{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,11]],"date-time":"2025-07-11T10:50:30Z","timestamp":1752231030604,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031575365"},{"type":"electronic","value":"9783031575372"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57537-2_12","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"191-207","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["VulMAE: Graph Masked Autoencoders for\u00a0Vulnerability Detection from\u00a0Source and\u00a0Binary Codes"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1239-8162","authenticated-orcid":false,"given":"Mahmoud","family":"Zamani","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0367-5962","authenticated-orcid":false,"given":"Saquib","family":"Irtiza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9300-1576","authenticated-orcid":false,"given":"Latifur","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0479-6280","authenticated-orcid":false,"given":"Kevin W.","family":"Hamlen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"12_CR1","unstructured":"Booth, H., Rike, D., Witte, G.A.: The national vulnerability database (NVD): Overview. ITL Bulletin, National Institute of Standards and Technology (2013)"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J.: BAP: a binary analysis platform. In: Proceedings of International Conference on Computer Aided Verification, pp. 463\u2013469 (2011)","DOI":"10.1007\/978-3-642-22110-1_37"},{"key":"12_CR3","doi-asserted-by":"publisher","first-page":"3280","DOI":"10.1109\/TSE.2021.3087402","volume":"48","author":"S Chakraborty","year":"2022","unstructured":"Chakraborty, S., Krishna, R., Ding, Y., Ray, B.: Deep learning based vulnerability detection: are we there yet. IEEE Trans. Softw. Eng. 48, 3280\u20133296 (2022)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"1","key":"12_CR4","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artifi. Intell. Res. 16(1), 321\u2013357 (2002)","journal-title":"J. Artifi. Intell. Res."},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Croft, R., Newlands, D., Chen, Z., Babar, M.A.: An empirical study of rule-based and learning-based approaches for static application security testing. In: Proceedings of ACM\/IEEE International Symposium Empirical Software Engineering and Measurement (2021)","DOI":"10.1145\/3475716.3475781"},{"key":"12_CR6","unstructured":"DevNest: How to bypass sudo\u00a0\u2013 exploit CVE-2023-22809 vulnerability. Medium (2023). https:\/\/medium.com\/@dev.nest\/how-to-bypass-sudo-exploit-cve-2023-22809-vulnerability-296ef10a1466"},{"key":"12_CR7","unstructured":"Hassani, K., Khasahmadi, A.H.: Contrastive multi-view representation learning on graphs. In: Proceedings of International Conference on Machine Learning, pp. 4116\u20134126 (2020)"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Hin, D., Kan, A., Chen, H., Babar, M.A.: LineVD: statement-level vulnerability detection using graph neural networks. In: Proceedings of International Conference on Mining Software Repositories, pp. 596\u2013607 (2022)","DOI":"10.1145\/3524842.3527949"},{"key":"12_CR9","unstructured":"Hjelm, R.D., et al.: Learning deep representations by mutual information estimation and maximization. In: Proceedings of International Conference on Learning Representation (2019)"},{"issue":"10","key":"12_CR10","doi-asserted-by":"publisher","first-page":"409","DOI":"10.2514\/1.I010699","volume":"16","author":"MJ Hohnka","year":"2019","unstructured":"Hohnka, M.J., Miller, J.A., Dacumos, K.M., Fritton, T.J., Erdley, J.D., Long, L.N.: Evaluation of compiler-induced vulnerabilities. J. Aerospace Inform. Syst. 16(10), 409\u2013426 (2019)","journal-title":"J. Aerospace Inform. Syst."},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Hou, Z., Liu, X., Cen, Y., Dong, Y., Yang, H., Wang, C., Tang, J.: GraphMAE: self-supervised masked graph autoencoders. In: Proceedings of ACM Conference on Knowledge Discovery and Data Mining, pp. 594\u2013604 (2022)","DOI":"10.1145\/3534678.3539321"},{"issue":"1","key":"12_CR12","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1021\/jm040835a","volume":"48","author":"J Kazius","year":"2005","unstructured":"Kazius, J., McGuire, R., Bursi, R.: Derivation and validation of toxicophores for mutagenicity prediction. J. Med. Chem. 48(1), 312\u2013320 (2005)","journal-title":"J. Med. Chem."},{"key":"12_CR13","unstructured":"Kipf, T.N., Welling, M.: Variational graph auto-encoders. arXiv:1611.07308 (2016)"},{"key":"12_CR14","unstructured":"Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. In: Proceedings of International Conferen on Learning Representation (Poster) (2017)"},{"key":"12_CR15","unstructured":"Le, T., et al.: Maximal divergence sequential autoencoder for binary software vulnerability detection. In: Proceedings of International Conference on Learning Representation (2019)"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Li, X., Feng, B., Li, G., Li, T., He, M.: A vulnerability detection system based on fusion of assembly code and source code. Sec. Commun. Netw. 2021 (2021)","DOI":"10.1155\/2021\/9997641"},{"issue":"4","key":"12_CR17","doi-asserted-by":"publisher","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","volume":"19","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Chen, Z., Zhu, Y., Jin, H.: VulDeeLocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans. Dependable Sec. Comput. 19(4), 2821\u20132837 (2021)","journal-title":"IEEE Trans. Dependable Sec. Comput."},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Qi, H., Hu, J.: Vulpecker: an automated vulnerability detection system based on code similarity analysis. In: Proceedings of Annual Computer Security Applications Conference, pp. 201\u2013213 (2016)","DOI":"10.1145\/2991079.2991102"},{"issue":"4","key":"12_CR19","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Sec. Comput. 19(4), 2244\u20132258 (2021)","journal-title":"IEEE Trans. Dependable Sec. Comput."},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Li, Z., et al.: Vuldeepecker: a deep learning-based system for vulnerability detection. In: Proceedings of Annual Network & Distributed System Security Symposium (2018)","DOI":"10.14722\/ndss.2018.23158"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Lin, G., Zhang, J., Luo, W., Pan, L., Xiang, Y.: POSTER: vulnerability discovery with function representation learning from unlabeled projects. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 2539\u20132541 (2017)","DOI":"10.1145\/3133956.3138840"},{"issue":"7","key":"12_CR22","doi-asserted-by":"publisher","first-page":"3289","DOI":"10.1109\/TII.2018.2821768","volume":"14","author":"G Lin","year":"2018","unstructured":"Lin, G.: Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans. Indus. Inform. 14(7), 3289\u20133297 (2018)","journal-title":"IEEE Trans. Indus. Inform."},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Lipp, S., Banescu, S., Pretschner, A.: An empirical study on the effectiveness of static C code analyzers for vulnerability detection. In: Proceedings of ACM International Symposium on Software Testing and Analysis, pp. 544\u2013555 (2022)","DOI":"10.1145\/3533767.3534380"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"Ma, R., Jian, Z., Chen, G., Ma, K., Chen, Y.: ReJection: a AST-based reentrancy vulnerability detection method. In: Proceedings of Chinese Conference on Trusted Computing and Information Security, pp. 58\u201371 (2020)","DOI":"10.1007\/978-981-15-3418-8_5"},{"key":"12_CR25","unstructured":"Mizrahi, Y.: OpenSSH pre-auth double free CVE-2023-25136\u00a0\u2013 writeup and proof-of-concept. JFrog (2023). https:\/\/jfrog.com\/blog\/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept"},{"key":"12_CR26","unstructured":"NIST: CVSS severity distribution over time. https:\/\/nvd.nist.gov\/general\/visualizations\/vulnerability-visualizations\/cvss-severity-distribution-over-time#CVSSSeverityOverTime, (Accessed 12 Sep 2023)"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Pinconschi, E., Abreu, R., Ad\u00e3o, P.: A comparative study of automatic program repair techniques for security vulnerabilities. In: Proceedings of IEEE International Symposium on Software Reliability Engineering, pp. 196\u2013207 (2021)","DOI":"10.1109\/ISSRE52982.2021.00031"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Russell, R., et al.: klM.: Automated vulnerability detection in source code using deep representation learning. In: Proceedings of IEEE International Conference on Machine Learning and Applications, pp. 757\u2013762 (2018)","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Schlichtkrull, M., Kipf, T.N., Bloem, P., van\u00a0den Berg, R., Titov, I., Welling, M.: Modeling relational data with graph convolutional networks. In: Proceedings of European Semantic Web Conference, pp. 593\u2013607 (2018)","DOI":"10.1007\/978-3-319-93417-4_38"},{"key":"12_CR30","unstructured":"Shervashidze, N., Schweitzer, P., Leeuwen, E.J.V., Mehlhorn, K., Borgwardt, K.M.: Weisfeiler-Lehman graph kernels. J. Mach. Learn. Res. 12(9) (2011)"},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"Shimchik, N., Ignatyev, V., Belevantsev, A.: Improving accuracy and completeness of source code static taint analysis. In: Ivannikov Ispras Open Conference, pp. 61\u201368 (2021)","DOI":"10.1109\/ISPRAS53967.2021.00014"},{"key":"12_CR32","unstructured":"Sun, F.Y., Hoffmann, J., Verma, V., Tang, J.: Infograph: unsupervised and semi-supervised graph-level representation learning via mutual information maximization. In: Proceedings of International Conference on Learning Representations (2020)"},{"key":"12_CR33","unstructured":"Veli\u010dkovi\u0107, P., Cucurull, G., Casanova, A., Romero, A., Li\u00f2, P., Bengio, Y.: Graph attention networks. In: Proceedings of International Conference on Learning Representation (2017)"},{"key":"12_CR34","unstructured":"Veli\u010dkovi\u0107, P., Fedus, W., Hamilton, W.L., Li\u00f2, P., Bengio, Y., Hjelm, R.D.: Deep graph infomax. In: Proceedings of International Conference on Learning Representation (2019)"},{"key":"12_CR35","unstructured":"Xu, K., Hu, W., Leskovec, J., Jegelka, S.: How powerful are graph neural networks? In: Proceedings of International Conference on Learning Representation (2019)"},{"key":"12_CR36","unstructured":"Xu, L., Sun, F., Su, Z.: Constructing precise control flow graphs from binaries. The University of California, Davis, Tech. rep. (2009)"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceedings IEEE Symposium on Security & Privacy, pp. 590\u2013604 (2014)","DOI":"10.1109\/SP.2014.44"},{"key":"12_CR38","unstructured":"Yamaguchi, F., Lindner, F.F., Rieck, K.: Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning. In: Proceedings of USENIX Workshop Offensive Technologies, pp. 118\u2013127 (2011)"},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Yanardag, P., Vishwanathan, S.: Deep graph kernels. In: Proceedings of ACM International Conference on Knowledge Discovery and Data Mining, pp. 1365\u20131374 (2015)","DOI":"10.1145\/2783258.2783417"},{"key":"12_CR40","unstructured":"You, Y., Chen, T., Sui, Y., Chen, T., Wang, Z., Shen, Y.: Graph contrastive learning with augmentations. In: Proceedings of Conference on Neural Information Processing Systems, pp. 5812\u20135823 (2020)"},{"key":"12_CR41","unstructured":"Zhang, H., Wu, Q., Yan, J., Wipf, D., Yu, P.S.: From canonical correlation analysis to self-supervised graph neural networks. In: Proceedings of Conference on Neural Information Processing Systems, pp. 76\u201389 (2021)"},{"issue":"2","key":"12_CR42","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/s11859-019-1380-z","volume":"24","author":"M Zhou","year":"2019","unstructured":"Zhou, M., et al.: A method for software vulnerability detection based on improved control flow graph. Wuhan University J. Nat. Sci. 24(2), 149\u2013160 (2019)","journal-title":"Wuhan University J. Nat. Sci."},{"key":"12_CR43","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Proceedings of Conference on Neural Information Processing Systems, pp. 10197\u201310207 (2019)"},{"key":"12_CR44","unstructured":"Zhu, Q., Du, B., Yan, P.: Self-supervised training of graph convolutional networks. In: Proceedings of International Conference on Machine Learning, Online (2020)"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57537-2_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:04:38Z","timestamp":1713985478000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57537-2_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575365","9783031575372"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57537-2_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}