[173],"verifying":[177],"whether":[178],"suspicious":[180],"byte":[181],"sequence":[182],"can":[183],"link":[184],"properly":[185],"when":[186],"executed":[189],"as":[190],"chain.":[193],"Experimental":[194],"results":[195],"showed":[196],"our":[198],"achieved":[201],"chain":[204],"high":[207],"precision.":[208]},"counts_by_year":[{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}