{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:31:36Z","timestamp":1772724696332,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T00:00:00Z","timestamp":1636761600000},"content-version":"vor","delay-in-days":1,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-13-2-0045"],"award-info":[{"award-number":["W911NF-13-2-0045"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1652954"],"award-info":[{"award-number":["1652954"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484762","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"3384-3399","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison"],"prefix":"10.1145","author":[{"given":"Zhongjie","family":"Wang","sequence":"first","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Shitong","family":"Zhu","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Keyu","family":"Man","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Pengxiong","family":"Zhu","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Yu","family":"Hao","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Srikanth V.","family":"Krishnamurthy","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Tom","family":"La Porta","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, PA, USA"}]},{"given":"Michael J.","family":"De Lucia","sequence":"additional","affiliation":[{"name":"U.S. Army Research Laboratory, Adelphi, MD, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"e_1_3_2_2_2_1","volume-title":"Detecting and Evading Censorship-in-Depth: A Case Study of Irantextquoterights Protocol Whitelister. In 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20)","author":"Bock Kevin","year":"2020","unstructured":"Kevin Bock, Yair Fax, Kyle Reese, Jasraj Singh, and Dave Levin. 2020 a. Detecting and Evading Censorship-in-Depth: A Case Study of Irantextquoterights Protocol Whitelister. In 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20). USENIX Association. https:\/\/www.usenix.org\/conference\/foci20\/presentation\/bock"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3387514.3405889"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363189"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/390016.808445"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/1362903.1362918"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"e_1_3_2_2_9_1","volume-title":"Abhishek Vasisht Bhaskar, and Mu Zhang","author":"Carmony Curtis","year":"2016","unstructured":"Curtis Carmony, Xunchao Hu, Heng Yin, Abhishek Vasisht Bhaskar, and Mu Zhang. 2016. Extract Me If You Can: Abusing PDF Parsers in Malware Detectors.. In NDSS."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"Sze Yiu Chau Moosa Yahyazadeh Omar Chowdhury Aniket Kate and Ninghui Li. 2019. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS# 1 v1. 5 Signature Verification.. In NDSS.","DOI":"10.14722\/ndss.2019.23430"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978394"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_2_14_1","volume-title":"A Discipline of Programming","author":"Dijkstra Edsger W.","unstructured":"Edsger W. Dijkstra. 1976. A Discipline of Programming. Prentice-Hall. I--XVII, 1--217 pages."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCES.2017.8275301"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1921168.1921179"},{"key":"e_1_3_2_2_17_1","unstructured":"Inc. GitHub. 2020. Source Code and Dataset for CLAP. https:\/\/github.com\/seclab-ucr\/CLAP."},{"key":"e_1_3_2_2_18_1","volume-title":"Proceedings of the 10th Conference on USENIX Security Symposium -","volume":"10","author":"Handley Mark","year":"2001","unstructured":"Mark Handley, Vern Paxson, and Christian Kreibich. 2001. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-end Protocol Semantics. In Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10 (Washington, D.C.) (SSYM'01). USENIX Association, Berkeley, CA, USA, 9--9. http:\/\/dl.acm.org\/citation.cfm?id=1267612.1267621"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642-04694-0_6"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.15"},{"key":"e_1_3_2_2_21_1","volume-title":"Presented as part of the 3rd USENIX Workshop on Free and Open Communications on the Internet. USENIX, Washington, D.C. https:\/\/www.usenix.org\/conference\/foci13\/workshop-program\/presentation\/Khattak","author":"Khattak Sheharbano","unstructured":"Sheharbano Khattak, Mobin Javed, Philip D. Anderson, and Vern Paxson. 2013. Towards Illuminating a Censorship Monitortextquoterights Model to Facilitate Evasion. In Presented as part of the 3rd USENIX Workshop on Free and Open Communications on the Internet. USENIX, Washington, D.C. https:\/\/www.usenix.org\/conference\/foci13\/workshop-program\/presentation\/Khattak"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/800027.808444"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254088"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131376"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.41"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815422"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389--1286(99)00112--7"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.27"},{"key":"e_1_3_2_2_29_1","unstructured":"Thomas H Ptacek and Timothy N Newsham. 1998. Insertion evasion and denial of service: Eluding network intrusion detection. Technical Report. SECURE NETWORKS INC CALGARY ALBERTA."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"crossref","unstructured":"Anantha Ramaiah R Stewart and Mitesh Dalal. 2010. Improving TCP's Robustness to Blind In-Window Attacks. RFC 5961. RFC Editor. 1--19 pages. https:\/\/www.rfc-editor.org\/rfc\/rfc5961.txt","DOI":"10.17487\/rfc5961"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427662"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2003.1199327"},{"key":"e_1_3_2_2_33_1","volume-title":"Introduction to the Theory of Computation","author":"Sipser Michael","unstructured":"Michael Sipser. 1996. Introduction to the Theory of Computation 1st ed.). International Thomson Publishing, 47--48.","edition":"1"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993316.1993539"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397380"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131374"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24083"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386367.3431311"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484762","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484762","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484762","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:49:55Z","timestamp":1763498995000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484762"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":38,"alternative-id":["10.1145\/3460120.3484762","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484762","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}