{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:22:12Z","timestamp":1757618532558,"version":"3.44.0"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031976193"},{"type":"electronic","value":"9783031976209"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97620-9_6","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:36:45Z","timestamp":1752140205000},"page":"96-117","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["CodeGrafter: Unifying Source and Binary Graphs for Robust Vulnerability Detection"],"prefix":"10.1007","author":[{"given":"Saquib","family":"Irtiza","sequence":"first","affiliation":[]},{"given":"Mahmoud","family":"Zamani","sequence":"additional","affiliation":[]},{"given":"Shamila","family":"Wickramasuriya","sequence":"additional","affiliation":[]},{"given":"Kevin W.","family":"Hamlen","sequence":"additional","affiliation":[]},{"given":"Latifur","family":"Khan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Assaiante, C., D\u2019Elia, D.C., Di\u00a0Luna, G.A., Querzoni, L.: Where did my variable go? Poking holes in incomplete debug information. In: Proceedings of an ACM International Conference Architectural Support for Programming Languages and Operating Systems, vol.\u00a02, pp. 935\u2013947 (2023)","DOI":"10.1145\/3575693.3575720"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Proceedings of International Conference Compiler Construction, pp. 5\u201323 (2004)","DOI":"10.1007\/978-3-540-24723-4_2"},{"key":"6_CR3","unstructured":"BAP: binary analysis platform. https:\/\/github.com\/BinaryAnalysisPlatform\/bap-python (2020), Accessed 19 Feb 2024"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Boudjema, E.H., Verlan, S., Mokdad, L., Faure, C.: VYPER: vulnerability detection in binary code. IEEE Secur. Priv. 3(2) (2020)","DOI":"10.1002\/spy2.100"},{"key":"6_CR5","unstructured":"Brand, M.: In-the-wild series: Android exploits. Project Zero Blog, https:\/\/googleprojectzero.blogspot.com\/2021\/01\/in-wild-series-android, January 2021"},{"key":"6_CR6","unstructured":"Brandom, R.: Google Rebuilt a Core Part of Android to Kill the Stagefright Vulnerability for Good. The Verge (2016)"},{"key":"6_CR7","unstructured":"Casinghino, C., Jamner, D., Gotovchits, I.: A formal specification for BIL: BIL instruction language. https:\/\/github.com\/BinaryAnalysisPlatform\/bil.pdf (2015)"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Chakraborty, S., Krishna, R., Ding, Y., Ray, B.: Deep learning based vulnerability detection: are we there yet. IEEE Trans. Softw. Eng. (2022)","DOI":"10.1109\/TSE.2021.3087402"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16(1) (2002)","DOI":"10.1613\/jair.953"},{"key":"6_CR10","unstructured":"CodeGrip: code review trends in 2020. https:\/\/assets.codegrip.tech\/wp-content\/uploads\/2020\/03\/17142706\/Code-Review-Trends-in-2020-By-Codegrip.pdf"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Croft, R., Newlands, D., Chen, Z., Babar, M.A.: An empirical study of rule-based and learning-based approaches for static application security testing. In: Proceedings of the ACM\/IEEE International Symposium Empirical Software Engineering and Measurement (2021)","DOI":"10.1145\/3475716.3475781"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Di\u00a0Luna, G.A., Italiano, D., Massarelli, L., \u00d6sterlund, S., Giuffrida, C., Querzoni, L.: Who\u2019s debugging the debuggers? Exposing debug information bugs in optimized binaries. In: Proceedings of an ACM International Conference Architectural Support for Programming Languages and Operating Systems, pp. 1034\u20131045 (2021)","DOI":"10.1145\/3445814.3446695"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Du, X., et al.: Leopard: identifying vulnerable code for vulnerability assessment through program metrics. In: Proceedings of International Conference Software Engineering, pp. 60\u201371 (2019)","DOI":"10.1109\/ICSE.2019.00024"},{"key":"6_CR14","unstructured":"Edgescan: 2022 vulnerability statistics report. https:\/\/www.edgescan.com\/stats-report (2022)"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. 9(3), 319\u2013349 (1987)","DOI":"10.1145\/24039.24041"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Hafkemeyer, L., Starink, J., Continella, A.: Divak: non-invasive characterization of out-of-bounds write vulnerabilities. In: Proceedings of International Conference Detection of Intrusions and Malware & Vulnerability Assessment, pp. 211\u2013232 (2023)","DOI":"10.1007\/978-3-031-35504-2_11"},{"issue":"1","key":"6_CR17","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1021\/jm040835a","volume":"48","author":"J Kazius","year":"2005","unstructured":"Kazius, J., McGuire, R., Bursi, R.: Derivation and validation of toxicophores for mutagenicity prediction. J. Med. Chem. 48(1), 312\u2013320 (2005)","journal-title":"J. Med. Chem."},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Keutzer, K., Wolf, W.: Anatomy of a hardware compiler. In: Proceedings of the ACM Conferences Programming Language Design and Implementation, pp. 95\u2013104 (1988)","DOI":"10.1145\/53990.54000"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Li, X., Feng, B., Li, G., Li, T., He, M.: A vulnerability detection system based on fusion of assembly code and source code. Secur. Comm. Netw. (2021)","DOI":"10.1155\/2021\/9997641"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Li, Y., Wang, S., Nguyen, T.N.: Vulnerability detection with fine-grained interpretations. In: Proceedings of the ACM Joint Meeting European Software Engineering Conference and Symposium Foundations Software Engineering, pp. 292\u2013303 (2021)","DOI":"10.1145\/3468264.3468597"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Qi, H., Hu, J.: Vulpecker: an automated vulnerability detection system based on code similarity analysis. In: Proceedings of the Annual Computer Security Applications Conferences, pp. 201\u2013213 (2016)","DOI":"10.1145\/2991079.2991102"},{"issue":"4","key":"6_CR22","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2022","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secure Comput. 19(4), 2244\u20132258 (2022)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Lin, G., Zhang, J., Luo, W., Pan, L., Xiang, Y.: POSTER: vulnerability discovery with function representation learning from unlabeled projects. In: Proceedings of the ACM Conferences Computer and Communications Security, pp. 2539\u20132541 (2017)","DOI":"10.1145\/3133956.3138840"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Liu, Y.A., Stoller, S.D., Li, N., Rothamel, T.: Optimizing aggregate array computations in loops. ACM Trans. Program. Lang. Syst. 27(1), 91\u2013125 (2005)","DOI":"10.1145\/1053468.1053471"},{"key":"6_CR25","unstructured":"Lu, H., Matz, M., Girkar, M., Hubi\u010dka, J., Jaeger, A., Mitchell, M.: System V application binary interface AMD64 architecture processor supplement version 1.0. AMD (2018)"},{"key":"6_CR26","unstructured":"Ming, J., Wu, D., Xiao, G., Wang, J., Liu, P.: TaintPipe: pipelined symbolic taint analysis. In: Proceedings of USENIX Security Symposium, pp. 65\u201380 (2015)"},{"key":"6_CR27","unstructured":"MITRE: common vulnerabilities and exposures. www.cve.org (2024), Accessed 19 Feb 2024"},{"key":"6_CR28","doi-asserted-by":"crossref","unstructured":"Morrison, P., Herzig, K., Murphy, B., Williams, L.: Challenges with applying vulnerability prediction models. In: Proceedings of the Symposium and Bootcamp Science of Security (2015)","DOI":"10.1145\/2746194.2746198"},{"key":"6_CR29","unstructured":"NIST: national vulnerability dataset. nvd.nist.gov (2024), Accessed 19 Feb 2024"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Pinconschi, E., Abreu, R., Ad\u00e3o, P.: A comparative study of automatic program repair techniques for security vulnerabilities. In: Proceedings of the IEEE International Symposium on Software Reliability Engineering, pp. 196\u2013207 (2021)","DOI":"10.1109\/ISSRE52982.2021.00031"},{"key":"6_CR31","unstructured":"Positive technologies: top cyberthreats on enterprise networks. https:\/\/ptsecurity.com\/upload\/corporate\/ww-en\/analytics\/Top-cyberthreats.pdf (2020)"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Rawat, S., Mounier, L.: Finding buffer overflow inducing loops in binary executables. In: Proceedings of the IEEE International Conference on Software Security and Reliability (2012)","DOI":"10.1109\/SERE.2012.30"},{"key":"6_CR33","unstructured":"Shen, D., Fang, J.: Rooting every Android. Technical Report, KEEN Security Lab (2016), blackHat Europe"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Shimchik, N.V., Ignatyev, V.N., Belevantsev, A.A.: Improving accuracy and completeness of source code static taint analysis. In: Proceedings of the Ivannikov Ispras Open Conference, pp. 61\u201368 (2021)","DOI":"10.1109\/ISPRAS53967.2021.00014"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Proceedings of the International Conference Information Systems Security (2008)","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"6_CR36","unstructured":"Sun, F.Y., Hoffmann, J., Verma, V., Tang, J.: InfoGraph: unsupervised and semi-supervised graph-level representation learning via mutual information maximization. In: Proceedings of International Conference Learning Representations (2020)"},{"key":"6_CR37","unstructured":"Synopsys: open source security risk analysis. https:\/\/synopsys.com\/software-integrity\/resources\/analyst-reports\/security.html (2024), Accessed 19 Feb 2024"},{"key":"6_CR38","unstructured":"Veli\u010dkovi\u0107, P., Fedus, W., Hamilton, W.L., Li\u00f2, P., Bengio, Y., Hjelm, R.D.: Deep graph infomax. In: Proceedings of the International Conference Learning Representations (2019)"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceeding of the IEEE Symposium on Security and Privacy, pp. 590\u2013604 (2014)","DOI":"10.1109\/SP.2014.44"},{"key":"6_CR40","unstructured":"Yang, Z., Johannesmeyer, B., Olesen, A.T., Lerner, S., Levchenko, K.: Dead store elimination (still) considered harmful. In: Proceeding of the USENIX Security Symposium (2017)"},{"key":"6_CR41","unstructured":"You, Y., Chen, T., Sui, Y., Chen, T., Wang, Z., Shen, Y.: Graph contrastive learning with augmentations. In: Proceeding of the Conference on Advances in Neural Information Processing Systems, pp. 5812\u20135823 (2020)"},{"key":"6_CR42","doi-asserted-by":"crossref","unstructured":"Zamani, M., Irtiza, S., Khan, L., Hamlen, K.W.: VulMAE: graph masked autoencoders for vulnerability detection from source and binary codes. In: Proceedings of the International Symposium on Foundations and Practice Security, pp. 191\u2013207 (2023)","DOI":"10.1007\/978-3-031-57537-2_12"},{"issue":"2","key":"6_CR43","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/s11859-019-1380-z","volume":"24","author":"M Zhou","year":"2019","unstructured":"Zhou, M., et al.: A method for software vulnerability detection based on improved control flow graph. Wuhan Univ. J. Nat. Sci. 24(2), 149\u2013160 (2019)","journal-title":"Wuhan Univ. J. Nat. Sci."},{"key":"6_CR44","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Proceedings of the Conference on Neural Information Processing Systems (2019)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97620-9_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:42:06Z","timestamp":1757209326000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97620-9_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976193","9783031976209"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97620-9_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}