{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T21:21:44Z","timestamp":1740172904046,"version":"3.37.3"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,6,19]],"date-time":"2024-06-19T00:00:00Z","timestamp":1718755200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,6,19]],"date-time":"2024-06-19T00:00:00Z","timestamp":1718755200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-024-00517-1","type":"journal-article","created":{"date-parts":[[2024,6,19]],"date-time":"2024-06-19T10:02:59Z","timestamp":1718791379000},"page":"751-763","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Classification of return-oriented programming gadgets: a machine learning approach"],"prefix":"10.1007","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-2359-2518","authenticated-orcid":false,"given":"Pierre-Fran\u00e7ois","family":"Maillard","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3668-0047","authenticated-orcid":false,"given":"Avisek","family":"Gupta","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,6,19]]},"reference":[{"key":"517_CR1","unstructured":"Angrop, A.: https:\/\/github.com\/angr\/angrop, (2015). Accessed 30 Jan 2023"},{"key":"517_CR2","doi-asserted-by":"publisher","unstructured":"Bletsch, T., Jiang, X., Freeh, V.\u00a0W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS \u201911, pp 30\u201340, New York, NY, USA, (2011). Association for Computing Machinery. https:\/\/doi.org\/10.1145\/1966913.1966919","DOI":"10.1145\/1966913.1966919"},{"key":"517_CR3","doi-asserted-by":"crossref","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45, 5\u201332 (2001)","DOI":"10.1023\/A:1010933404324"},{"issue":"1","key":"517_CR4","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1006\/jmps.1999.1279","volume":"44","author":"MW Browne","year":"2000","unstructured":"Browne, M.W.: Cross-validation methods. J. Math. Psychol. 44(1), 108\u2013132 (2000)","journal-title":"J. Math. Psychol."},{"issue":"1","key":"517_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3054924","volume":"50","author":"N Burow","year":"2017","unstructured":"Burow, N., Carr, S.A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., Payer, M.: Control-flow integrity: precision, security, and performance. ACM Comput. Surv. (CSUR) 50(1), 1\u201333 (2017)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"517_CR6","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-020-00359-7","author":"J Carrillo-Mond\u00e9jar","year":"2020","unstructured":"Carrillo-Mond\u00e9jar, J., Castelo-G\u00f3mez, J., Rold\u00e1n-G\u00f3mez, J., Mart\u00ednez, J.: An instrumentation based algorithm for stack overflow detection. J. Comput. Virol. Hacking Tech. (2020). https:\/\/doi.org\/10.1007\/s11416-020-00359-7","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"517_CR7","unstructured":"Cheng, E.: Binary analysis and symbolic execution with angr. (2016)"},{"issue":"1","key":"517_CR8","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/TIT.1967.1053964","volume":"13","author":"T Cover","year":"1967","unstructured":"Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21\u201327 (1967)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"6","key":"517_CR9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3459665","volume":"54","author":"P Cunningham","year":"2021","unstructured":"Cunningham, P., Delany, S.J.: k-nearest neighbour classifiers-a tutorial. ACM Comput. Surv. (CSUR) 54(6), 1\u201325 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"517_CR10","unstructured":"FlowerCode DannyWei, lywang. Return flow guard. https:\/\/xlab.tencent.com\/en\/2016\/11\/02\/return-flow-guard\/, (2016). Accessed 05 Feb 2023"},{"key":"517_CR11","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/s11704-019-8208-z","volume":"14","author":"X Dong","year":"2020","unstructured":"Dong, X., Yu, Z., Cao, W., Shi, Y., Ma, Q.: A survey on ensemble learning. Front. Comput. Sci. 14, 241\u2013258 (2020)","journal-title":"Front. Comput. Sci."},{"key":"517_CR12","unstructured":"Fortra. A. https:\/\/github.com\/helpsystems\/Agafi, (2014). Accessed 30 Jan 2023"},{"key":"517_CR13","doi-asserted-by":"crossref","unstructured":"Freund, Y., Schapire, R.E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: Computational Learning Theory: Second European Conference, EuroCOLT\u201995 Barcelona, Spain, March 13\u201315, 1995 Proceedings 2, pp. 23\u201337. Springer (1995)","DOI":"10.1007\/3-540-59119-2_166"},{"issue":"3","key":"517_CR14","doi-asserted-by":"publisher","first-page":"349","DOI":"10.4310\/SII.2009.v2.n3.a8","volume":"2","author":"T Hastie","year":"2009","unstructured":"Hastie, T., Rosset, S., Zhu, J., Zou, H.: Multi-class adaboost. Stat. Interface 2(3), 349\u2013360 (2009)","journal-title":"Stat. Interface"},{"key":"517_CR15","doi-asserted-by":"crossref","unstructured":"Ho, T.K.: Random decision forests. In: Proceedings of 3rd International Conference on Document Analysis and Recognition, vol.\u00a01, pp. 278\u2013282. IEEE (1995)","DOI":"10.1109\/ICDAR.1995.598994"},{"key":"517_CR16","doi-asserted-by":"crossref","unstructured":"Huang, Z.J., Zheng, T., Liu, J.: A dynamic detective method against rop attack on arm platform. In 2012 Second International Workshop on Software Engineering for Embedded Systems (SEES), pp 51\u201357. IEEE (2012)","DOI":"10.1109\/SEES.2012.6225491"},{"key":"517_CR17","doi-asserted-by":"crossref","unstructured":"Jaloyan, G.A., Markantonakis, K., Akram, R.N., Robin, D., Mayes, K., Naccache, D.: Return-oriented programming on risc-v. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 471\u2013480 (2020)","DOI":"10.1145\/3320269.3384738"},{"key":"517_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102308","volume":"106","author":"S Jeon","year":"2021","unstructured":"Jeon, S., Kim, H.K.: Autovas: an automated vulnerability analysis system with a deep learning approach. Comput. Secur. 106, 102308 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102308","journal-title":"Comput. Secur."},{"issue":"5","key":"517_CR19","doi-asserted-by":"publisher","first-page":"1144","DOI":"10.1109\/TC.2012.269","volume":"63","author":"M Kayaalp","year":"2014","unstructured":"Kayaalp, M., Ozsoy, M., Ghazaleh, N.A., Ponomarev, D.: Efficiently securing systems from code reuse attacks. IEEE Trans. Comput. 63(5), 1144\u20131156 (2014). https:\/\/doi.org\/10.1109\/TC.2012.269","journal-title":"IEEE Trans. Comput."},{"key":"517_CR20","unstructured":"Kingma, D.P., Ba, J.: Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980, (2014)"},{"key":"517_CR21","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/s10462-011-9272-4","volume":"39","author":"SB Kotsiantis","year":"2013","unstructured":"Kotsiantis, S.B.: Decision trees: a recent overview. Artif. Intell. Rev. 39, 261\u2013283 (2013)","journal-title":"Artif. Intell. Rev."},{"key":"517_CR22","unstructured":"Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: USENIX Security Symposium, Washington, p. 2001. DC, USENIX Association (2001)"},{"key":"517_CR23","unstructured":"Le\u00a0Guernic, C., Khourbiga, F.: Taint-based return oriented programming. pp. 1\u201330 (2018)"},{"key":"517_CR24","unstructured":"Li, X., Hu, Z., Fu, Y., Chen, P., Zhu, M., Liu, P.: Ropnn: Detection of ROP payloads using deep neural networks. 07 (2018)"},{"key":"517_CR25","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.neucom.2016.12.038","volume":"234","author":"W Liu","year":"2017","unstructured":"Liu, W., Wang, Z., Liu, X., Zeng, N., Liu, Y., Alsaadi, F.E.: A survey of deep neural network architectures and their applications. Neurocomputing 234, 11\u201326 (2017)","journal-title":"Neurocomputing"},{"key":"517_CR26","doi-asserted-by":"publisher","unstructured":"Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: Aslr-guard: Stopping address space leakage for code reuse attacks. New York, NY, USA, (2015). Association for Computing Machinery. https:\/\/doi.org\/10.1145\/2810103.2813694","DOI":"10.1145\/2810103.2813694"},{"key":"517_CR27","doi-asserted-by":"publisher","first-page":"05","DOI":"10.1007\/s11416-015-0251-1","volume":"12","author":"A Miele","year":"2016","unstructured":"Miele, A.: Buffer overlow vulnerabilities in cuda: a preliminary analysis. J. Comput. Virol. Hacking Tech. 12, 05 (2016). https:\/\/doi.org\/10.1007\/s11416-015-0251-1","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"517_CR28","unstructured":"MITRE. Cve-2018-8626. https:\/\/cve.mitre.org\/, (2018). Accessed 07 Apr 2023"},{"key":"517_CR29","unstructured":"Nasrabadi, B.: Pattern Recognition and Machine Learning, vol. 4. Springer (2006)"},{"key":"517_CR30","unstructured":"Ormandy, T.: Rop tweet. https:\/\/twitter.com\/taviso\/status\/733740666920951808, (2016). Accessed 27 June 2023"},{"key":"517_CR31","unstructured":"Ormandy, T.: Rop tweet. https:\/\/twitter.com\/taviso\/status\/733740666920951808, (2016). Accessed 27 June 2023"},{"key":"517_CR32","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-023-00469-y","author":"P Pakshad","year":"2023","unstructured":"Pakshad, P., Shameli-Sendi, A., Abbasi, B.: A security vulnerability predictor based on source code metrics. J. Comput. Virol. Hacking Tech. (2023). https:\/\/doi.org\/10.1007\/s11416-023-00469-y","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"517_CR33","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In USENIX Security Symposium, pp. 447\u2013462 (2013)"},{"issue":"5","key":"517_CR34","doi-asserted-by":"publisher","first-page":"2671","DOI":"10.1007\/s00180-022-01207-6","volume":"37","author":"F Pargent","year":"2022","unstructured":"Pargent, F., Pfisterer, F., Thomas, J., Bischl, B.: Regularized target encoding outperforms traditional methods in supervised machine learning with high cardinality features. Comput. Stat. 37(5), 2671\u20132692 (2022)","journal-title":"Comput. Stat."},{"issue":"4","key":"517_CR35","first-page":"7","volume":"175","author":"K Potdar","year":"2017","unstructured":"Potdar, K., Pardawala, T.S., Pai, C.D.: A comparative study of categorical variable encoding techniques for neural network classifiers. Int. J. Comput. Appl. 175(4), 7\u20139 (2017)","journal-title":"Int. J. Comput. Appl."},{"key":"517_CR36","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377","author":"R Roemer","year":"2012","unstructured":"Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. (2012). https:\/\/doi.org\/10.1145\/2133375.2133377","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"517_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-017-0299-1","volume":"14","author":"A Sadeghi","year":"2018","unstructured":"Sadeghi, A., Niksefat, S., Rostamipour, M.: Pure-call oriented programming (pcop): chaining the gadgets using call instructions. J. Comput. Virol. Hacking Tech. 14, 1\u201318 (2018). https:\/\/doi.org\/10.1007\/s11416-017-0299-1","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"517_CR38","unstructured":"Salwan, J.: Ropgadget. https:\/\/github.com\/JonathanSalwan\/ROPgadget, (2013). Accessed 30 Jan 2023"},{"key":"517_CR39","unstructured":"Schenk, M.: Extended flow guard. https:\/\/www.offensive-security.com\/offsec\/extended-flow-guard\/, (2021). Accessed 04 Feb 2023"},{"key":"517_CR40","unstructured":"Schirra, S.: Ropper. https:\/\/github.com\/sashs\/Ropper, (2014). Accessed 30 Jan 2023"},{"key":"517_CR41","unstructured":"Shafir, Y., Ionescu, A.: Rip ROP: Cet internals in windows 20h1. https:\/\/windows-internals.com\/cet-on-windows\/, (2020). Accessed 05 Feb 2023"},{"key":"517_CR42","doi-asserted-by":"publisher","unstructured":"Stojanovski, N., Gusev, M., Gligoroski, D., Knapskog, S.J.: Bypassing data execution prevention on microsoftwindows xp sp2. In: The Second International Conference on Availability, Reliability and Security (ARES\u201907), pp. 1222\u20131226 (2007). https:\/\/doi.org\/10.1109\/ARES.2007.54","DOI":"10.1109\/ARES.2007.54"},{"key":"517_CR43","doi-asserted-by":"crossref","unstructured":"Sun, H., Cui, L., Li, L., Ding, Z., Hao, Z., Cui, J., Liu, P.: Vdsimilar: vulnerability detection based on code similarity of vulnerabilities and patches. Comput. Secur. 110, 102417 (2021)","DOI":"10.1016\/j.cose.2021.102417"},{"issue":"1","key":"517_CR44","first-page":"1558","volume":"18","author":"AJ Wyner","year":"2017","unstructured":"Wyner, A.J., Olson, M., Bleich, J., Mease, D.: Explaining the success of adaboost and random forests as interpolating classifiers. J. Mach. Learn. Res. 18(1), 1558\u20131590 (2017)","journal-title":"J. Mach. Learn. Res."},{"key":"517_CR45","volume":"65","author":"C Yuan","year":"2022","unstructured":"Yuan, C., Cai, J., Tian, D., Ma, R., Jia, X., Liu, W.: Towards time evolved malware identification using two-head neural network. J. Inf. Secur. Appl. 65, 103098 (2022)","journal-title":"J. Inf. Secur. Appl."}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-024-00517-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-024-00517-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-024-00517-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,15]],"date-time":"2024-10-15T15:12:57Z","timestamp":1729005177000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-024-00517-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,19]]},"references-count":45,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,11]]}},"alternative-id":["517"],"URL":"https:\/\/doi.org\/10.1007\/s11416-024-00517-1","relation":{},"ISSN":["2263-8733"],"issn-type":[{"type":"electronic","value":"2263-8733"}],"subject":[],"published":{"date-parts":[[2024,6,19]]},"assertion":[{"value":"27 July 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 February 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 June 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflicts of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"The submitted work has not been published elsewhere in any form or language.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate"}},{"value":"Not applicable.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}]}}