{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T12:30:57Z","timestamp":1775478657081,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,4,19]],"date-time":"2021-04-19T00:00:00Z","timestamp":1618790400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,4,19]]},"DOI":"10.1145\/3442381.3450062","type":"proceedings-article","created":{"date-parts":[[2021,6,3]],"date-time":"2021-06-03T19:01:20Z","timestamp":1622746880000},"page":"2684-2695","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Towards a Lightweight, Hybrid Approach for Detecting DOM XSS Vulnerabilities with Machine Learning"],"prefix":"10.1145","author":[{"given":"William","family":"Melicher","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, USA"}]},{"given":"Clement","family":"Fung","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}]},{"given":"Lujo","family":"Bauer","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}]},{"given":"Limin","family":"Jia","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,6,3]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proc. USENIX Conference on Operating Systems Design and Implementation.","author":"Abadi Mart\u00edn","year":"2016","unstructured":"Mart\u00edn Abadi , Paul Barham , Jianmin Chen , Zhifeng Chen , Andy Davis , Jeffrey Dean , Matthieu Devin , Sanjay Ghemawat , Geoffrey Irving , Michael Isard , Manjunath Kudlur , Josh Levenberg , Rajat Monga , Sherry Moore , Derek\u00a0 G. Murray , Benoit Steiner , Paul Tucker , Vijay Vasudevan , Pete Warden , Martin Wicke , Yuan Yu , and Xiaoqiang Zheng . 2016 . TensorFlow: A System for Large-Scale Machine Learning . In Proc. USENIX Conference on Operating Systems Design and Implementation. Mart\u00edn Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, Manjunath Kudlur, Josh Levenberg, Rajat Monga, Sherry Moore, Derek\u00a0G. Murray, Benoit Steiner, Paul Tucker, Vijay Vasudevan, Pete Warden, Martin Wicke, Yuan Yu, and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning. In Proc. USENIX Conference on Operating Systems Design and Implementation."},{"key":"e_1_3_2_1_2_1","unstructured":"Alexa. 2017. Top sites in United States. alexa.com\/topsites\/countries\/US.  Alexa. 2017. Top sites in United States. alexa.com\/topsites\/countries\/US."},{"key":"e_1_3_2_1_3_1","volume-title":"Proc. Int\u2019l. Conference on Learning Representations.","author":"Allamanis M.","unstructured":"M. Allamanis , M. Brockschmidt , and M. Khademi . 2018. Learning to Represent Programs with Graphs . In Proc. Int\u2019l. Conference on Learning Representations. M. Allamanis, M. Brockschmidt, and M. Khademi. 2018. Learning to Represent Programs with Graphs. In Proc. Int\u2019l. Conference on Learning Representations."},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. ACM on Programming Languages(2019)","author":"Alon U.","unstructured":"U. Alon , M. Zilberstein , O. Levy , and E. Yahav . 2019. code2vec: Learning distributed representations of code . Proc. ACM on Programming Languages(2019) . U. Alon, M. Zilberstein, O. Levy, and E. Yahav. 2019. code2vec: Learning distributed representations of code. Proc. ACM on Programming Languages(2019)."},{"key":"e_1_3_2_1_5_1","volume-title":"Proc. International Conference on Computer Aided Verification.","author":"Bielik P.","unstructured":"P. Bielik , V. Raychev , and M. Vechev . 2017. Learning a static analyzer from data . In Proc. International Conference on Computer Aided Verification. P. Bielik, V. Raychev, and M. Vechev. 2017. Learning a static analyzer from data. In Proc. International Conference on Computer Aided Verification."},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. International Conference on Machine Learning.","author":"Biggio B.","unstructured":"B. Biggio , B. Nelson , and P. Laskov . 2012. Poisoning attacks against support vector machines . In Proc. International Conference on Machine Learning. B. Biggio, B. Nelson, and P. Laskov. 2012. Poisoning attacks against support vector machines. In Proc. International Conference on Machine Learning."},{"key":"e_1_3_2_1_7_1","unstructured":"K. Bijjou. 2015. Web application firewall bypassing\u2014how to defeat the blue team. OWASP open web application security project.  K. Bijjou. 2015. Web application firewall bypassing\u2014how to defeat the blue team. OWASP open web application security project."},{"key":"e_1_3_2_1_8_1","volume-title":"Proc. ACM SIGSAC Conference on Computer and Communications Security.","author":"Calzavara S.","unstructured":"S. Calzavara , A. Rabitti , and M. Bugliesi . 2016. Content security problems?: Evaluating the effectiveness of content security policy in the wild . In Proc. ACM SIGSAC Conference on Computer and Communications Security. S. Calzavara, A. Rabitti, and M. Bugliesi. 2016. Content security problems?: Evaluating the effectiveness of content security policy in the wild. In Proc. ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_9_1","unstructured":"Cenzic Inc.2014. Application vulnerability trends report. https:\/\/www.info-point-security.com\/sites\/default\/files\/cenzic-vulnerability-report-2014.pdf.  Cenzic Inc.2014. Application vulnerability trends report. https:\/\/www.info-point-security.com\/sites\/default\/files\/cenzic-vulnerability-report-2014.pdf."},{"key":"e_1_3_2_1_10_1","volume-title":"Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation.","author":"Chibotaru V.","unstructured":"V. Chibotaru , B. Bichsel , V. Raychev , and M. Vechev . 2019. Scalable taint specification inference with big code . In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation. V. Chibotaru, B. Bichsel, V. Raychev, and M. Vechev. 2019. Scalable taint specification inference with big code. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation."},{"key":"e_1_3_2_1_11_1","unstructured":"Chromium. 2010. The Chromium projects: XSS auditor. https:\/\/www.chromium.org\/developers\/design-documents\/xss-auditor.  Chromium. 2010. The Chromium projects: XSS auditor. https:\/\/www.chromium.org\/developers\/design-documents\/xss-auditor."},{"key":"e_1_3_2_1_12_1","volume-title":"Proc. USENIX Security Symposium.","author":"Curtsinger C.","unstructured":"C. Curtsinger , B. Livshits , B. Zorn , and C. Seifert . 2011. ZOZZLE: Fast and precise in-browser JavaScript malware detection . In Proc. USENIX Security Symposium. C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. 2011. ZOZZLE: Fast and precise in-browser JavaScript malware detection. In Proc. USENIX Security Symposium."},{"key":"e_1_3_2_1_13_1","unstructured":"Foundeo Inc.2018. Content Security Policy reference. https:\/\/content-security-policy.com\/.  Foundeo Inc.2018. Content Security Policy reference. https:\/\/content-security-policy.com\/."},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. International Symposium on Software Testing and Analysis.","author":"Guarnieri S.","unstructured":"S. Guarnieri , M. Pistoia , O. Tripp , J. Dolby , S. Teilhet , and R. Berg . 2011. Saving the World Wide Web from vulnerable JavaScript . In Proc. International Symposium on Software Testing and Analysis. S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. 2011. Saving the World Wide Web from vulnerable JavaScript. In Proc. International Symposium on Software Testing and Analysis."},{"key":"e_1_3_2_1_15_1","volume-title":"The Hacker-powered security report","year":"2017","unstructured":"Hackerone. 2017. The Hacker-powered security report 2017 . https:\/\/www.hackerone.com\/sites\/default\/files\/2017-06\/The%20Hacker-Powered%20Security%20Report.pdf. Hackerone. 2017. The Hacker-powered security report 2017. https:\/\/www.hackerone.com\/sites\/default\/files\/2017-06\/The%20Hacker-Powered%20Security%20Report.pdf."},{"key":"e_1_3_2_1_16_1","unstructured":"T. Hunt. 2013. Understanding XSS \u2013 input sanitisation semantics and output encoding contexts. www.troyhunt.com\/understanding-xss-input-sanitisation.  T. Hunt. 2013. Understanding XSS \u2013 input sanitisation semantics and output encoding contexts. www.troyhunt.com\/understanding-xss-input-sanitisation."},{"key":"e_1_3_2_1_17_1","unstructured":"V. Ivanov. 2016. Web application firewalls: Attacking detection logic mechanisms. Blackhat USA.  V. Ivanov. 2016. Web application firewalls: Attacking detection logic mechanisms. Blackhat USA."},{"key":"e_1_3_2_1_18_1","unstructured":"A. Janc M. Spagnuolo L. Weichselbaum and D. Ross. 2016. Reshaping web defenses with strict Content Security Policy. https:\/\/security.googleblog.com\/2016\/09\/reshaping-web-defenses-with-strict.html.  A. Janc M. Spagnuolo L. Weichselbaum and D. Ross. 2016. Reshaping web defenses with strict Content Security Policy. https:\/\/security.googleblog.com\/2016\/09\/reshaping-web-defenses-with-strict.html."},{"key":"e_1_3_2_1_19_1","unstructured":"M. Koster. 2017. The Web Robots pages. https:\/\/www.robotstxt.org\/  M. Koster. 2017. The Web Robots pages. https:\/\/www.robotstxt.org\/"},{"key":"e_1_3_2_1_20_1","unstructured":"K. Kotowicz. 2019. Trusted types help prevent cross-site scripting. https:\/\/developers.google.com\/web\/updates\/2019\/02\/trusted-types.  K. Kotowicz. 2019. Trusted types help prevent cross-site scripting. https:\/\/developers.google.com\/web\/updates\/2019\/02\/trusted-types."},{"key":"e_1_3_2_1_21_1","unstructured":"Scikit Learn. 2019. Feature Extraction. https:\/\/scikit-learn.org\/stable\/modules\/feature_extraction.html.  Scikit Learn. 2019. Feature Extraction. https:\/\/scikit-learn.org\/stable\/modules\/feature_extraction.html."},{"key":"e_1_3_2_1_22_1","volume-title":"Proc. ACM SIGSAC Conference on Computer and Communications Security.","author":"Lekies S.","unstructured":"S. Lekies , B. Stock , and M. Johns . 2013. 25 million flows later: Large-scale detection of DOM-based XSS . In Proc. ACM SIGSAC Conference on Computer and Communications Security. S. Lekies, B. Stock, and M. Johns. 2013. 25 million flows later: Large-scale detection of DOM-based XSS. In Proc. ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_23_1","volume-title":"Proc. International Conference on Learning Representations.","author":"Li Y.","unstructured":"Y. Li , R. Zemel , M. Brockschmidt , and D. Tarlow . 2016. Gated graph sequence neural networks . In Proc. International Conference on Learning Representations. Y. Li, R. Zemel, M. Brockschmidt, and D. Tarlow. 2016. Gated graph sequence neural networks. In Proc. International Conference on Learning Representations."},{"key":"e_1_3_2_1_24_1","volume-title":"Proc. Network and Distributed System Security Symposium.","author":"Li Z.","unstructured":"Z. Li , D. Zou , S. Xu , X. Ou , H. Jin , S. Wang , Z. Deng , and Y. Zhong . 2018. VulDeePecker: A deep learning-based system for vulnerability detection . In Proc. Network and Distributed System Security Symposium. Z. Li, D. Zou, S. Xu, X. Ou, H. Jin, S. Wang, Z. Deng, and Y. Zhong. 2018. VulDeePecker: A deep learning-based system for vulnerability detection. In Proc. Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_25_1","volume-title":"Proc. International World Wide Web Conference.","author":"Liang B.","unstructured":"B. Liang , M. Su , W. You , W. Shi , and G. Yang . 2016. Cracking classifiers for evasion: A case study on the Google\u2019s phishing pages filter . In Proc. International World Wide Web Conference. B. Liang, M. Su, W. You, W. Shi, and G. Yang. 2016. Cracking classifiers for evasion: A case study on the Google\u2019s phishing pages filter. In Proc. International World Wide Web Conference."},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. Network and Distributed System Security Symposium.","author":"Melicher W.","unstructured":"W. Melicher , A. Das , M. Sharif , L. Bauer , and L. Jia . 2018. Riding out DOMsday: Toward detecting and preventing DOM cross-site scripting . In Proc. Network and Distributed System Security Symposium. W. Melicher, A. Das, M. Sharif, L. Bauer, and L. Jia. 2018. Riding out DOMsday: Toward detecting and preventing DOM cross-site scripting. In Proc. Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. USENIX Security Symposium.","author":"Melicher W.","unstructured":"W. Melicher , B. Ur , S.M. Segreti , S. Komanduri , L. Bauer , N. Christin , and L.F. Cranor . 2016. Fast, lean, and accurate: Modeling password guessability using neural networks . In Proc. USENIX Security Symposium. W. Melicher, B. Ur, S.M. Segreti, S. Komanduri, L. Bauer, N. Christin, and L.F. Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proc. USENIX Security Symposium."},{"key":"e_1_3_2_1_28_1","volume-title":"Proc. AAAI Conference on Artificial Intelligence.","author":"Mou L.","unstructured":"L. Mou , G. Li , L. Zhang , T. Wang , and Z. Jin . 2016. Convolutional neural networks over tree structures for programming language processing . In Proc. AAAI Conference on Artificial Intelligence. L. Mou, G. Li, L. Zhang, T. Wang, and Z. Jin. 2016. Convolutional neural networks over tree structures for programming language processing. In Proc. AAAI Conference on Artificial Intelligence."},{"key":"e_1_3_2_1_29_1","unstructured":"Open Web Application Security Project. 2016. Web application firewall. https:\/\/www.owasp.org\/index.php\/Web_Application_Firewall.  Open Web Application Security Project. 2016. Web application firewall. https:\/\/www.owasp.org\/index.php\/Web_Application_Firewall."},{"key":"e_1_3_2_1_30_1","unstructured":"S.\u00a0Di Paola. 2011. DOMinator. https:\/\/github.com\/wisec\/DOMinator.  S.\u00a0Di Paola. 2011. DOMinator. https:\/\/github.com\/wisec\/DOMinator."},{"key":"e_1_3_2_1_31_1","volume-title":"Proc. Joint Meeting on Foundations of Software Engineering.","author":"Parameshwaran I.","unstructured":"I. Parameshwaran , E. Budianto , S. Shinde , H. Dang , A. Sadhu , and P. Saxena . 2015. DexterJS: Robust testing platform for DOM-based XSS vulnerabilities . In Proc. Joint Meeting on Foundations of Software Engineering. I. Parameshwaran, E. Budianto, S. Shinde, H. Dang, A. Sadhu, and P. Saxena. 2015. DexterJS: Robust testing platform for DOM-based XSS vulnerabilities. In Proc. Joint Meeting on Foundations of Software Engineering."},{"key":"e_1_3_2_1_32_1","unstructured":"G. Podjarny. 2017. Snyk blog: XSS attacks: The next wave. https:\/\/snyk.io\/blog\/xss-attacks-the-next-wave\/.  G. Podjarny. 2017. Snyk blog: XSS attacks: The next wave. https:\/\/snyk.io\/blog\/xss-attacks-the-next-wave\/."},{"key":"e_1_3_2_1_33_1","unstructured":"pythech\u2019s Blog. 2017. Yet another Chrome XSS auditor bypass. https:\/\/turkmenog.lu\/blog\/2017\/11\/06\/yet-another-chrome-xss-auditor-bypass\/.  pythech\u2019s Blog. 2017. Yet another Chrome XSS auditor bypass. https:\/\/turkmenog.lu\/blog\/2017\/11\/06\/yet-another-chrome-xss-auditor-bypass\/."},{"key":"e_1_3_2_1_34_1","volume-title":"Proc. USENIX Security Symposium.","author":"Ratanaworabhan P.","unstructured":"P. Ratanaworabhan , B. Livshits , and B. Zorn . 2009. NOZZLE: A defense against heap-spraying code injection attacks . In Proc. USENIX Security Symposium. P. Ratanaworabhan, B. Livshits, and B. Zorn. 2009. NOZZLE: A defense against heap-spraying code injection attacks. In Proc. USENIX Security Symposium."},{"key":"e_1_3_2_1_35_1","volume":"201","author":"Richards G.","unstructured":"G. Richards , S. Lebresne , B. Burg , and J. Vitek. 201 0. An analysis of the dynamic behavior of JavaScript programs. In ACM Sigplan Notices, Vol.\u00a045. 1\u201312. G. Richards, S. Lebresne, B. Burg, and J. Vitek. 2010. An analysis of the dynamic behavior of JavaScript programs. In ACM Sigplan Notices, Vol.\u00a045. 1\u201312.","journal-title":"J. Vitek."},{"key":"e_1_3_2_1_36_1","volume-title":"Proc. IEEE Symposium on Security and Privacy.","author":"Rndic N.","unstructured":"N. Rndic and P. Laskov . 2014. Practical evasion of a learning-based classifier: A case study . In Proc. IEEE Symposium on Security and Privacy. N. Rndic and P. Laskov. 2014. Practical evasion of a learning-based classifier: A case study. In Proc. IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_37_1","volume-title":"Proc. IEEE Symposium on Security and Privacy.","author":"She D.","unstructured":"D. She , Y. Chen , A. Shah , B. Ray , and S. Jana . 2020. Neutaint: Efficient dynamic taint analysis with neural networks . In Proc. IEEE Symposium on Security and Privacy. D. She, Y. Chen, A. Shah, B. Ray, and S. Jana. 2020. Neutaint: Efficient dynamic taint analysis with neural networks. In Proc. IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_38_1","volume-title":"Proc. USENIX Security Symposium.","author":"Stock B.","unstructured":"B. Stock , S. Lekies , T. Mueller , P. Spiegel , and M. Johns . 2014. Precise client-side protection against DOM-based cross-site scripting . In Proc. USENIX Security Symposium. B. Stock, S. Lekies, T. Mueller, P. Spiegel, and M. Johns. 2014. Precise client-side protection against DOM-based cross-site scripting. In Proc. USENIX Security Symposium."},{"key":"e_1_3_2_1_39_1","volume-title":"Proc. ACM SIGSAC Conference on Computer and Communications Security.","author":"Stock B.","unstructured":"B. Stock , S. Pfistner , B. Kaiser , S. Lekies , and M. Johns . 2015. From facepalm to brain bender: exploring client-side cross-site scripting . In Proc. ACM SIGSAC Conference on Computer and Communications Security. B. Stock, S. Pfistner, B. Kaiser, S. Lekies, and M. Johns. 2015. From facepalm to brain bender: exploring client-side cross-site scripting. In Proc. ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_40_1","unstructured":"L. Suto. 2013. Analyzing the accuracy and time costs of web application security scanners. https:\/\/www.beyondtrust.com\/assets\/documents\/bt\/Analyzing-the-Accuracy-and-Time-Costs-of-Web-Application-Security-Scanners.pdf.  L. Suto. 2013. Analyzing the accuracy and time costs of web application security scanners. https:\/\/www.beyondtrust.com\/assets\/documents\/bt\/Analyzing-the-Accuracy-and-Time-Costs-of-Web-Application-Security-Scanners.pdf."},{"key":"e_1_3_2_1_41_1","volume":"201","author":"Taly A.","unstructured":"A. Taly , \u00da. Erlingsson, J.C. Mitchell , M.S. Miller , and J. Nagra. 201 1. Automated Analysis of Security-critical JavaScript APIs. In Proc. IEEE Symposium on Security and Privacy. A. Taly, \u00da. Erlingsson, J.C. Mitchell, M.S. Miller, and J. Nagra. 2011. Automated Analysis of Security-critical JavaScript APIs. In Proc. IEEE Symposium on Security and Privacy.","journal-title":"J. Nagra."},{"key":"e_1_3_2_1_42_1","unstructured":"Tensorflow. 2020. Tensorflow Lite\u2014ML for mobile and edge devices. https:\/\/www.tensorflow.org\/lite.  Tensorflow. 2020. Tensorflow Lite\u2014ML for mobile and edge devices. https:\/\/www.tensorflow.org\/lite."},{"key":"e_1_3_2_1_43_1","volume-title":"Proc. International Symposium on Software Testing and Analysis.","author":"Tripp O.","unstructured":"O. Tripp , P. Ferrara , and M. Pistoia . 2014. Hybrid security analysis of web JavaScript code via dynamic partial evaluation . In Proc. International Symposium on Software Testing and Analysis. O. Tripp, P. Ferrara, and M. Pistoia. 2014. Hybrid security analysis of web JavaScript code via dynamic partial evaluation. In Proc. International Symposium on Software Testing and Analysis."},{"key":"e_1_3_2_1_44_1","volume-title":"Proc. ACM SIGSAC Conference on Computer and Communications Security.","author":"Tripp O.","unstructured":"O. Tripp , S. Guarnieri , M. Pistoia , and A. Aravkin . 2014. ALETHEIA: Improving the usability of static security analysis . In Proc. ACM SIGSAC Conference on Computer and Communications Security. O. Tripp, S. Guarnieri, M. Pistoia, and A. Aravkin. 2014. ALETHEIA: Improving the usability of static security analysis. In Proc. ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_45_1","volume-title":"Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation.","author":"Tripp O.","unstructured":"O. Tripp , M. Pistoia , S.J. Fink , M. Sridharan , and O. Weisman . 2009. TAJ: Effective taint analysis of web applications . In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation. O. Tripp, M. Pistoia, S.J. Fink, M. Sridharan, and O. Weisman. 2009. TAJ: Effective taint analysis of web applications. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"K. Weinberger Anirban Dasgupta John Langford Alex Smola and Josh Attenberg. 2009. Feature hashing for large scale multitask learning. (2009).  K. Weinberger Anirban Dasgupta John Langford Alex Smola and Josh Attenberg. 2009. Feature hashing for large scale multitask learning. (2009).","DOI":"10.1145\/1553374.1553516"},{"key":"e_1_3_2_1_47_1","volume-title":"Proc. USENIX Workshop on Offensive Technologies.","author":"Yamaguchi F.","unstructured":"F. Yamaguchi , F. Lindner , and K. Rieck . 2011. Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning . In Proc. USENIX Workshop on Offensive Technologies. F. Yamaguchi, F. Lindner, and K. Rieck. 2011. Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning. In Proc. USENIX Workshop on Offensive Technologies."},{"key":"e_1_3_2_1_48_1","volume-title":"Proc. IEEE Symposium on Security and Privacy.","author":"Yamaguchi F.","unstructured":"F. Yamaguchi , A. Maier , H. Gascon , and K. Rieck . 2015. Automatic inference of search patterns for taint-style vulnerabilities . In Proc. IEEE Symposium on Security and Privacy. F. Yamaguchi, A. Maier, H. Gascon, and K. Rieck. 2015. Automatic inference of search patterns for taint-style vulnerabilities. In Proc. IEEE Symposium on Security and Privacy."}],"event":{"name":"WWW '21: The Web Conference 2021","location":"Ljubljana Slovenia","acronym":"WWW '21","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the Web Conference 2021"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3442381.3450062","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3442381.3450062","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:27Z","timestamp":1750195467000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3442381.3450062"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,19]]},"references-count":48,"alternative-id":["10.1145\/3442381.3450062","10.1145\/3442381"],"URL":"https:\/\/doi.org\/10.1145\/3442381.3450062","relation":{},"subject":[],"published":{"date-parts":[[2021,4,19]]},"assertion":[{"value":"2021-06-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}