{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:22:24Z","timestamp":1774369344710,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,8,27]],"date-time":"2018-08-27T00:00:00Z","timestamp":1535328000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,8,27]]},"DOI":"10.1145\/3230833.3230856","type":"proceedings-article","created":{"date-parts":[[2018,8,13]],"date-time":"2018-08-13T12:29:48Z","timestamp":1534163388000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":39,"title":["Discovering software vulnerabilities using data-flow analysis and machine learning"],"prefix":"10.1145","author":[{"given":"Jorrit","family":"Kronjee","sequence":"first","affiliation":[{"name":"Open University of the Netherlands, Heerlen, The Netherlands"}]},{"given":"Arjen","family":"Hommersom","sequence":"additional","affiliation":[{"name":"Open University of the Netherlands, Heerlen, The Netherlands, Radboud University, Nijmegen, The Netherlands"}]},{"given":"Harald","family":"Vranken","sequence":"additional","affiliation":[{"name":"Open University of the Netherlands, Heerlen, The Netherlands, Radboud University, Nijmegen, The Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2018,8,27]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/800028.808479"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2013.50"},{"key":"e_1_3_2_1_3_1","unstructured":"Sebastian Bergmann. 2018-02-09T09:54:03Z. Phploc: A Tool for Quickly Measuring the Size of a PHP Project. https:\/\/github.com\/sebastianbergmann\/phploc  Sebastian Bergmann. 2018-02-09T09:54:03Z. Phploc: A Tool for Quickly Measuring the Size of a PHP Project. https:\/\/github.com\/sebastianbergmann\/phploc"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.111"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143844.1143874"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/Metrisec.2011.18"},{"key":"e_1_3_2_1_7_1","volume-title":"Machine learning: the art and science of algorithms that make sense of data","author":"Flach Peter","unstructured":"Peter Flach . 2012. Machine learning: the art and science of algorithms that make sense of data . Cambridge University Press . Peter Flach. 2012. Machine learning: the art and science of algorithms that make sense of data. Cambridge University Press."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3092566"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_10_1","unstructured":"Oliver Klee. 2012. Pixy Is a Scanner Static Code Analysis Tools That Scans PHP Applications for Security Vulnerabilities. https:\/\/github.com\/oliverklee\/pixy Accessed 2017-06-19.  Oliver Klee. 2012. Pixy Is a Scanner Static Code Analysis Tools That Scans PHP Applications for Security Vulnerabilities. https:\/\/github.com\/oliverklee\/pixy Accessed 2017-06-19."},{"key":"e_1_3_2_1_11_1","volume-title":"WIRECAML: Weakness Identification Research Employing CFG Analysis and Machine Learning. https:\/\/github.com\/jorkro\/wirecaml","author":"Kronjee Jorrit","year":"2018","unstructured":"Jorrit Kronjee . 2018 . WIRECAML: Weakness Identification Research Employing CFG Analysis and Machine Learning. https:\/\/github.com\/jorkro\/wirecaml Jorrit Kronjee. 2018. WIRECAML: Weakness Identification Research Employing CFG Analysis and Machine Learning. https:\/\/github.com\/jorkro\/wirecaml"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568024"},{"key":"e_1_3_2_1_13_1","unstructured":"Michal Zalewski. 2016. Technical \"Whitepaper\" for Afl-Fuzz. http:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt  Michal Zalewski. 2016. Technical \"Whitepaper\" for Afl-Fuzz. http:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt"},{"key":"e_1_3_2_1_14_1","unstructured":"MITRE. 2016. CVE - Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/  MITRE. 2016. CVE - Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/"},{"key":"e_1_3_2_1_15_1","unstructured":"MITRE. 2017. CWE - Common Weakness Enumeration. https:\/\/cwe.mitre.org\/  MITRE. 2017. CWE - Common Weakness Enumeration. https:\/\/cwe.mitre.org\/"},{"key":"e_1_3_2_1_16_1","unstructured":"MITRE. 2018. CVE - CVE-2018-6883. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6883  MITRE. 2018. CVE - CVE-2018-6883. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6883"},{"key":"e_1_3_2_1_17_1","unstructured":"Steven S. Muchnick. 1997. Advanced Compiler Design and Implementation. Morgan Kaufmann.   Steven S. Muchnick. 1997. Advanced Compiler Design and Implementation. Morgan Kaufmann."},{"key":"e_1_3_2_1_18_1","unstructured":"National Vulnerability Database. 2018. NVD - Statistics Search. https:\/\/web.nvd.nist.gov\/view\/vuln\/statistics  National Vulnerability Database. 2018. NVD - Statistics Search. https:\/\/web.nvd.nist.gov\/view\/vuln\/statistics"},{"key":"e_1_3_2_1_19_1","unstructured":"NIST. 2017. Source Code Security Analyzers - SAMATE. https:\/\/samate.nist.gov\/index.php\/Source_Code_Security_Analyzers.html Accessed 2017-07-02.  NIST. 2017. Source Code Security Analyzers - SAMATE. https:\/\/samate.nist.gov\/index.php\/Source_Code_Security_Analyzers.html Accessed 2017-07-02."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_1_21_1","volume-title":"Phply: PHP Parser Written in Python Using PLY. https:\/\/github.com\/viraptor\/phply Accessed 2017-09-10.","author":"Pitucha Stanis\u0142aw","year":"2010","unstructured":"Stanis\u0142aw Pitucha . 2010 . Phply: PHP Parser Written in Python Using PLY. https:\/\/github.com\/viraptor\/phply Accessed 2017-09-10. Stanis\u0142aw Pitucha. 2010. Phply: PHP Parser Written in Python Using PLY. https:\/\/github.com\/viraptor\/phply Accessed 2017-09-10."},{"key":"e_1_3_2_1_22_1","unstructured":"Pull Request #1 2018. Stivalet\/PHP-Vuln-Test-Suite-Generator. https:\/\/github.com\/stivalet\/PHP-Vuln-test-suite-generator\/pull\/1 Accessed 2018-03-17.  Pull Request #1 2018. Stivalet\/PHP-Vuln-Test-Suite-Generator. https:\/\/github.com\/stivalet\/PHP-Vuln-test-suite-generator\/pull\/1 Accessed 2018-03-17."},{"key":"e_1_3_2_1_23_1","unstructured":"Pull Request #2 2018. Stivalet\/PHP-Vuln-Test-Suite-Generator. https:\/\/github.com\/stivalet\/PHP-Vuln-test-suite-generator\/pull\/2 Accessed 2018-03-17.  Pull Request #2 2018. Stivalet\/PHP-Vuln-Test-Suite-Generator. https:\/\/github.com\/stivalet\/PHP-Vuln-test-suite-generator\/pull\/2 Accessed 2018-03-17."},{"key":"e_1_3_2_1_24_1","unstructured":"RIPS 2018. Free PHP Security Scanner Using Static Code Analysis. http:\/\/rips-scanner.sourceforge.net\/ Accessed 2018-03-28.  RIPS 2018. Free PHP Security Scanner Using Static Code Analysis. http:\/\/rips-scanner.sourceforge.net\/ Accessed 2018-03-28."},{"key":"e_1_3_2_1_25_1","unstructured":"RIPS Technologies 2017. RIPS - Static Code Analysis for PHP Security Vulnerabilities. https:\/\/www.ripstech.com\/ Accessed 2017-07-01.  RIPS Technologies 2017. RIPS - Static Code Analysis for PHP Security Vulnerabilities. https:\/\/www.ripstech.com\/ Accessed 2017-07-01."},{"key":"e_1_3_2_1_26_1","unstructured":"SAMATE 2018. Software Assurance Metrics And Tool Evaluation Project Main Page. https:\/\/samate.nist.gov\/Main_Page.html Accessed 2018-03-28.  SAMATE 2018. Software Assurance Metrics And Tool Evaluation Project Main Page. https:\/\/samate.nist.gov\/Main_Page.html Accessed 2018-03-28."},{"key":"e_1_3_2_1_27_1","unstructured":"Michael Scovetta. 2017. http:\/\/www.scovetta.com\/yasca.html Accessed 2017-05-17.  Michael Scovetta. 2017. http:\/\/www.scovetta.com\/yasca.html Accessed 2017-05-17."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2373377"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351733"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.04.002"},{"key":"e_1_3_2_1_31_1","volume-title":"Hee Beng Kuan Tan, and Lionel C. Briand","author":"Shar Lwin Khin","year":"2013","unstructured":"Lwin Khin Shar , Hee Beng Kuan Tan, and Lionel C. Briand . 2013 . Mining SQL Injection and Cross Site Scripting Vulnerabilities Using Hybrid Program Analysis. In Proceedings of the 2013 International Conference on Software Engineering. IEEE Press , 642--651. http:\/\/dl.acm.org\/citation.cfm?id=2486873 Lwin Khin Shar, Hee Beng Kuan Tan, and Lionel C. Briand. 2013. Mining SQL Injection and Cross Site Scripting Vulnerabilities Using Hybrid Program Analysis. In Proceedings of the 2013 International Conference on Software Engineering. IEEE Press, 642--651. http:\/\/dl.acm.org\/citation.cfm?id=2486873"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"e_1_3_2_1_33_1","unstructured":"Bertrand Stivalet. 2014. PHP-Vuln-Test-Suite-Generator: PHP Synthetic Test Cases Generator. https:\/\/github.com\/stivalet\/PHP-Vuln-test-suite-generator Accessed 2016-04-12.  Bertrand Stivalet. 2014. PHP-Vuln-Test-Suite-Generator: PHP Synthetic Test Cases Generator. https:\/\/github.com\/stivalet\/PHP-Vuln-test-suite-generator Accessed 2016-04-12."},{"key":"e_1_3_2_1_34_1","volume-title":"Large Scale Generation of Complex and Faulty PHP Test Cases. In IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, 409--415","author":"Stivalet Bertrand","year":"2016","unstructured":"Bertrand Stivalet and Elizabeth Fong . 2016 . Large Scale Generation of Complex and Faulty PHP Test Cases. In IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, 409--415 . http:\/\/ieeexplore.ieee.org\/abstract\/document\/7515499\/ Bertrand Stivalet and Elizabeth Fong. 2016. Large Scale Generation of Complex and Faulty PHP Test Cases. In IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, 409--415. http:\/\/ieeexplore.ieee.org\/abstract\/document\/7515499\/"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2014.32"},{"key":"e_1_3_2_1_36_1","volume-title":"Web Application Protection","author":"WAP","unstructured":"WAP 2018. Web Application Protection . http:\/\/awap.sourceforge.net\/ Accessed 2018-03-28. WAP 2018. Web Application Protection. http:\/\/awap.sourceforge.net\/ Accessed 2018-03-28."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/IECON.2014.7049035"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT'11)","author":"Yamaguchi Fabian","year":"2011","unstructured":"Fabian Yamaguchi , Felix Lindner , and Konrad Rieck . 2011 . Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities Using Machine Learning . In Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT'11) . USENIX Association, 13--13. Fabian Yamaguchi, Felix Lindner, and Konrad Rieck. 2011. Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities Using Machine Learning. In Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT'11). USENIX Association, 13--13."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421003"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516665"}],"event":{"name":"ARES 2018: International Conference on Availability, Reliability and Security","location":"Hamburg Germany","acronym":"ARES 2018","sponsor":["Universit\u00e4t Hamburg Universit\u00e4t Hamburg"]},"container-title":["Proceedings of the 13th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3230833.3230856","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3230833.3230856","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:07:50Z","timestamp":1750212470000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3230833.3230856"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,27]]},"references-count":42,"alternative-id":["10.1145\/3230833.3230856","10.1145\/3230833"],"URL":"https:\/\/doi.org\/10.1145\/3230833.3230856","relation":{},"subject":[],"published":{"date-parts":[[2018,8,27]]},"assertion":[{"value":"2018-08-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}