{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T23:17:58Z","timestamp":1771024678318,"version":"3.50.1"},"reference-count":53,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"funder":[{"DOI":"10.13039\/100004720","name":"NCR","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100004720","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179328","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"2427-2443","source":"Crossref","is-referenced-by-count":5,"title":["Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation"],"prefix":"10.1109","author":[{"given":"Xinyi","family":"Wang","sequence":"first","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]},{"given":"Cen","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University"}]},{"given":"Yeting","family":"Li","sequence":"additional","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]},{"given":"Zhiwu","family":"Xu","sequence":"additional","affiliation":[{"name":"Shenzhen University"}]},{"given":"Shuailin","family":"Huang","sequence":"additional","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]},{"given":"Yi","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University"}]},{"given":"Yican","family":"Yao","sequence":"additional","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]},{"given":"Yang","family":"Xiao","sequence":"additional","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]},{"given":"Yanyan","family":"Zou","sequence":"additional","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University"}]},{"given":"Wei","family":"Huo","sequence":"additional","affiliation":[{"name":"{CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Mastering Regular Expressions - Understand Your Data and Be More Productive: for Perl, PHP, Java, .NET, Ruby, and More","author":"Friedl","year":"2006"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ase.2019.00047"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ase.2017.8115653"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/tkde.2016.2515587"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236027"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338909"},{"key":"ref7","article-title":"Runaway Regular Expressions: Catastrophic Backtracking","author":"Goyvaerts","year":"2020"},{"key":"ref8","article-title":"Regular Expression Denial of Service - ReDoS","author":"Weidman","year":"2017"},{"key":"ref9","article-title":"Regular Expression Denial of Service (ReDoS) and Catastrophic Backtracking","author":"Kadlec","year":"2017"},{"key":"ref10","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2020.24415","article-title":"HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing","volume-title":"27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Blair"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2009.10"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/csf.2009.13"},{"key":"ref13","first-page":"29","article-title":"Denial of Service via Algorithmic Complexity Attacks","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Crosby"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/icst.2017.13"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134073"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/acsac.2006.17"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236039"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213874"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2009.5070545"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1716"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213868"},{"key":"ref22","first-page":"361","article-title":"Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Staicu"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38631-2_11"},{"key":"ref24","article-title":"Static Analysis for Regular Expression Exponential Runtime via Substructural Logics","author":"Rathnayake","year":"2014","journal-title":"CoRR"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54580-5_1"},{"key":"ref26","article-title":"Regexploit: DoS-able Regular Expressions","year":"2021"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40946-7_27"},{"key":"ref28","article-title":"Regular Expression Denial of Service Attacks and Defenses","author":"Sullivan","year":"2010"},{"key":"ref29","article-title":"New Tool: SDL Regex Fuzzer","author":"Sullivan","year":"2010"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238159"},{"key":"ref31","first-page":"4219","article-title":"Regulator: Dynamic Analysis to Detect ReDoS","volume-title":"31th USENIX Security Symposium, USENIX Security 2022","author":"McLaughlin"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00062"},{"key":"ref33","first-page":"3847","article-title":"ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection","volume-title":"30th USENIX Security Symposium, USENIX Security 2021","author":"Li"},{"key":"ref34","article-title":"Rengar Open Source"},{"key":"ref35","article-title":"ANTLR","author":"Parrm","year":"2022"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"ref37","article-title":"Rengar Website"},{"key":"ref38","article-title":"Semantics, Analysis And Security Of Backtracking Regular Expression Matchers","volume-title":"Ph.D. dissertation","author":"Rathnayake","year":"2015"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3129416.3129440"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3071178.3071196"},{"key":"ref41","first-page":"659","article-title":"FlashRegex: Deducing Anti-ReDoS Regexes from Examples","volume-title":"35th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2020","author":"Li"},{"key":"ref42","first-page":"4183","article-title":"RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix","volume-title":"31st USENIX Security Symposium, USENIX Security 2022","author":"Li"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2011.6133663"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2482767.2482791"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2007.128"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/964001.964011"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2012.11.006"},{"key":"ref48","article-title":"Rosie Pattern Language (RPL)","year":"2020"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3428286"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00032"},{"key":"ref51","article-title":"Regex class - C#","year":"2020"},{"key":"ref52","article-title":"PHP: preg_match - Manual","year":"2020"},{"key":"ref53","article-title":"PCRE - Perl Compatible Regular Expressions","year":"2020"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179328.pdf?arnumber=10179328","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:18:27Z","timestamp":1721452707000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179328\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":53,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179328","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}