{"id":"https://openalex.org/W2296742596","doi":"https://doi.org/10.5220/0005561101000111","title":"Automated Exploit Detection using Path Profiling - The Disposition Should Matter, Not the Position","display_name":"Automated Exploit Detection using Path Profiling - The Disposition Should Matter, Not the Position","publication_year":2015,"publication_date":"2015-01-01","ids":{"openalex":"https://openalex.org/W2296742596","doi":"https://doi.org/10.5220/0005561101000111","mag":"2296742596"},"language":"en","primary_location":{"id":"doi:10.5220/0005561101000111","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0005561101000111","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th International Conference on Security and Cryptography","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.5220/0005561101000111","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082176992","display_name":"George Stergiopoulos","orcid":"https://orcid.org/0000-0002-5336-6765"},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"George Stergiopoulos","raw_affiliation_strings":["Athens University of Economics & Business (AUEB), Greece"],"affiliations":[{"raw_affiliation_string":"Athens University of Economics & Business (AUEB), Greece","institution_ids":["https://openalex.org/I73142707"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078519623","display_name":"Panagiotis Petsanas","orcid":null},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panagiotis Petsanas","raw_affiliation_strings":["Athens University of Economics & Business (AUEB), Greece"],"affiliations":[{"raw_affiliation_string":"Athens University of Economics & Business (AUEB), Greece","institution_ids":["https://openalex.org/I73142707"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002757052","display_name":"Panagiotis Katsaros","orcid":"https://orcid.org/0000-0002-4309-5295"},"institutions":[{"id":"https://openalex.org/I21370196","display_name":"Aristotle University of Thessaloniki","ror":"https://ror.org/02j61yw88","country_code":"GR","type":"education","lineage":["https://openalex.org/I21370196"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panagiotis Katsaros","raw_affiliation_strings":["Aristotle University of Thessaloniki, Greece"],"affiliations":[{"raw_affiliation_string":"Aristotle University of Thessaloniki, Greece","institution_ids":["https://openalex.org/I21370196"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023540661","display_name":"Dimitris Gritzalis","orcid":"https://orcid.org/0000-0002-7793-6128"},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Dimitris Gritzalis","raw_affiliation_strings":["Athens University of Economics & Business (AUEB), Greece"],"affiliations":[{"raw_affiliation_string":"Athens University of Economics & Business (AUEB), Greece","institution_ids":["https://openalex.org/I73142707"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5082176992"],"corresponding_institution_ids":["https://openalex.org/I73142707"],"apc_list":null,"apc_paid":null,"fwci":1.6468,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.89235016,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"100","last_page":"111"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8646717071533203},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7927291989326477},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6484922170639038},{"id":"https://openalex.org/keywords/dynamic-program-analysis","display_name":"Dynamic program analysis","score":0.5995673537254333},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.54722660779953},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5325820446014404},{"id":"https://openalex.org/keywords/program-slicing","display_name":"Program slicing","score":0.516070544719696},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.48033395409584045},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.4342513680458069},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4214804470539093},{"id":"https://openalex.org/keywords/program-analysis","display_name":"Program analysis","score":0.40826064348220825},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.23649263381958008},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22759437561035156},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20777961611747742},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11895588040351868}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8646717071533203},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7927291989326477},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6484922170639038},{"id":"https://openalex.org/C140006998","wikidata":"https://www.wikidata.org/wiki/Q2499307","display_name":"Dynamic program analysis","level":3,"score":0.5995673537254333},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.54722660779953},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5325820446014404},{"id":"https://openalex.org/C91071405","wikidata":"https://www.wikidata.org/wiki/Q1413145","display_name":"Program slicing","level":3,"score":0.516070544719696},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.48033395409584045},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.4342513680458069},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4214804470539093},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.40826064348220825},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.23649263381958008},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22759437561035156},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20777961611747742},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11895588040351868}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.5220/0005561101000111","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0005561101000111","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th International Conference on Security and Cryptography","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.701.2955","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.701.2955","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://delab.csd.auth.gr/%7Ekatsaros/Secrypt-2015.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.721.6230","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.721.6230","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.infosec.aueb.gr/Publications/SECRYPT-2015%20Automated%20exploits%20Site.pdf","raw_type":"text"}],"best_oa_location":{"id":"doi:10.5220/0005561101000111","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0005561101000111","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th International Conference on Security and Cryptography","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6600000262260437}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W60457961","https://openalex.org/W150579384","https://openalex.org/W158805393","https://openalex.org/W245128540","https://openalex.org/W1424123089","https://openalex.org/W1505465226","https://openalex.org/W1541063262","https://openalex.org/W1644882639","https://openalex.org/W1975428729","https://openalex.org/W1986453394","https://openalex.org/W1989657183","https://openalex.org/W1998899601","https://openalex.org/W2002079460","https://openalex.org/W2024284069","https://openalex.org/W2025411198","https://openalex.org/W2057343601","https://openalex.org/W2077127398","https://openalex.org/W2077937403","https://openalex.org/W2094018187","https://openalex.org/W2117353399","https://openalex.org/W2137008041","https://openalex.org/W2167075392","https://openalex.org/W2293624369","https://openalex.org/W2328234520","https://openalex.org/W2435251607","https://openalex.org/W2624697062"],"related_works":["https://openalex.org/W3111646971","https://openalex.org/W2289630902","https://openalex.org/W2165750732","https://openalex.org/W2104654077","https://openalex.org/W2895825088","https://openalex.org/W2081659623","https://openalex.org/W2005835674","https://openalex.org/W4285814480","https://openalex.org/W2070948110","https://openalex.org/W48604291"],"abstract_inverted_index":{"Abstract:":[0],"Recent":[1],"advances":[2],"in":[3,10,20,76,96,122],"static":[4,148],"and":[5,39,53,62,67,106,119,150,188,211],"dynamic":[6],"program":[7,120],"analysis":[8,29,61,149,166],"resulted":[9],"tools":[11],"capable":[12],"to":[13,72,180,217],"detect":[14],"various":[15],"types":[16,36],"of":[17,37,46,79,93,116,144,152,203,240,251],"security":[18],"bugs":[19,38],"the":[21,77,91,97,140,185,220],"Applications":[22],"under":[23],"Test":[24,254],"(AUTs).":[25],"However,":[26],"any":[27,270],"such":[28],"is":[30,41,87,136,159,201,230],"designed":[31],"for":[32,138],"a":[33,59,68,162,169,204,226],"priori":[34],"specified":[35],"it":[40],"characterized":[42,177,202],"by":[43,147,183,232,246],"some":[44],"rate":[45],"false":[47,51,271],"positives":[48],"or":[49],"even":[50],"negatives":[52],"certain":[54],"scalability":[55],"limitations.":[56],"We":[57],"present":[58],"new":[60],"source":[63,98],"code":[64,74,99,228,265],"classification":[65,134],"technique,":[66],"pro-totype":[69],"tool":[70],"aiming":[71],"aid":[73],"reviews":[75],"detection":[78],"general":[80],"information":[81],"flow":[82],"dependent":[83],"bugs.":[84],"Our":[85],"approach":[86,242],"based":[88],"on":[89],"classifying":[90],"criticality":[92],"likely":[94],"exploits":[95,174,266],"using":[100,161],"two":[101,196],"measuring":[102],"functions,":[103],"namely":[104],"Severity":[105,141,187,210],"Vulnerability.":[107],"For":[108],"an":[109,123,129,145,192],"AUT,":[110],"we":[111,127],"analyse":[112],"every":[113],"single":[114],"pair":[115],"input":[117],"vector":[118],"sink":[121],"execution":[124],"path,":[125],"which":[126,256],"call":[128],"Information":[130],"Block":[131],"(IB).":[132],"A":[133],"technique":[135],"introduced":[137],"quantifying":[139],"(danger":[142],"level)":[143],"IB":[146,200],"computation":[151],"its":[153,209],"En-tropy":[154],"Loss.":[155],"An":[156,199],"IB\u2019s":[157],"Vulnerability":[158,189,212],"quantified":[160],"tainted":[163],"object":[164],"propagation":[165],"along":[167],"with":[168,178],"Fuzzy":[170],"Logic":[171],"system.":[172],"Possible":[173],"are":[175],"then":[176],"respect":[179],"their":[181],"Risk":[182],"combining":[184],"computed":[186],"measurements":[190],"through":[191],"aggregation":[193],"operation":[194],"over":[195],"fuzzy":[197],"sets.":[198],"high":[205],"risk,":[206],"when":[207],"both":[208],"rankings":[213],"have":[214],"been":[215,244],"found":[216],"be":[218],"above":[219],"low":[221],"zone.":[222],"In":[223],"this":[224],"case,":[225],"detected":[227,268],"exploit":[229],"reported":[231],"our":[233,241],"prototype":[234],"tool,":[235],"called":[236],"Entroine.":[237],"The":[238],"effectiveness":[239],"has":[243],"tested":[245],"analysing":[247],"45":[248],"Java":[249],"programs":[250],"NIST\u2019s":[252],"Juliet":[253],"Suite,":[255],"implement":[257],"three":[258],"different":[259],"common":[260],"weakness":[261],"exploits.":[262],"All":[263],"existing":[264],"were":[267],"without":[269],"positive.":[272],"1":[273]},"counts_by_year":[{"year":2018,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}