{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T15:06:38Z","timestamp":1776783998616,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":63,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Air Force Research Lab Grant","award":["FA8750-15-2-0106"],"award-info":[{"award-number":["FA8750-15-2-0106"]}]},{"name":"DARPA CGC Grant","award":["FA8750-14-C-0118"],"award-info":[{"award-number":["FA8750-14-C-0118"]}]},{"name":"National Science Foundation Grant","award":["1054605"],"award-info":[{"award-number":["1054605"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978370","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"480-491","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":331,"title":["Scalable Graph-based Bug Search for Firmware Images"],"prefix":"10.1145","author":[{"given":"Qian","family":"Feng","sequence":"first","affiliation":[{"name":"Syracuse university, syracuse, NY, USA"}]},{"given":"Rundong","family":"Zhou","sequence":"additional","affiliation":[{"name":"Syracuse university, syracuse, NY, USA"}]},{"given":"Chengcheng","family":"Xu","sequence":"additional","affiliation":[{"name":"Syracuse university, syracuse, NY, USA"}]},{"given":"Yao","family":"Cheng","sequence":"additional","affiliation":[{"name":"Syracuse university, syracuse, NY, USA"}]},{"given":"Brian","family":"Testa","sequence":"additional","affiliation":[{"name":"Air Force Research Lab, Rome, NY, USA"}]},{"given":"Heng","family":"Yin","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Cybersecurity and the Internet of Things. http:\/\/www.ey.com\/Publication\/vwLUAssets\/EY-cybersecurity-and-the-internet-of-things.pdf.  Cybersecurity and the Internet of Things. http:\/\/www.ey.com\/Publication\/vwLUAssets\/EY-cybersecurity-and-the-internet-of-things.pdf."},{"key":"e_1_3_2_1_2_1","unstructured":"DDWRT ftp. http:\/\/download1.dd-wrt.com\/dd-wrtv2\/downloads\/others\/eko\/BrainSlayer-V24-preSP2\/.  DDWRT ftp. http:\/\/download1.dd-wrt.com\/dd-wrtv2\/downloads\/others\/eko\/BrainSlayer-V24-preSP2\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Industrial Utilities and Devices Where the Cyber Threat Lurks. http:\/\/www.cyactive.com\/industrial-utilities-devices-cyber-threat-lurks\/.  Industrial Utilities and Devices Where the Cyber Threat Lurks. http:\/\/www.cyactive.com\/industrial-utilities-devices-cyber-threat-lurks\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Iot when cyberattacks have physical effects. http:\/\/www.federaltimes.com\/story\/government\/solutions-ideas\/2016\/04\/08\/internet-things-when-cyberattacks-have physical-effects\/82787430\/.  Iot when cyberattacks have physical effects. http:\/\/www.federaltimes.com\/story\/government\/solutions-ideas\/2016\/04\/08\/internet-things-when-cyberattacks-have physical-effects\/82787430\/."},{"key":"e_1_3_2_1_5_1","unstructured":"mongodb. https:\/\/www.mongodb.com.  mongodb. https:\/\/www.mongodb.com."},{"key":"e_1_3_2_1_6_1","unstructured":"Nearpy. https:\/\/pypi.python.org\/pypi\/NearPy.  Nearpy. https:\/\/pypi.python.org\/pypi\/NearPy."},{"key":"e_1_3_2_1_7_1","volume-title":"ftp:\/\/ftp.dd-wrt.com\/others\/eko\/BrainSlayer-V24-preSP2\/2013\/05--27--2013-r21676\/senao-eoc5610\/linux.bin","author":"Firmware DD-WRT","year":"2013","unstructured":"DD-WRT Firmware Image r21676. ftp:\/\/ftp.dd-wrt.com\/others\/eko\/BrainSlayer-V24-preSP2\/2013\/05--27--2013-r21676\/senao-eoc5610\/linux.bin , 2013 . DD-WRT Firmware Image r21676. ftp:\/\/ftp.dd-wrt.com\/others\/eko\/BrainSlayer-V24-preSP2\/2013\/05--27--2013-r21676\/senao-eoc5610\/linux.bin, 2013."},{"key":"e_1_3_2_1_8_1","volume-title":"http:\/\/www.downloads.netgear.com\/files\/GDC\/READYNAS-100\/ReadyNASOS-6.1.6-arm.zip","author":"Firmware NAS","year":"2013","unstructured":"Ready NAS Firmware Image v6.1.6. http:\/\/www.downloads.netgear.com\/files\/GDC\/READYNAS-100\/ReadyNASOS-6.1.6-arm.zip , 2013 . ReadyNAS Firmware Image v6.1.6. http:\/\/www.downloads.netgear.com\/files\/GDC\/READYNAS-100\/ReadyNASOS-6.1.6-arm.zip, 2013."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327494"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2013.207"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/1496770.1496886"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2430553.2430557"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-8655(97)00179-7"},{"key":"e_1_3_2_1_15_1","volume-title":"Oakland","author":"Cha S. K.","year":"2015","unstructured":"S. K. Cha , M. Woo , and D. Brumley . Program-adaptive mutational fuzzing . In Oakland , 2015 . S. K. Cha, M. Woo, and D. Brumley. Program-adaptive mutational fuzzing. In Oakland, 2015."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5244\/C.25.76"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"e_1_3_2_1_18_1","volume-title":"USENIX Security","author":"Chen K.","year":"2015","unstructured":"K. Chen , P. Wang , Y. Lee , X. Wang , N. Zhang , H. Huang , W. Zou , and P. Liu . Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale . In USENIX Security , 2015 . K. Chen, P. Wang, Y. Lee, X. Wang, N. Zhang, H. Huang, W. Zou, and P. Liu. Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale. In USENIX Security, 2015."},{"key":"e_1_3_2_1_19_1","volume-title":"USENIX Security","author":"Costin A.","year":"2014","unstructured":"A. Costin , J. Zaddach , A. Francillon , and D. Balzarotti . A large-scale analysis of the security of embedded firmwares . In USENIX Security , 2014 . A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti. A large-scale analysis of the security of embedded firmwares. In USENIX Security, 2014."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594343"},{"key":"e_1_3_2_1_21_1","first-page":"1","article-title":"Graph-based comparison of executable objects (english version)","volume":"5","author":"Dullien T.","year":"2005","unstructured":"T. Dullien and R. Rolles . Graph-based comparison of executable objects (english version) . SSTIC , 5 : 1 -- 3 , 2005 . T. Dullien and R. Rolles. Graph-based comparison of executable objects (english version). SSTIC, 5:1--3, 2005.","journal-title":"SSTIC"},{"key":"e_1_3_2_1_22_1","volume-title":"USENIX Security","author":"Egele M.","year":"2014","unstructured":"M. Egele , M. Woo , P. Chapman , and D. Brumley . Blanket execution: Dynamic similarity testing for program binaries and components . In USENIX Security , 2014 . M. Egele, M. Woo, P. Chapman, and D. Brumley. Blanket execution: Dynamic similarity testing for program binaries and components. In USENIX Security, 2014."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23185"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897850"},{"key":"e_1_3_2_1_25_1","volume-title":"DIMVA","volume":"46","author":"Flake H.","year":"2004","unstructured":"H. Flake . Structural comparison of executable objects . In DIMVA , volume 46 , 2004 . H. Flake. Structural comparison of executable objects. In DIMVA, volume 46, 2004."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88625-9_16"},{"key":"e_1_3_2_1_27_1","unstructured":"J. Holcombe. Soho network equipment (technical report). https:\/\/securityevaluators.com\/knowledge\/case_studies\/routers\/soho_techreport.pdf.  J. Holcombe. Soho network equipment (technical report). https:\/\/securityevaluators.com\/knowledge\/case_studies\/routers\/soho_techreport.pdf."},{"key":"e_1_3_2_1_28_1","unstructured":"The IDA Pro Disassembler and Debugger. http:\/\/www.datarescue.com\/idabase\/.  The IDA Pro Disassembler and Debugger. http:\/\/www.datarescue.com\/idabase\/."},{"key":"e_1_3_2_1_29_1","volume-title":"Oakland","author":"Jang J.","year":"2012","unstructured":"J. Jang , A. Agrawal , and D. Brumley . Redebug: finding unpatched code clones in entire os distributions . In Oakland , 2012 . J. Jang, A. Agrawal, and D. Brumley. Redebug: finding unpatched code clones in entire os distributions. In Oakland, 2012."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2578726.2578764"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2578726.2578739"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2671188.2749399"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2002.1019480"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/2487085.2487147"},{"key":"e_1_3_2_1_35_1","first-page":"289","volume-title":"OSDI","volume":"4","author":"Li Z.","year":"2004","unstructured":"Z. Li , S. Lu , S. Myagmar , and Y. Zhou . Cp-miner: A tool for finding copy-paste and related bugs in operating system code . In OSDI , volume 4 , pages 289 -- 302 , 2004 . Z. Li, S. Lu, S. Myagmar, and Y. Zhou. Cp-miner: A tool for finding copy-paste and related bugs in operating system code. In OSDI, volume 4, pages 289--302, 2004."},{"key":"e_1_3_2_1_36_1","volume-title":"ICML","author":"Liu W.","year":"2011","unstructured":"W. Liu , J. Wang , S. Kumar , and S.-F. Chang . Hashing with graphs . In ICML , 2011 . W. Liu, J. Wang, S. Kumar, and S.-F. Chang. Hashing with graphs. In ICML, 2011."},{"key":"e_1_3_2_1_37_1","unstructured":"McCabe. More Complex = Less Secure. Miss a Test Path and You Could Get Hacked. http:\/\/www.mccabe.com\/sqe\/books.htm 2012.  McCabe. More Complex = Less Secure. Miss a Test Path and You Could Get Hacked. http:\/\/www.mccabe.com\/sqe\/books.htm 2012."},{"key":"e_1_3_2_1_38_1","volume-title":"the workshop on learning for text categorization","author":"McCallum A.","year":"1998","unstructured":"A. McCallum , K. Nigam , A comparison of event models for naive bayes text classification . In the workshop on learning for text categorization , 1998 . A. McCallum, K. Nigam, et al. A comparison of event models for naive bayes text classification. In the workshop on learning for text categorization, 1998."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37682-5_8"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/26.4.354"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066677.1066753"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1093\/acprof:oso\/9780199206650.001.0001"},{"key":"e_1_3_2_1_43_1","volume-title":"On spectral clustering: Analysis and an algorithm. Advances in neural information processing systems, 2:849--856","author":"Ng A. Y.","year":"2002","unstructured":"A. Y. Ng , M. I. Jordan , Y. Weiss , On spectral clustering: Analysis and an algorithm. Advances in neural information processing systems, 2:849--856 , 2002 . A. Y. Ng, M. I. Jordan, Y. Weiss, et al. On spectral clustering: Analysis and an algorithm. Advances in neural information processing systems, 2:849--856, 2002."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"e_1_3_2_1_45_1","volume-title":"Oakland","author":"Pewny J.","year":"2015","unstructured":"J. Pewny , B. Garmany , R. Gawlik , C. Rossow , and T. Holz . Cross-architecture bug search in binary executables . In Oakland , 2015 . J. Pewny, B. Garmany, R. Gawlik, C. Rossow, and T. Holz. Cross-architecture bug search in binary executables. In Oakland, 2015."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664269"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/967900.968151"},{"key":"e_1_3_2_1_48_1","volume-title":"USENIX Security","author":"Rebert A.","year":"2014","unstructured":"A. Rebert , S. K. Cha , T. Avgerinos , J. Foote , D. Warren , G. Grieco , and D. Brumley . Optimizing seed selection for fuzzing . In USENIX Security , 2014 . A. Rebert, S. K. Cha, T. Avgerinos, J. Foote, D. Warren, G. Grieco, and D. Brumley. Optimizing seed selection for fuzzing. In USENIX Security, 2014."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.imavis.2008.04.004"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btt662"},{"key":"e_1_3_2_1_51_1","volume-title":"USENIX Security","author":"Shin E. C. R.","year":"2015","unstructured":"E. C. R. Shin , D. Song , and R. Moazzezi . Recognizing functions in binaries with neural networks . In USENIX Security , 2015 . E. C. R. Shin, D. Song, and R. Moazzezi. Recognizing functions in binaries with neural networks. In USENIX Security, 2015."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/946247.946751"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.914237"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_1_56_1","first-page":"54","article-title":"A c+ library of genetic algorithm components. Mechanical Engineering Department","volume":"87","author":"Wall M.","year":"1996","unstructured":"M. Wall . Galib : A c+ library of genetic algorithm components. Mechanical Engineering Department , Massachusetts Institute of Technology , 87 : 54 , 1996 . M. Wall. Galib: A c+ library of genetic algorithm components. Mechanical Engineering Department, Massachusetts Institute of Technology, 87:54, 1996.","journal-title":"Massachusetts Institute of Technology"},{"key":"e_1_3_2_1_57_1","first-page":"194","volume-title":"VLDB","volume":"98","author":"Weber R.","year":"1998","unstructured":"R. Weber , H.-J. Schek , and S. Blott . A quantitative analysis and performance study for similarity-search methods in high-dimensional spaces . In VLDB , volume 98 , pages 194 -- 205 , 1998 . R. Weber, H.-J. Schek, and S. Blott. A quantitative analysis and performance study for similarity-search methods in high-dimensional spaces. In VLDB, volume 98, pages 194--205, 1998."},{"key":"e_1_3_2_1_58_1","volume-title":"Oakland","author":"Yamaguchi F.","year":"2015","unstructured":"F. Yamaguchi , A. Maier , H. Gascon , and K. Rieck . Automatic inference of search patterns for taint-style vulnerabilities . In Oakland , 2015 . F. Yamaguchi, A. Maier, H. Gascon, and K. Rieck. Automatic inference of search patterns for taint-style vulnerabilities. In Oakland, 2015."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1290082.1290111"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2671188.2749398"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813669"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978370","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978370","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:40:14Z","timestamp":1750218014000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978370"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":63,"alternative-id":["10.1145\/2976749.2978370","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978370","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}