{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T17:52:37Z","timestamp":1768413157546,"version":"3.49.0"},"reference-count":74,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"NSFC","doi-asserted-by":"publisher","award":["92270204"],"award-info":[{"award-number":["92270204"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002367","name":"Youth Innovation Promotion Association Chinese Academy of Sciences","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002367","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/tifs.2023.3322319","type":"journal-article","created":{"date-parts":[[2023,10,5]],"date-time":"2023-10-05T17:41:31Z","timestamp":1696527691000},"page":"293-306","source":"Crossref","is-referenced-by-count":9,"title":["<i>AutoPwn<\/i>: Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions"],"prefix":"10.1109","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7289-1365","authenticated-orcid":false,"given":"Dandan","family":"Xu","sequence":"first","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5624-2987","authenticated-orcid":false,"given":"Kai","family":"Chen","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Miaoqian","family":"Lin","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Chaoyang","family":"Lin","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Xiaofeng","family":"Wang","sequence":"additional","affiliation":[{"name":"Luddy School of Informatics, Computing and Engineering, Indiana University Bloomington, Bloomington, IN, USA"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s10639-022-11451-4"},{"key":"ref4","volume-title":"Natural Language Processing With Python","author":"Bird","year":"2009"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"ref6","first-page":"1","article-title":"Analysis and exercises for engaging beginners in online CTF competitions for security education","volume-title":"Proc. ASE USENIX Secur. Symp.","author":"Burns"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1961296.1950396"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.52"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363230"},{"key":"ref13","first-page":"763","article-title":"Automatic heap layout manipulation for exploitation","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Heelan"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354224"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1088\/1755-1315\/252\/4\/042100"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2012.20"},{"key":"ref17","first-page":"1","article-title":"AutoCTF: Creating diverse pwnables via automated bug injection","volume-title":"Proc. WOOT","author":"Hulin"},{"key":"ref18","volume-title":"Metasploit: The Penetration Tester\u2019s Guide","author":"Kennedy","year":"2011"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103009"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65299-9_14"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3474369.3486877"},{"key":"ref22","volume-title":"A memory allocator","author":"Lea","year":"1996"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34175-6_13"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23232"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.nlp4prog-1.7"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE52982.2021.00042"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00103"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3226906"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_13"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102108"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/p14-5010"},{"key":"ref32","volume-title":"Microsoft Remote Code Execution Vulnerability Statistics: 2016\u20132017","author":"Miller","year":"2018"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1310.4546"},{"key":"ref34","first-page":"919","article-title":"Understanding the reproducibility of crowd-reported security vulnerabilities","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Mu"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN48605.2020.9207140"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254104"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3139337.3139346"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00057"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134105"},{"key":"ref40","volume-title":"Hardening ELF Binaries Using Relocation Read-Only (RELRO)","author":"Sidhpurwala","year":"2019"},{"key":"ref41","volume-title":"Deepexploit: Fully automatic penetration test tool using machine learning","author":"Takaesu","year":"2018"},{"key":"ref42","volume-title":"PaX non-executable pages design & implementation","author":"Team","year":"2003"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243847"},{"key":"ref44","first-page":"1647","article-title":"MAZE: Towards automated heap Feng shui","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Wang"},{"key":"ref45","article-title":"Identifying non-control security-critical data in program binaries with a deep neural model","author":"Wang","year":"2021","journal-title":"arXiv:2108.12071"},{"key":"ref46","first-page":"1","article-title":"Git-based CTF: A simple and effective approach to organizing in-course attack-and-defense security competition","volume-title":"Proc. USENIX Workshop Adv. Secur. Educ.","author":"Wi"},{"key":"ref47","volume-title":"Address Space Layout Randomization","year":"2023"},{"key":"ref48","volume-title":"Position-Independent Code","year":"2023"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/1251987"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00052"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_27"},{"key":"ref52","first-page":"4499","article-title":"Automated exploitable heap layout generation for heap overflows through manipulation distance-guided fuzzing","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Zhang"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_5"},{"key":"ref54","volume-title":"Binary Ninja","year":"2021"},{"key":"ref55","volume-title":"Empire","year":"2019"},{"key":"ref56","volume-title":"The GNU C Library (GLIBC)"},{"key":"ref57","volume-title":"Changelog for GLIBC 2.29","year":"2019"},{"key":"ref58","volume-title":"Shellphish\u2019s Automated Exploitation Engine, Originally Created for the Cyber Grand Challenge","year":"2021"},{"key":"ref59","volume-title":"DARPA Cyber Grand Challenge (CGC)","year":"2016"},{"key":"ref60","volume-title":"CTFtime: All About CTF","year":"2021"},{"key":"ref61","volume-title":"CTFtime: CTF Events in 2021","year":"2021"},{"key":"ref62","volume-title":"Common Vulnerabilities and Exposures","year":"2023"},{"key":"ref63","volume-title":"Exploit Database","year":"2021"},{"key":"ref64","volume-title":"CVE-2021\u20133156: Sudo Privilege Escalation Vulnerability","year":"2021"},{"key":"ref65","volume-title":"0CTF 2017: BabyHeap2017","year":"2017"},{"key":"ref66","volume-title":"ASIS CTF Quals: CaNaKMgF","year":"2017"},{"key":"ref67","volume-title":"CSAW CTF 2017: Auir","year":"2017"},{"key":"ref68","volume-title":"PicoCTF 2018: Sword","year":"2018"},{"key":"ref69","volume-title":"Balsn CTF 2019: Securenote","year":"2019"},{"key":"ref70","volume-title":"FireShell CTF 2019: Babyheap","year":"2019"},{"key":"ref71","volume-title":"HSCTF 6: Hard Heap","year":"2019"},{"key":"ref72","volume-title":"SECCON 2019 Online CTF: One","year":"2019"},{"key":"ref73","volume-title":"TJCTF 2019: House of Horror","year":"2019"},{"key":"ref74","volume-title":"TokyoWesterns CTF 5th 2019: MI","year":"2019"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/10319981\/10272603.pdf?arnumber=10272603","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,30]],"date-time":"2025-05-30T17:45:32Z","timestamp":1748627132000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10272603\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":74,"URL":"https:\/\/doi.org\/10.1109\/tifs.2023.3322319","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}