{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T20:05:59Z","timestamp":1775073959347,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2019,2,14]],"date-time":"2019-02-14T00:00:00Z","timestamp":1550102400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672398"],"award-info":[{"award-number":["61672398"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["61702386"],"award-info":[{"award-number":["61702386"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Key Natural Science Foundation of Hubei Province","award":["2017CFA012"],"award-info":[{"award-number":["2017CFA012"]}]},{"name":"Major Technical Innovation Program of Hubei Province","award":["2017AAA122"],"award-info":[{"award-number":["2017AAA122"]}]},{"DOI":"10.13039\/100015783","name":"Applied Fundamental Research of Wuhan","doi-asserted-by":"crossref","award":["20160101010004"],"award-info":[{"award-number":["20160101010004"]}],"id":[{"id":"10.13039\/100015783","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1007\/s11219-018-9435-5","type":"journal-article","created":{"date-parts":[[2019,2,14]],"date-time":"2019-02-14T07:02:55Z","timestamp":1550127775000},"page":"1045-1068","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["CVSkSA: cross-architecture vulnerability search in firmware based on kNN-SVM and attributed control flow graph"],"prefix":"10.1007","volume":"27","author":[{"given":"Dongdong","family":"Zhao","sequence":"first","affiliation":[]},{"given":"Hong","family":"Lin","sequence":"additional","affiliation":[]},{"given":"Linjun","family":"Ran","sequence":"additional","affiliation":[]},{"given":"Mushuai","family":"Han","sequence":"additional","affiliation":[]},{"given":"Jing","family":"Tian","sequence":"additional","affiliation":[]},{"given":"Liping","family":"Lu","sequence":"additional","affiliation":[]},{"given":"Shengwu","family":"Xiong","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8440-4181","authenticated-orcid":false,"given":"Jianwen","family":"Xiang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,2,14]]},"reference":[{"key":"9435_CR1","doi-asserted-by":"crossref","unstructured":"Adelstein, F., Stillerman, M., Kozen, D. (2002). Malicious code detection for open firmware. In Computer security applications conference (pp. 403\u2013412). IEEE.","DOI":"10.1109\/CSAC.2002.1176312"},{"issue":"9","key":"9435_CR2","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1109\/TSE.2007.70725","volume":"33","author":"S Bellon","year":"2007","unstructured":"Bellon, S., Koschke, R., Antoniol, G., Krinke, J., Merlo, E. (2007). Comparison and evaluation of clone detection tools. IEEE Transactions on Software Engineering, 33(9), 577\u2013591.","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"12","key":"9435_CR3","doi-asserted-by":"publisher","first-page":"802","DOI":"10.1145\/362919.362945","volume":"14","author":"F Bourgeois","year":"1971","unstructured":"Bourgeois, F., & Lassalle, J.C. (1971). An extension of the munkres algorithm for the assignment problem to rectangular matrices. Communications of the ACM, 14(12), 802\u2013804.","journal-title":"Communications of the ACM"},{"key":"9435_CR4","unstructured":"Busybox v1.21. (2013). Accessed 5 Jan 2017."},{"issue":"10","key":"9435_CR5","first-page":"2288","volume":"53","author":"Q Chang","year":"2016","unstructured":"Chang, Q., Liu, Z., Wang, M., Chen, Y., Shi, Z., Sun, L. (2016). Vdns:an algorithm for cross-platform vulnerability searching in binary firmware. Journal of Computer Research & Development, 53(10), 2288\u20132298.","journal-title":"Journal of Computer Research & Development"},{"key":"9435_CR6","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Woo, M., Brumley, D., Egele, M. (2016). Towards automated dynamic analysis for linux-based embedded firmware. In Network and distributed system security symposium (pp. 1\u201316).","DOI":"10.14722\/ndss.2016.23415"},{"key":"9435_CR7","unstructured":"Choue, A. (2017). On detecting heartbleed with static analysis. Accessed 5 Sept 2017."},{"key":"9435_CR8","unstructured":"Costin, A., Zaddach, J., Francillon, A., Balzarotti, D., Antipolis, S. (2014). A large-scale analysis of the security of embedded firmwares. In USENIX Security symposium (pp. 95\u2013110)."},{"key":"9435_CR9","doi-asserted-by":"crossref","unstructured":"David, Y., & Yahav, E. (2014). Tracelet-based code search in executables. In ACM SIGPLAN Conference on programming language design & implementation (Vol. 49, pp. 349\u2013360).","DOI":"10.1145\/2666356.2594343"},{"key":"9435_CR10","unstructured":"Dd-wrt r21676. (2013). Available at \n                    http:\/\/tinyurl.com\/ddwrt-21676\n                    \n                  . Accessed 3 March 2017."},{"key":"9435_CR11","unstructured":"Dd-wrt. r21676. (2013). Available at \n                    http:\/\/tinyurl.com\/ddwrt-21676\n                    \n                  . Accessed May 2013."},{"issue":"502","key":"9435_CR12","first-page":"67","volume":"173","author":"R Diestel","year":"1997","unstructured":"Diestel, R. (1997). Graph theory. Mathematical Gazette, 173(502), 67\u2013128.","journal-title":"Mathematical Gazette"},{"key":"9435_CR13","unstructured":"Dir-600 firmware image. (2013). Available at \n                    ftp:\/\/ftp2.dlink.com\/PRODUCTS\/DIR-600\/\n                    \n                  . Accessed 3 March 2017."},{"key":"9435_CR14","unstructured":"Dir-645 firmware image. (2013). Available at \n                    ftp:\/\/ftp2.dlink.com\/PRODUCTS\/DIR-645\/\n                    \n                  . Accessed 3 March 2017."},{"key":"9435_CR15","unstructured":"Dir-815 firmware image. (2014). Available at \n                    ftp:\/\/ftp2.dlink.com\/PRODUCTS\/DIR-815\/\n                    \n                  . Accessed 3 March 2017."},{"key":"9435_CR16","unstructured":"Dir-300 firmware image. (2014). Available at \n                    ftp:\/\/ftp2.dlink.com\/PRODUCTS\/DIR-300\/\n                    \n                  . Accessed 3 March 2017."},{"key":"9435_CR17","unstructured":"Egele, M., Woo, M., Chapman, P., Brumley, D. (2014). Blanket execution: dynamic similarity testing for program binaries and components. In USENIX conference on security symposium (pp. 303\u2013307)."},{"key":"9435_CR18","unstructured":"Eschweiler, S., Yakdan, K., Gerhards-Padilla, E. (2016). discovre: Efficient cross-architecture identification of bugs in binary code. In: Network and distributed system security symposium (pp. 381\u2013396)."},{"key":"9435_CR19","unstructured":"Feldt, A., & Magazinius, R. (2010). Validity threats in empirical software engineering research - an initial survey. In International conference on software engineering & knowledge engineering (pp. 374\u2013379)."},{"key":"9435_CR20","doi-asserted-by":"crossref","unstructured":"Feng, Q., Zhou, R., Cheng, Y.C., Testa, B., Yin, H. (2016). Scalable graph-based bug search for firmware images. In ACM SIGSAC Conference on computer and communications security (pp. 480\u2013491). ACM.","DOI":"10.1145\/2976749.2978370"},{"key":"9435_CR21","doi-asserted-by":"crossref","unstructured":"Gao, D., Reiter, M., Song, D. (2008). Binhunt: automatically finding semantic differences in binary programs. In Information and communications security (pp. 238\u2013255).","DOI":"10.1007\/978-3-540-88625-9_16"},{"key":"9435_CR22","unstructured":"Guifanow, I. (2016). Fast library identification and recognition technology in ida pro, available: \n                    http:\/\/www.hex-rays.com\/idapro\/\n                    \n                  . Accessed 5 Dec 2016."},{"key":"9435_CR23","doi-asserted-by":"crossref","unstructured":"Hsu, C.C., Yang, C.Y., Yang, J.S. (2005). Associating kNN and SVM for higher classification accuracy. In Computational intelligence and security (pp. 550\u2013555).","DOI":"10.1007\/11596448_80"},{"key":"9435_CR24","doi-asserted-by":"crossref","unstructured":"Jang, J., Agrawal, A., Brumley, D. (2012). Redebug: finding unpatched code clones in entire os distributions. In Security and privacy (SP) (pp. 48\u201362). IEEE.","DOI":"10.1109\/SP.2012.13"},{"key":"9435_CR25","doi-asserted-by":"crossref","unstructured":"Jiang, L., Misherghi, G., Su, Z., Glondu, S. (2007). Deckard: scalable and accurate tree-based detection of code clones. In International conference on software engineering (pp. 96\u2013105).","DOI":"10.1109\/ICSE.2007.30"},{"key":"9435_CR26","doi-asserted-by":"crossref","unstructured":"Jin, W., Chaki, S., Cohen, C., Gurfinkel, A., Havrilla, J., Hines, C. (2012). Binary function clustering using semantic hashes. In International conference on machine learning and applications (pp. 386\u2013391). IEEE.","DOI":"10.1109\/ICMLA.2012.70"},{"issue":"7","key":"9435_CR27","doi-asserted-by":"publisher","first-page":"654","DOI":"10.1109\/TSE.2002.1019480","volume":"28","author":"T Kamiya","year":"2002","unstructured":"Kamiya, T., Kusumoto, S., Inoue, K. (2002). Ccfinder: a multilinguistic token-based code clone detection system for large scale source code. IEEE Transactions on Software Engineering, 28(7), 654\u2013670.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9435_CR28","unstructured":"Knownsec. (2017). A statistical analysis report about the back door of d-link by \n                    http:\/\/zoomeye.org.knownsec.com\n                    \n                   [eb\/ol]. Accessed 5 Sept 2017."},{"key":"9435_CR29","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C. (2012). Rozzle: de-cloaking internet malware. In Security and privacy (SP) (pp. 443\u2013457). IEEE.","DOI":"10.1109\/SP.2012.48"},{"key":"9435_CR30","doi-asserted-by":"crossref","unstructured":"Kolter, J.Z., & Maloof, M.A. (2004). Learning to detect malicious executables in the wild. In International conference on knowledge discovery and data mining (pp. 470\u2013478).","DOI":"10.1145\/1014052.1014105"},{"key":"9435_CR31","doi-asserted-by":"crossref","unstructured":"Lakhotia, A., Preda, M.D., Giacobazzi, R. (2013). Fast location of similar code fragments using semantic \u2018juice\u2019. In ACM SIGPLAN Program protection and reverse engineering workshop (pp. 1\u20136). ACM.","DOI":"10.1145\/2430553.2430558"},{"key":"9435_CR32","unstructured":"Li, Z., Lu, S., Myagmar, S., Zhou, Y. (2004). Cp-miner: a tool for finding copy-paste and related bugs in operating system code. In Symposium on opearting systems design & implementation (Vol. 4, pp. 289\u2013302)."},{"key":"9435_CR33","doi-asserted-by":"crossref","unstructured":"Lin, H., Zhao, D., Ran, L., Han, M., Tian, J, Xiang, J. (2017). Cvssa: cross-architecture vulnerability search in firmware based on support vector machine and attributed control flow graph. In The fourth international conference on dependable systems and theirs applications (DSA 2017) (pp. 35\u201341).","DOI":"10.1109\/DSA.2017.15"},{"key":"9435_CR34","unstructured":"Ming, J., Pan, M., Gao D. (2012). ibinhunt: binary hunting with inter-procedural control flow. In International conference on information security and cryptology (pp. 92\u2013109). Berlin: Springer."},{"key":"9435_CR35","doi-asserted-by":"crossref","unstructured":"Myles, G., & Collberg, C. (2005). K-gram based software birthmarks. In ACM Symposium on applied computing (pp. 314\u2013318).","DOI":"10.1145\/1066677.1066753"},{"key":"9435_CR36","unstructured":"Netgear readynas v6.1.6. (2014). Accessed 3 March 2017."},{"key":"9435_CR37","doi-asserted-by":"crossref","unstructured":"Ng, B.H., & Prakash, A. (2013). Expose: discovering potential binary code re-use. In Computer software and applications conference (pp. 492\u2013501). IEEE.","DOI":"10.1109\/COMPSAC.2013.83"},{"key":"9435_CR38","unstructured":"Open web application secutity project. (2016). \n                    https:\/\/www.owasp.org\/index.php\/owasp_internet_of_things_top_ten_project#tab=top_10_iot_vulnerabilities_282014_29\n                    \n                  . Accessed 5 Feb 2016."},{"key":"9435_CR39","unstructured":"Openssl v1.0.1.e. (2013). \n                    https:\/\/www.openssl.org\/source\/old\/1.0.1\/openssl-1.0.1e.tar.gz\n                    \n                  . Accessed 3 March 2017."},{"key":"9435_CR40","unstructured":"Openssl v1.0.1f. (2014). \n                    https:\/\/www.openssl.org\/source\/old\/1.0.1\/openssl-1.2.1.tar.gz\n                    \n                  . Accessed 5 Jan 2017."},{"key":"9435_CR41","doi-asserted-by":"crossref","unstructured":"Pewny, J., Schuster, F., Bernhard, L., Holz, T., Rossow, C. (2014). Leveraging semantic signatures for bug search in binary programs. In Computer security applications conference (pp. 406\u2013415). ACM.","DOI":"10.1145\/2664243.2664269"},{"key":"9435_CR42","unstructured":"Pewny, J., Garmany, B., Gawlik, R., Rossow, C., Holz, T. (2015). Malicious code detection for open firmware. In Security and privacy (SP) (pp. 709\u2013724). IEEE."},{"key":"9435_CR43","doi-asserted-by":"crossref","unstructured":"Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Vigna, G. (2016). Driller: augmenting fuzzing through selective symbolic execution. In Network and distributed system security symposium (pp. 1\u201316).","DOI":"10.14722\/ndss.2016.23368"},{"key":"9435_CR44","doi-asserted-by":"publisher","first-page":"588","DOI":"10.1016\/j.procs.2016.09.447","volume":"102","author":"SS Tabrizi","year":"2016","unstructured":"Tabrizi, S.S., & Cavus, N. (2016). A hybrid kNN-SVM model for iranian license plate recognition. Procedia Computer Science, 102, 588\u2013594.","journal-title":"Procedia Computer Science"},{"issue":"4","key":"9435_CR45","first-page":"1","volume":"1","author":"A Ukil","year":"2002","unstructured":"Ukil, A. (2002). Support vector machine. Computer Science, 1(4), 1\u201328.","journal-title":"Computer Science"},{"key":"9435_CR46","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Golde, N., Arp, D., Rieck, K. (2014). Modeling and discovering vulnerabilities with code property graphs. In Security and privacy (SP) (pp. 590\u2013604). IEEE.","DOI":"10.1109\/SP.2014.44"},{"key":"9435_CR47","doi-asserted-by":"crossref","unstructured":"Yusof, A.R.A., Udzir, N.I., Selamat, A. (2016). An evaluation on kNN-SVM algorithm for detection and prediction of DDoS attack. In International conference on industrial, engineering and other applications of applied intelligent systems (pp. 550\u2013555). Springer International Publishing.","DOI":"10.1007\/978-3-319-42007-3_9"},{"key":"9435_CR48","doi-asserted-by":"crossref","unstructured":"Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D. (2014). Avatar: a framework to support dynamic security analysis of embedded systems\u2019 firmwares. In Network and distributed system security symposium (pp. 1\u201316).","DOI":"10.14722\/ndss.2014.23229"},{"key":"9435_CR49","first-page":"2126","volume":"2","author":"H Zhang","year":"2006","unstructured":"Zhang, H., Berg, A.C., Maire, M., Malik, J. (2006). SVM-kNN: discriminative nearest neighbor classification for visual category recognition. CVPR2006, 2, 2126\u20132136.","journal-title":"CVPR2006"}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-018-9435-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11219-018-9435-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-018-9435-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,20]],"date-time":"2020-05-20T23:08:56Z","timestamp":1590016136000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11219-018-9435-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,14]]},"references-count":49,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,9]]}},"alternative-id":["9435"],"URL":"https:\/\/doi.org\/10.1007\/s11219-018-9435-5","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,2,14]]},"assertion":[{"value":"14 February 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}