{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:15:04Z","timestamp":1750220104375,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":83,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,21]],"date-time":"2022-05-21T00:00:00Z","timestamp":1653091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1916499, 1908021, 1850392, 1909856, 1916500, 2047980"],"award-info":[{"award-number":["1916499, 1908021, 1850392, 1909856, 1916500, 2047980"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,21]]},"DOI":"10.1145\/3510003.3510139","type":"proceedings-article","created":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T22:42:59Z","timestamp":1657060979000},"page":"1120-1132","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Hiding critical program components via ambiguous translation"],"prefix":"10.1145","author":[{"given":"Chijung","family":"Jung","sequence":"first","affiliation":[{"name":"University of Virginia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"An","family":"Chen","sequence":"additional","affiliation":[{"name":"University of Georgia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weihang","family":"Wang","sequence":"additional","affiliation":[{"name":"University at Buffalo"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunhui","family":"Zheng","sequence":"additional","affiliation":[{"name":"IBM Research"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kyu Hyung","family":"Lee","sequence":"additional","affiliation":[{"name":"University of Georgia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Virginia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/93548.93576"},{"key":"e_1_3_2_1_2_1","volume-title":"Hyperion: Implementation of a PE-Crypter.","author":"Ammann Christian","year":"2012","unstructured":"Christian Ammann. 2012. Hyperion: Implementation of a PE-Crypter."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.97"},{"volume-title":"Analyzing Memory Accesses in x86 Executables","author":"Balakrishnan Gogul","key":"e_1_3_2_1_4_1","unstructured":"Gogul Balakrishnan and Thomas Reps. 2004. Analyzing Memory Accesses in x86 Executables. In Compiler Construction, Evelyn Duesterwald (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 5--23."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCC.2016.7496733"},{"key":"e_1_3_2_1_7_1","unstructured":"BDLeet. 2016. GitHub - BDLeet\/public-shell: Some Public Shell. https:\/\/github.com\/BDLeet\/public-shell."},{"key":"e_1_3_2_1_8_1","unstructured":"Bart Blaze. 2019. GitHub - bartblaze\/PHP-backdoors: A collection of PHP backdoors. https:\/\/github.com\/bartblaze\/PHP-backdoors."},{"volume-title":"Botnet Detection","author":"Brumley David","key":"e_1_3_2_1_9_1","unstructured":"David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically identifying trigger-based behavior in malware. In Botnet Detection. Springer, 65--88."},{"key":"e_1_3_2_1_10_1","volume-title":"Symbolic model checking: 1020 states and beyond. Information and computation 98, 2","author":"Burch Jerry R","year":"1992","unstructured":"Jerry R Burch, Edmund M Clarke, Kenneth L McMillan, David L Dill, and Lain-Jinn Hwang. 1992. Symbolic model checking: 1020 states and beyond. Information and computation 98, 2 (1992), 142--170."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3191697.3191725"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1669112.1669162"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243771"},{"key":"e_1_3_2_1_14_1","volume-title":"Obfuscation-Resilient Executable Payload Extraction From Packed Malware. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Cheng Binlin","year":"2021","unstructured":"Binlin Cheng, Jiang Ming, Erika A Leal, Haotian Zhang, Jianming Fu, Guojun Peng, and Jean-Yves Marion. 2021. Obfuscation-Resilient Executable Payload Extraction From Packed Malware. In 30th USENIX Security Symposium (USENIX Security 21)."},{"volume-title":"LASER Summer School on Software Engineering","author":"Clarke Edmund M","key":"e_1_3_2_1_15_1","unstructured":"Edmund M Clarke, William Klieber, Milo\u0161 Nov\u00e1\u010dek, and Paolo Zuliani. 2011. Model checking and the state explosion problem. In LASER Summer School on Software Engineering. Springer, 1--30."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268962"},{"key":"e_1_3_2_1_17_1","volume-title":"RIPS-A static source code analyser for vulnerabilities in PHP scripts. Retrieved: February 28","author":"Dahse Johannes","year":"2010","unstructured":"Johannes Dahse and J\u00f6rg Schwenk. 2010. RIPS-A static source code analyser for vulnerabilities in PHP scripts. Retrieved: February 28 (2010), 2012."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/2821429.2821440"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813675"},{"key":"e_1_3_2_1_20_1","unstructured":"Derick Rethans. 2009. Variable tracing with Xdebug --- Derick Rethans. https:\/\/derickrethans.nl\/variable-tracing-with-xdebug.html."},{"key":"e_1_3_2_1_21_1","unstructured":"Derick Rethans. 2020. Xdebug - Debugger and Profiler Tool for PHP. https:\/\/xdebug.org\/."},{"key":"e_1_3_2_1_22_1","unstructured":"dwyl. 2019. A text file containing 479k English words. https:\/\/github.com\/dwyl\/english-words."},{"key":"e_1_3_2_1_23_1","unstructured":"Evi1cg. 2019. GitHub - Ridter\/Pentest. https:\/\/github.com\/Ridter\/Pentest."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345656"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44202-9_23"},{"key":"e_1_3_2_1_26_1","unstructured":"Maurice Fonk. 2019. GitHub - naneau\/php-obfuscator: an \"obfuscator\" for PSR\/OOp PHP code. https:\/\/github.com\/naneau\/php-obfuscator."},{"key":"e_1_3_2_1_27_1","unstructured":"Heilan Yvette Grimes. 2015. Eir - Static Vulnerability Detection in PHP Applications. (2015)."},{"key":"e_1_3_2_1_28_1","volume-title":"WeVerca: Web Applications Verification for PHP. In International Conference on Software Engineering and Formal Methods. Springer, 296--301","author":"Hauzar David","year":"2014","unstructured":"David Hauzar and Jan Kofro\u0148. 2014. WeVerca: Web Applications Verification for PHP. In International Conference on Software Engineering and Formal Methods. Springer, 296--301."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCC.2018.8390457"},{"key":"e_1_3_2_1_30_1","unstructured":"Imperva. 2021. Data Obfuscation. https:\/\/www.imperva.com\/learn\/data-security\/data-obfuscation\/."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34210-3_3"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERE-C.2013.36"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314399"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052674"},{"key":"e_1_3_2_1_36_1","unstructured":"Pascal Kissian. 2019. YAK Pro: Php Obfuscator. https:\/\/www.php-obfuscator.com\/."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755722"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3048848"},{"key":"e_1_3_2_1_39_1","unstructured":"Robert Lie. 2019. Simple online PHP obfuscator: encodes PHP code into random letters numbers and\/or characters. https:\/\/www.mobilefish.com\/services\/php_obfuscator\/php_obfuscator.php."},{"key":"e_1_3_2_1_40_1","volume-title":"Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem. In Network and Distributed System Security (NDSS) Symposium, NDSS","volume":"20","author":"Mantovani Alessandro","year":"2020","unstructured":"Alessandro Mantovani, Simone Aonzo, Xabier Ugarte-Pedrero, Alessio Merlo, and Davide Balzarotti. 2020. Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem. In Network and Distributed System Security (NDSS) Symposium, NDSS, Vol. 20."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2795383"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568024"},{"key":"e_1_3_2_1_43_1","unstructured":"Microsoft. 2020. Z3Prover\/z3: The Z3 Theorem Prover. https:\/\/github.com\/Z3Prover\/z3."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813617"},{"key":"e_1_3_2_1_45_1","unstructured":"Ond\u0159ej Mirtes. 2019. GitHub - phpstan\/phpstan: PHP Static Analysis Tool. https:\/\/github.com\/phpstan\/phpstan."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.23919\/APCC.2017.8303992"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363199"},{"key":"e_1_3_2_1_49_1","volume-title":"NDSS","volume":"5","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software.. In NDSS, Vol. 5. Citeseer, 3--4."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2011.6100047"},{"key":"e_1_3_2_1_51_1","unstructured":"nixawk. 2018. GitHub - nixawk\/fuzzdb: Web Fuzzing Discovery and Attack Pattern Database. https:\/\/github.com\/nixawk\/fuzzdb."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.16"},{"key":"e_1_3_2_1_53_1","unstructured":"Oswaldo Olivo. 2016. GitHub - olivo\/TaintPHP: Static Taint Analysis for PHP web applications. https:\/\/github.com\/olivo\/TaintPHP."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359812"},{"key":"e_1_3_2_1_55_1","unstructured":"OneSourceCat. 2015. GitHub - OneSourceCat\/phpvulhunter: A tool that can scan php vulnerabilities automatically using static analysis methods. https:\/\/github.com\/OneSourceCat\/phpvulhunter."},{"key":"e_1_3_2_1_56_1","volume-title":"2nd USENIX Conference on Web Application Development","volume":"13","author":"Papagiannis Ioannis","year":"2011","unstructured":"Ioannis Papagiannis, Matteo Migliavacca, and Peter Pietzuch. 2011. PHP Aspis: using partial taint tracking to protect against injection attacks. In 2nd USENIX Conference on Web Application Development, Vol. 13."},{"key":"e_1_3_2_1_57_1","volume-title":"23rd USENIX Security Symposium. 829--844","author":"Peng Fei","year":"2014","unstructured":"Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-force: force-executing binary programs for security applications. In 23rd USENIX Security Symposium. 829--844."},{"key":"e_1_3_2_1_58_1","volume-title":"PHP: Pspell Functions. https:\/\/www.php.net\/manual\/en\/ref.pspell.php.","author":"PHP.","year":"2019","unstructured":"PHP. 2019. PHP: Pspell Functions. https:\/\/www.php.net\/manual\/en\/ref.pspell.php."},{"key":"e_1_3_2_1_59_1","unstructured":"phpencoder 2021. PHP Encoder protect PHP scripts with SourceGuardian and bytecode. https:\/\/www.sourceguardian.com\/."},{"key":"e_1_3_2_1_60_1","unstructured":"Pipsomania. 2018. Best PHP Obfuscator. http:\/\/www.pipsomania.com\/best_php_obfuscator.do"},{"key":"e_1_3_2_1_61_1","volume-title":"Binary Obfuscation Using Signals. In USENIX Security Symposium. 275--290","author":"Popov Igor V","year":"2007","unstructured":"Igor V Popov, Saumya K Debray, and Gregory R Andrews. 2007. Binary Obfuscation Using Signals. In USENIX Security Symposium. 275--290."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.38"},{"key":"e_1_3_2_1_63_1","unstructured":"Dewhurst Ryan. 2011. Implementing basic static code analysis into integrated development environments (ides) to reduce software vulnerablitilies. A Report submitted in partial fulfillment of the regulations governing the award of the Degree of BSc (Honours) Ethical Hacking for Computer Security at the University of Northumbria at Newcastle 2012 (2011)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484384"},{"key":"e_1_3_2_1_65_1","unstructured":"Design Security. 2016. GitHub - designsecurity\/progpilot: A static analysis tool for security. https:\/\/github.com\/designsecurity\/progpilot."},{"key":"e_1_3_2_1_66_1","unstructured":"Monirul I Sharif Andrea Lanzi Jonathon T Giffin and Wenke Lee. 2008. Impeding Malware Analysis Using Conditional Code Obfuscation.. In NDSS."},{"key":"e_1_3_2_1_67_1","volume-title":"On Manufacturing Resilient Opaque Constructs Against Static Analysis. In European Symposium on Research in Computer Security. Springer, 39--58","author":"Sheridan Brendan","year":"2016","unstructured":"Brendan Sheridan and Micah Sherr. 2016. On Manufacturing Resilient Opaque Constructs Against Static Analysis. In European Symposium on Research in Computer Security. Springer, 39--58."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2014.169"},{"key":"e_1_3_2_1_69_1","unstructured":"themida 2021. Oreans Technologies. https:\/\/www.oreans.com\/Themida.php."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_10"},{"volume-title":"Lectures on Petri Nets I: Basic Models, Advances in Petri Nets, the Volumes Are Based on the Advanced Course on Petri Nets","author":"Valmari Antti","key":"e_1_3_2_1_71_1","unstructured":"Antti Valmari. 1998. The State Explosion Problem. In Lectures on Petri Nets I: Basic Models, Advances in Petri Nets, the Volumes Are Based on the Advanced Course on Petri Nets. Springer-Verlag, London, UK, UK, 429--528. http:\/\/dl.acm.org\/citation.cfm?id=647444.727054"},{"key":"e_1_3_2_1_72_1","unstructured":"Bart van Arnhem. 2017. GitHub - bartvanarnhem\/phpscan: Symbolic execution inspired PHP application scanner for code-path discovery. https:\/\/github.com\/bartvanarnhem\/phpscan."},{"key":"e_1_3_2_1_73_1","unstructured":"Vimeo. 2019. GitHub - vimeo\/psalm: A static analysis tool for finding errors in PHP applications. https:\/\/github.com\/vimeo\/psalm."},{"key":"e_1_3_2_1_74_1","unstructured":"VirusShare. 2019. VirusShare.com. https:\/\/virusshare.com\/."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041241"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041241"},{"key":"e_1_3_2_1_77_1","volume-title":"Program Slicing. In Proceedings of the 5th International Conference on Software Engineering","author":"Weiser Mark","year":"1981","unstructured":"Mark Weiser. 1981. Program Slicing. In Proceedings of the 5th International Conference on Software Engineering (San Diego, California, USA) (ICSE '81). IEEE Press, 439--449."},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_12"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.56"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813663"},{"key":"e_1_3_2_1_81_1","unstructured":"Quan Yang. 2019. GitHub - quanyang\/Taint-em-All: A taint analysis tool for the PHP language. https:\/\/github.com\/quanyang\/Taint-em-All."},{"key":"e_1_3_2_1_82_1","unstructured":"yodap 2021. Yoda's Protector. https:\/\/sourceforge.net\/projects\/yodap\/."},{"key":"e_1_3_2_1_83_1","unstructured":"zendguard 2021. Protect PHP Code With Zend Guard. https:\/\/www.zend.com\/products\/zend-guard."}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"],"location":"Pittsburgh Pennsylvania","acronym":"ICSE '22"},"container-title":["Proceedings of the 44th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510139","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510139","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510139","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:10:24Z","timestamp":1750183824000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510139"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,21]]},"references-count":83,"alternative-id":["10.1145\/3510003.3510139","10.1145\/3510003"],"URL":"https:\/\/doi.org\/10.1145\/3510003.3510139","relation":{},"subject":[],"published":{"date-parts":[[2022,5,21]]},"assertion":[{"value":"2022-07-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}