{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T12:06:34Z","timestamp":1767182794352},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642043413"},{"type":"electronic","value":"9783642043420"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04342-0_9","type":"book-chapter","created":{"date-parts":[[2009,9,28]],"date-time":"2009-09-28T23:00:22Z","timestamp":1254178822000},"page":"161-181","source":"Crossref","is-referenced-by-count":15,"title":["Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration"],"prefix":"10.1007","author":[{"given":"Juan","family":"Caballero","sequence":"first","affiliation":[]},{"given":"Zhenkai","family":"Liang","sequence":"additional","affiliation":[]},{"given":"Pongsin","family":"Poosankam","sequence":"additional","affiliation":[]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"9_CR1","unstructured":"Symantec: Internet security threat report (2008), http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Kreibich, C., Crowcroft, J.: Honeycomb - creating intrusion detection signatures using honeypots. In: Workshop on Hot Topics in Networks, Boston, MA (2003)","DOI":"10.1145\/972374.972384"},{"key":"9_CR3","unstructured":"Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: USENIX Security Symposium, San Diego, CA (2004)"},{"key":"9_CR4","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Symposium on Operating System Design and Implementation, San Francisco, CA (2004)"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy, Oakland, CA (2005)","DOI":"10.1109\/SP.2005.15"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An architecture for generating semantics-aware signatures. In: USENIX Security Symposium, Baltimore, MD (2005)","DOI":"10.21236\/ADA449063"},{"key":"9_CR7","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M.Y., Chavez, B.: Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In: IEEE Symposium on Security and Privacy, Oakland, CA (2006)"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: ACM Conference on Computer and Communications Security, Alexandria, VA (2005)","DOI":"10.1145\/1102120.1102150"},{"key":"9_CR9","unstructured":"Liang, Z., Sekar, R.: Automatic generation of buffer overflow attack signatures: An approach based on program behavior models. In: Annual Computer Security Applications Conference, Tucson, AZ (2005)"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Wang, X., Li, Z., Xu, J., Reiter, M.K., Kil, C., Choi, J.Y.: Packet vaccine: Black-box exploit detection and signature generation. In: ACM Conference on Computer and Communications Security, Alexandria, VA (2006)","DOI":"10.1145\/1180405.1180412"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: Symposium on Operating Systems Principles, Brighton, United Kingdom (2005)","DOI":"10.1145\/1095810.1095824"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards automatic generation of vulnerability-based signatures. In: IEEE Symposium on Security and Privacy, Oakland, CA (2006)","DOI":"10.1109\/SP.2006.41"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Saxena, P., Poosankam, P., McCamant, S., Song, D.: Loop-extended symbolic execution on binary programs. In: International Symposium on Software Testing and Analysis, Chicago, IL (2009)","DOI":"10.21236\/ADA538843"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Vigna, G., Robertson, W., Balzarotti, D.: Testing network-based intrusion detection signatures using mutant exploits. In: ACM Conference on Computer and Communications Security, Washington, DC (2004)","DOI":"10.1145\/1030083.1030088"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Rubin, S., Jha, S., Miller, B.P.: Automatic generation and analysis of nids attacks. In: Annual Computer Security Applications Conference, Tucson, AZ (2004)","DOI":"10.1109\/CSAC.2004.9"},{"key":"9_CR16","doi-asserted-by":"crossref","unstructured":"Brumley, D., Wang, H., Jha, S., Song, D.: Creating vulnerability signatures using weakest pre-conditions. In: Computer Security Foundations Symposium, Venice, Italy (2007)","DOI":"10.1109\/CSF.2007.17"},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Costa, M., Castro, M., Zhou, L., Zhang, L., Peinado, M.: Bouncer: Securing software by blocking bad input. In: Symposium on Operating Systems Principles, Bretton Woods, NH (2007)","DOI":"10.1145\/1294261.1294274"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Cui, W., Peinado, M., Wang, H.J., Locasto, M.: Shieldgen: Automatic data patch generation for unknown vulnerabilities with informed probing. In: IEEE Symposium on Security and Privacy, Oakland, CA (2007)","DOI":"10.1109\/SP.2007.34"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: IEEE Symposium on Security and Privacy, Oakland, CA (2008)","DOI":"10.1109\/SP.2008.17"},{"key":"9_CR20","unstructured":"A dumb patch? http:\/\/blogs.technet.com\/msrc\/archive\/2005\/10\/31\/413402.aspx"},{"key":"9_CR21","unstructured":"Common vulnerabilities and exposures (cve), http:\/\/cve.mitre.org\/cve\/"},{"key":"9_CR22","unstructured":"Wireshark, http:\/\/www.wireshark.org"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Pang, R., Paxson, V., Sommer, R., Peterson, L.: Binpac: A yacc for writing application protocol parsers. In: Internet Measurement Conference, Rio de Janeiro, Brazil (2006)","DOI":"10.1145\/1177080.1177119"},{"key":"9_CR24","unstructured":"Borisov, N., Brumley, D., Wang, H.J., Dunagan, J., Joshi, P., Guo, C.: A generic application-level protocol analyzer and its language. In: Network and Distributed System Security Symposium, San Diego, CA (2007)"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In: ACM Conference on Computer and Communications Security, Alexandria, VA (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Cui, W., Peinado, M., Chen, K., Wang, H.J., Irun-Briz, L.: Tupni: Automatic reverse engineering of input formats. In: ACM Conference on Computer and Communications Security, Alexandria, VA (2008)","DOI":"10.1145\/1455770.1455820"},{"key":"9_CR27","unstructured":"Wondracek, G., Comparetti, P.M., Kruegel, C., Kirda, E.: Automatic network protocol analysis. In: Network and Distributed System Security Symposium, San Diego, CA (2008)"},{"key":"9_CR28","unstructured":"Lin, Z., Jiang, X., Xu, D., Zhang, X.: Automatic protocol format reverse engineering through context-aware monitored execution. In: Network and Distributed System Security Symposium, San Diego, CA (2008)"},{"key":"9_CR29","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Network and Distributed System Security Symposium, San Diego, CA (2005)"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D., Engler, D.R.: Exe: Automatically generating inputs of death. In: ACM Conference on Computer and Communications Security, Alexandria, VA (2006)","DOI":"10.1145\/1180405.1180445"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Godefroid, P., Klarlund, N., Sen, K.: Dart: Directed automated random testing. In: SIGPLAN Conference on Programming Language Design and Implementation, Chicago, IL (2005)","DOI":"10.1145\/1065010.1065036"},{"key":"9_CR32","unstructured":"Godefroid, P., Levin, M.Y., Molnar, D.: Automated whitebox fuzz testing. In: Network and Distributed System Security Symposium, San Diego, CA (2008)"},{"key":"9_CR33","unstructured":"Vine, http:\/\/bitblaze.cs.berkeley.edu\/vine.html"},{"key":"9_CR34","doi-asserted-by":"crossref","unstructured":"Caballero, J., McCamant, S., Barth, A., Song, D.: Extracting models of security-sensitive operations using string-enhanced white-box exploration on binaries. Technical Report UCB\/EECS-2009-36, EECS Department, University of California, Berkeley (2009)","DOI":"10.21236\/ADA538848"},{"key":"#cr-split#-9_CR35.1","doi-asserted-by":"crossref","unstructured":"Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: International Conference on Information Systems Security, Hyderabad, India (2008);","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"#cr-split#-9_CR35.2","unstructured":"Keynote invited paper"},{"key":"9_CR36","unstructured":"Towards generating high coverage vulnerability-based signatures with protocol-level constraint-guided exploration (extended version), http:\/\/www.ece.cmu.edu\/~juanca\/papers\/fieldsig_extended.pdf"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Godefroid, P., Kiezun, A., Levin, M.Y.: Grammar-based whitebox fuzzing. In: SIGPLAN Conference on Programming Language Design and Implementation, Tucson, AZ (2008)","DOI":"10.1145\/1375581.1375607"},{"key":"9_CR38","doi-asserted-by":"crossref","unstructured":"Boonstoppel, P., Cadar, C., Engler, D.: Rwset: Attacking path explosion in constraint-based test generation. In: International Symposium on Software Testing and Analysis, Seattle, WA (2008)","DOI":"10.1007\/978-3-540-78800-3_27"},{"key":"9_CR39","doi-asserted-by":"crossref","unstructured":"Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM\u00a018(8) (1975)","DOI":"10.1145\/360933.360975"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04342-0_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,22]],"date-time":"2019-05-22T22:12:03Z","timestamp":1558563123000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04342-0_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642043413","9783642043420"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04342-0_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}