{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,6]],"date-time":"2025-08-06T12:08:18Z","timestamp":1754482098367,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3559337","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"2071-2084","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Acquirer"],"prefix":"10.1145","author":[{"given":"Yinxi","family":"Liu","sequence":"first","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong SAR, China"}]},{"given":"Wei","family":"Meng","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong SAR, China"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2017. Tool for algorithmic complexity analysis based on symbolic execution. https:\/\/github.com\/isstac\/spf-wca.  2017. Tool for algorithmic complexity analysis based on symbolic execution. https:\/\/github.com\/isstac\/spf-wca."},{"key":"e_1_3_2_1_2_1","unstructured":"2018. Badger: complexity analysis with fuzzing and symbolic execution. https: \/\/github.com\/isstac\/badger.  2018. Badger: complexity analysis with fuzzing and symbolic execution. https: \/\/github.com\/isstac\/badger."},{"key":"e_1_3_2_1_3_1","unstructured":"2018. Pattern Fuzzing for Worst-Case Algorithmic Complexity. https:\/\/github. com\/MrVPlusOne\/Singularity  2018. Pattern Fuzzing for Worst-Case Algorithmic Complexity. https:\/\/github. com\/MrVPlusOne\/Singularity"},{"volume-title":"Data Privacy Management, and Security Assurance","author":"Altmeier Christian","key":"e_1_3_2_1_4_1","unstructured":"Christian Altmeier , Christian Mainka , Juraj Somorovsky , and J\u00f6rg Schwenk . 2015. Adidos--adaptive and intelligent fully-automatic detection of denial-of-service weaknesses in web services . In Data Privacy Management, and Security Assurance . Springer , 65--80. Christian Altmeier, Christian Mainka, Juraj Somorovsky, and J\u00f6rg Schwenk. 2015. Adidos--adaptive and intelligent fully-automatic detection of denial-of-service weaknesses in web services. In Data Privacy Management, and Security Assurance. Springer, 65--80."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568293"},{"key":"e_1_3_2_1_6_1","volume-title":"2017 24th Asia-Pacific Software Engineering Conference (APSEC). IEEE, 249--258","author":"Awadhutkar Payas","year":"2017","unstructured":"Payas Awadhutkar , Ganesh Ram Santhanam , Benjamin Holland , and Suresh Kothari . 2017 . Intelligence amplifying loop characterizations for detecting algorithmic complexity vulnerabilities . In 2017 24th Asia-Pacific Software Engineering Conference (APSEC). IEEE, 249--258 . Payas Awadhutkar, Ganesh Ram Santhanam, Benjamin Holland, and Suresh Kothari. 2017. Intelligence amplifying loop characterizations for detecting algorithmic complexity vulnerabilities. In 2017 24th Asia-Pacific Software Engineering Conference (APSEC). IEEE, 249--258."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3341177"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24415"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/2535461.2535486"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070545"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455518.1455522"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.13"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884843"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 12th USENIX Security Symposium (Security)","author":"Crosby Scott A","year":"2003","unstructured":"Scott A Crosby and Dan S Wallach . 2003 . Denial of Service via Algorithmic Complexity Attacks .. In Proceedings of the 12th USENIX Security Symposium (Security) . Washington, DC. Scott A Crosby and Dan S Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks.. In Proceedings of the 12th USENIX Security Symposium (Security). Washington, DC."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46586-9_7"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236027"},{"key":"e_1_3_2_1_17_1","volume-title":"31st European Conference on Object-Oriented Programming (ECOOP","author":"Dietrich Jens","year":"2017","unstructured":"Jens Dietrich , Kamil Jezek , Shawn Rasheed , Amjed Tahir , and Alex Potanin . 2017 . Evil pickles: DoS attacks based on object-graph engineering . In 31st European Conference on Object-Oriented Programming (ECOOP 2017). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik. Jens Dietrich, Kamil Jezek, Shawn Rasheed, Amjed Tahir, and Alex Potanin. 2017. Evil pickles: DoS attacks based on object-graph engineering. In 31st European Conference on Object-Oriented Programming (ECOOP 2017). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik."},{"key":"e_1_3_2_1_18_1","volume-title":"13th USENIX Workshop on Offensive Technologies (WOOT 19)","author":"Fifield David","year":"2019","unstructured":"David Fifield . 2019 . A better zip bomb . In 13th USENIX Workshop on Offensive Technologies (WOOT 19) . David Fifield. 2019. A better zip bomb. In 13th USENIX Workshop on Offensive Technologies (WOOT 19)."},{"key":"e_1_3_2_1_19_1","volume-title":"Complexity-based denial-of-service attacks on mobile code systems. INSTITUT FUR INFORMATIK UND PRAKTISCHE MATHEMATIK","author":"Gal Andreas","year":"2005","unstructured":"Andreas Gal , Christian W Probst , and Michael Franz . 2005. Complexity-based denial-of-service attacks on mobile code systems. INSTITUT FUR INFORMATIK UND PRAKTISCHE MATHEMATIK ( 2005 ), 1--10. Andreas Gal, Christian W Probst, and Michael Franz. 2005. Complexity-based denial-of-service attacks on mobile code systems. INSTITUT FUR INFORMATIK UND PRAKTISCHE MATHEMATIK (2005), 1--10."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287681"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238204"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3183476"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2016.23"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_10"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213874"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00062"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49674-9_26"},{"volume-title":"2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, 58--68","author":"Luckow Kasper","key":"e_1_3_2_1_29_1","unstructured":"Kasper Luckow , Rody Kersten , and Corina Pua sua reanu. 2017. Symbolic complexity analysis using context-preserving histories . In 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, 58--68 . Kasper Luckow, Rody Kersten, and Corina Pua sua reanu. 2017. Symbolic complexity analysis using context-preserving histories. In 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, 58--68."},{"volume-title":"Proceedings of the 27th International Symposium on Software Testing and Analysis (ISSTA)","author":"Noller Yannic","key":"e_1_3_2_1_30_1","unstructured":"Yannic Noller , Rody Kersten , and Corina S . Pua sua reanu. 2018. Badger: complexity analysis with fuzzing and symbolic execution . In Proceedings of the 27th International Symposium on Software Testing and Analysis (ISSTA) . Amsterdam, Netherlands. Yannic Noller, Rody Kersten, and Corina S. Pua sua reanu. 2018. Badger: complexity analysis with fuzzing and symbolic execution. In Proceedings of the 27th International Symposium on Software Testing and Analysis (ISSTA). Amsterdam, Netherlands."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.50"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 24th USENIX Security Symposium (Security)","author":"Pellegrino Giancarlo","year":"2015","unstructured":"Giancarlo Pellegrino , Davide Balzarotti , Stefan Winter , and Neeraj Suri . 2015 . In the compression hornet's nest: A security study of data compression in network services . In Proceedings of the 24th USENIX Security Symposium (Security) . Washington, DC. Giancarlo Pellegrino, Davide Balzarotti, Stefan Winter, and Neeraj Suri. 2015. In the compression hornet's nest: A security study of data compression in network services. In Proceedings of the 24th USENIX Security Symposium (Security). Washington, DC."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134073"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095430.1081750"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.17"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.41"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu and Michael Pradel . 2018 . Freezing the web: A study of redos vulnerabilities in javascript-based web servers . In Proceedings of the 27th USENIX Security Symposium (Security) . Baltimore, MD. Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the web: A study of redos vulnerabilities in javascript-based web servers. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54580-5_2"},{"volume-title":"Proceedings of the 2018 International Symposium on Code Generation and Optimization (CGO)","author":"Toffola Luca Della","key":"e_1_3_2_1_39_1","unstructured":"Luca Della Toffola , Michael Pradel , and Thomas R. Gross . 2018. Synthesizing programs that expose performance bottlenecks . In Proceedings of the 2018 International Symposium on Code Generation and Optimization (CGO) . Vienna, Austria. Luca Della Toffola, Michael Pradel, and Thomas R. Gross. 2018. Synthesizing programs that expose performance bottlenecks. In Proceedings of the 2018 International Symposium on Code Generation and Optimization (CGO). Vienna, Austria."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3276990"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/1025115.1025228"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/11408901_21"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270315"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950340"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.80"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Los Angeles CA USA","acronym":"CCS '22"},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559337","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3559337","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:50:56Z","timestamp":1750182656000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559337"}},"subtitle":["A Hybrid Approach to Detecting Algorithmic Complexity Vulnerabilities"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":45,"alternative-id":["10.1145\/3548606.3559337","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3559337","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}