{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T17:25:12Z","timestamp":1768584312640,"version":"3.49.0"},"reference-count":45,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1109\/tdsc.2025.3619200","type":"journal-article","created":{"date-parts":[[2025,10,8]],"date-time":"2025-10-08T17:41:00Z","timestamp":1759945260000},"page":"1576-1591","source":"Crossref","is-referenced-by-count":0,"title":["Nonstandard Sinks Matter: A Comprehensive and Efficient Taint Analysis Framework for Vulnerability Detection in Embedded Firmware"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0810-0228","authenticated-orcid":false,"given":"Enzhou","family":"Song","sequence":"first","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuhao","family":"Zhao","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Can","family":"Zhang","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinyuan","family":"Zhai","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruijie","family":"Cai","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Long","family":"Liu","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qichao","family":"Yang","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1617-4561","authenticated-orcid":false,"given":"Xiaokang","family":"Yin","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-0603-4200","authenticated-orcid":false,"given":"Shengli","family":"Liu","sequence":"additional","affiliation":[{"name":"Information Engineering University, Zhengzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref2","article-title":"GitHub -angr\/angr: A powerful and user-friendly binary analysis platfom!","year":"2024"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568293"},{"key":"ref5","article-title":"Mirai botnet DDoS attack: What is the mirai botnet?","author":"Buxton","year":"2022"},{"key":"ref6","article-title":"Botnets continue exploiting CVE-2023-1389 for wide-scale spread","author":"Li","year":"2024"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559367"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598062"},{"key":"ref12","first-page":"1201","article-title":"Halucinator: Firmware re-hosting through abstraction layer emulation","volume-title":"Proc. 29th USENIX Conf. Secur. Symp.","author":"Clements","year":"2020"},{"key":"ref13","article-title":"A buffer overflow in the HTTPD daemon on TP-link TL-WR841N v10","year":"2024"},{"key":"ref14","article-title":"A command injection in the web interface of TP-link archer AX21 (AX1800)","year":"2023"},{"key":"ref15","article-title":"NVD-CVE-2022-26258","year":"2022"},{"key":"ref16","first-page":"303","article-title":"Blanket execution: Dynamic similarity testing for program binaries and components","volume-title":"Proc. 23rd USENIX Conf. Secur. Symp.","author":"Egele","year":"2014"},{"key":"ref17","first-page":"1237","article-title":"P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling","volume-title":"Proc. 29th USENIX Conf. Secur. Symp.","author":"Feng","year":"2020"},{"key":"ref18","first-page":"312","article-title":"Operation Mango: Scalable discovery of taint-style vulnerabilities in binary firmware services","volume-title":"Proc. USENIX Secur. Symp.","author":"Gibbs","year":"2024"},{"key":"ref19","first-page":"135","article-title":"Toward the analysis of embedded firmware through automated re-hosting","volume-title":"Proc. 22nd Int. Symp. Res. Attacks, Intrusions Defenses","author":"Gustafson","year":"2019"},{"key":"ref20","article-title":"The botnet cluster on the 185.244.25.0\/24","author":"Wang","year":"2019"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2009-0385"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"ref23","article-title":"Binwalk: Firmware analysis tool","year":"2021"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678785"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3623278.3624759"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23166"},{"key":"ref27","article-title":"Network analysis in Python","year":"2021"},{"key":"ref28","article-title":"Datacon 2023 Big Data security analysiscompetition"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"ref31","first-page":"1","article-title":"Building embedded systems like it\u2019s 1996","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Ruotong","year":"2022"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.21236\/ADA538843"},{"key":"ref33","first-page":"1239","article-title":"Fuzzware: Using precise MMIO modeling for effective firmware fuzzing","volume-title":"Proc. 31th USENIX Secur. Symp.","author":"Scharnowski","year":"2022"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3338507.3358616"},{"key":"ref36","first-page":"5791","article-title":"Greenhouse: Single-service rehosting of linux-based firmware binaries in user-space emulation","volume-title":"Proc. 32nd USENIX Conf. Secur. Symp.","author":"Hui","year":"2023"},{"key":"ref37","article-title":"The GAFGYT variant Vbot seen in its 31 campaigns","year":"2020"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"issue":"2","key":"ref40","first-page":"326","article-title":"Memory copy function identification technique with control flow and data flow analysis","volume":"60","author":"Yin","year":"2023","journal-title":"J. Comput. Res. Develop."},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00051"},{"key":"ref43","first-page":"7067","article-title":"Leveraging semantic relations in code and data to enhance taint analysis of embedded systems","volume-title":"Proc. 33rd USENIX Conf. Secur. Symp.","author":"Zhao","year":"2024"},{"key":"ref44","first-page":"7067","article-title":"Leveraging semantic relations in code and data to enhance taint analysis of embedded systems","volume-title":"Proc. 33rd USENIX Conf. Secur. Symp.","volume":"13","author":"Zhao","year":"2024"},{"key":"ref45","first-page":"1099","article-title":"Firm-afl: High-throughput Greybox fuzzing of IoT firmware via augmented process emulation","volume-title":"Proc. 28th USENIX Conf. Secur. Symp.","author":"Zheng","year":"2019"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11354469\/11196767.pdf?arnumber=11196767","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T05:26:46Z","timestamp":1768541206000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11196767\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1]]},"references-count":45,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3619200","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1]]}}}