{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T04:13:56Z","timestamp":1781064836909,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Research Foundation of Korea(NRF)","award":["NRF-2021R1A5A1021944"],"award-info":[{"award-number":["NRF-2021R1A5A1021944"]}]},{"name":"National Research Foundation of Korea(NRF)","award":["NRF-2021R1C1C1003876"],"award-info":[{"award-number":["NRF-2021R1C1C1003876"]}]},{"name":"Institute for Information & Communications Technology Planning & Evaluation (IITP)","award":["No. 2021-0-00758"],"award-info":[{"award-number":["No. 2021-0-00758"]}]},{"name":"Institute for Information & communications Technology Planning&Evaluation(IITP)","award":["No.2022-0-01202"],"award-info":[{"award-number":["No.2022-0-01202"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560664","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"1695-1708","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["TRACER"],"prefix":"10.1145","author":[{"given":"Wooseok","family":"Kang","sequence":"first","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Byoungho","family":"Son","sequence":"additional","affiliation":[{"name":"POSTECH, Pohang, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kihong","family":"Heo","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/spotbugs.github.io","year":"2021","unstructured":"Spotbugs. https:\/\/spotbugs.github.io , 2021 . Spotbugs. https:\/\/spotbugs.github.io, 2021."},{"key":"e_1_3_2_1_2_1","volume-title":"European Conference on Object- Oriented Programming (ECOOP 2016)","author":"Avgustinov Pavel","year":"2016","unstructured":"Pavel Avgustinov , Oege de Moor , Michael Peyton Jones , and Max Sch\u00e4fer . Ql : Object-oriented queries on relational data . In European Conference on Object- Oriented Programming (ECOOP 2016) , 2016 . Pavel Avgustinov, Oege de Moor, Michael Peyton Jones, and Max Sch\u00e4fer. Ql: Object-oriented queries on relational data. In European Conference on Object- Oriented Programming (ECOOP 2016), 2016."},{"key":"e_1_3_2_1_3_1","first-page":"25","author":"Ayewah Nathaniel","year":"2008","unstructured":"Nathaniel Ayewah , David Hovemeyer , J David Morgenthaler , John Penix , and William Pugh . Using static analysis to find bugs. IEEE Softw. , 25 , 2008 . Nathaniel Ayewah, David Hovemeyer, J David Morgenthaler, John Penix, and William Pugh. Using static analysis to find bugs. IEEE Softw., 25, 2008.","journal-title":"IEEE Softw."},{"key":"e_1_3_2_1_4_1","first-page":"8","author":"Black Paul","year":"2018","unstructured":"Paul Black . Juliet 1.3 test suite: Changes from 1.2. NIST Technical Note , 8 2018 . Paul Black. Juliet 1.3 test suite: Changes from 1.2. NIST Technical Note, 8 2018.","journal-title":"NIST Technical Note"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20398-5_33"},{"key":"e_1_3_2_1_6_1","volume-title":"Mukund Raghothaman. In 29th ACM Joint European Software Engineering Conferenceand Symposium on the Foundations of Software Engineering (ESEC\/FSE). ACM.","author":"Chen Tianyi","unstructured":"Tianyi Chen , Kihong Heo , and Mukund Raghothaman. In 29th ACM Joint European Software Engineering Conferenceand Symposium on the Foundations of Software Engineering (ESEC\/FSE). ACM. Tianyi Chen, Kihong Heo, and Mukund Raghothaman. In 29th ACM Joint European Software Engineering Conferenceand Symposium on the Foundations of Software Engineering (ESEC\/FSE). ACM."},{"key":"e_1_3_2_1_7_1","volume-title":"Codeql cwe queries. https:\/\/github.com\/github\/codeql\/tree\/main\/cpp\/ ql\/src\/Security\/CWE","author":"QL.","year":"2021","unstructured":"Code QL. Codeql cwe queries. https:\/\/github.com\/github\/codeql\/tree\/main\/cpp\/ ql\/src\/Security\/CWE , 2021 . CodeQL. Codeql cwe queries. https:\/\/github.com\/github\/codeql\/tree\/main\/cpp\/ ql\/src\/Security\/CWE, 2021."},{"key":"e_1_3_2_1_8_1","volume-title":"https:\/\/github.com\/github\/codeql\/blob\/main\/ cpp\/ql\/src\/Security\/CWE\/CWE-190\/TaintedAllocationSize.ql","author":"TaintedAllocationSize QL.","year":"2021","unstructured":"Code QL. TaintedAllocationSize .ql. https:\/\/github.com\/github\/codeql\/blob\/main\/ cpp\/ql\/src\/Security\/CWE\/CWE-190\/TaintedAllocationSize.ql , 2021 . CodeQL. TaintedAllocationSize.ql. https:\/\/github.com\/github\/codeql\/blob\/main\/ cpp\/ql\/src\/Security\/CWE\/CWE-190\/TaintedAllocationSize.ql, 2021."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2011.26"},{"key":"e_1_3_2_1_10_1","volume-title":"Common vulnerabilities and exposures","author":"The MITRE Corporation","year":"2021","unstructured":"The MITRE Corporation . Common vulnerabilities and exposures , 2021 . The MITRE Corporation. Common vulnerabilities and exposures, 2021."},{"key":"e_1_3_2_1_11_1","volume-title":"Common weakness enumeration","author":"The MITRE Corporation","year":"2021","unstructured":"The MITRE Corporation . Common weakness enumeration , 2021 . The MITRE Corporation. Common weakness enumeration, 2021."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"e_1_3_2_1_13_1","volume-title":"Debian packages. https:\/\/packages.debian.org\/sid\/","year":"2021","unstructured":"Debian. Debian packages. https:\/\/packages.debian.org\/sid\/ , 2021 . Debian. Debian packages. https:\/\/packages.debian.org\/sid\/, 2021."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227142"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00003"},{"key":"e_1_3_2_1_16_1","volume-title":"https:\/\/owasp.org\/www-community\/attacks\/","author":"Foundation The OWASP","year":"2021","unstructured":"The OWASP Foundation . Attacks. https:\/\/owasp.org\/www-community\/attacks\/ , 2021 . The OWASP Foundation. Attacks. https:\/\/owasp.org\/www-community\/attacks\/, 2021."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368132"},{"key":"e_1_3_2_1_18_1","volume-title":"Error prone. https:\/\/errorprone.info","year":"2021","unstructured":"Google. Error prone. https:\/\/errorprone.info , 2021 . Google. Error prone. https:\/\/errorprone.info, 2021."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2597073.2597100"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.54"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314616"},{"key":"e_1_3_2_1_22_1","volume-title":"https:\/\/iotcube.korea.ac.kr","year":"2021","unstructured":"IoTcube. Iotcube. https:\/\/iotcube.korea.ac.kr , 2021 . IoTcube. Iotcube. https:\/\/iotcube.korea.ac.kr, 2021."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.30"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011","author":"Kim Heejung","year":"2011","unstructured":"Heejung Kim , Yungbum Jung , Sunghun Kim , and Kwangkeun Yi. MeCC : memory comparison-based clone detector . In Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011 ). ACM, 2011 . Heejung Kim, Yungbum Jung, Sunghun Kim, and Kwangkeun Yi. MeCC: memory comparison-based clone detector. In Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011). ACM, 2011."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-47764-0_3"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44898-5_16"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227183"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC 2016","author":"Li Zhen","year":"2016","unstructured":"Zhen Li , Deqing Zou , Shouhuai Xu , Hai Jin , Hanchao Qi , and Jie Hu. VulPecker : an automated vulnerability detection system based on code similarity analysis . In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC 2016 ). ACM, 2016 . Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu. VulPecker: an automated vulnerability detection system based on code similarity analysis. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC 2016). ACM, 2016."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00090"},{"key":"e_1_3_2_1_33_1","volume-title":"Proc. ACM Program. Lang., 1","author":"Lopes Cristina V","year":"2017","unstructured":"Cristina V Lopes , Petr Maj , Pedro Martins , Vaibhav Saini , Di Yang , Jakub Zitny , Hitesh Sajnani , and Jan Vitek . D\u00e9j\u00e0vu : a map of code duplicates on github . Proc. ACM Program. Lang., 1 , 2017 . Cristina V Lopes, Petr Maj, Pedro Martins, Vaibhav Saini, Di Yang, Jakub Zitny, Hitesh Sajnani, and Jan Vitek. D\u00e9j\u00e0vu: a map of code duplicates on github. Proc. ACM Program. Lang., 1, 2017."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.48"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837614.2837661"},{"key":"e_1_3_2_1_36_1","volume-title":"Buffer overflow via environment variables. https:\/\/owasp.org\/wwwcommunity\/ attacks\/Buffer_Overflow_via_Environment_Variables","author":"OWASP.","year":"2021","unstructured":"OWASP. Buffer overflow via environment variables. https:\/\/owasp.org\/wwwcommunity\/ attacks\/Buffer_Overflow_via_Environment_Variables , 2021 . OWASP. Buffer overflow via environment variables. https:\/\/owasp.org\/wwwcommunity\/ attacks\/Buffer_Overflow_via_Environment_Variables, 2021."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00067"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.31274\/etd-180810-1359"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3192366.3192417"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 38th International Conference on Software Engineering (ICSE 2016","author":"Sajnani Hitesh","year":"2016","unstructured":"Hitesh Sajnani , Vaibhav Saini , Jeffrey Svajlenko , Chanchal K Roy , and Cristina V Lopes . Sourcerercc : scaling code clone detection to big-code . In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016 ). ACM, 2016 . Hitesh Sajnani, Vaibhav Saini, Jeffrey Svajlenko, Chanchal K Roy, and Cristina V Lopes. Sourcerercc: scaling code clone detection to big-code. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). ACM, 2016."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2016.0185"},{"key":"e_1_3_2_1_42_1","volume-title":"D\u00e9j\u00e0 vu-lnerability. https:\/\/googleprojectzero.blogspot.com\/2021\/ 02\/deja-vu-lnerability.html","author":"Stone Maddie","year":"2021","unstructured":"Maddie Stone . D\u00e9j\u00e0 vu-lnerability. https:\/\/googleprojectzero.blogspot.com\/2021\/ 02\/deja-vu-lnerability.html , 2021 . Maddie Stone. D\u00e9j\u00e0 vu-lnerability. https:\/\/googleprojectzero.blogspot.com\/2021\/ 02\/deja-vu-lnerability.html, 2021."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 40th International Conference on Software Engineering (ICSE 2018","author":"Wang Pengcheng","year":"2018","unstructured":"Pengcheng Wang , Jeffrey Svajlenko , Yanzhao Wu , Yun Xu , and Chanchal K Roy . CCAligner : a token based large-gap clone detector . In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018 ). ACM, 2018 . Pengcheng Wang, Jeffrey Svajlenko, Yanzhao Wu, Yun Xu, and Chanchal K Roy. CCAligner: a token based large-gap clone detector. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018). ACM, 2018."},{"key":"e_1_3_2_1_44_1","volume-title":"10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2012","author":"Wang Xi","year":"2012","unstructured":"Xi Wang , Haogang Chen , Zhihao Jia , Nickolai Zeldovich , and M Frans Kaashoek . Improving integer security for systems with kint . In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2012 ). USENIX Association , 2012 . Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, and M Frans Kaashoek. Improving integer security for systems with kint. In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2012). USENIX Association, 2012."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2018\/394"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970326"},{"key":"e_1_3_2_1_47_1","volume-title":"29th USENIX Security Symposium (USENIX Security 2020","author":"Xiao Yang","year":"2020","unstructured":"Yang Xiao , Bihuan Chen , Chendong Yu , Zhengzi Xu , Zimu Yuan , Feng Li , Binghong Liu , Yang Liu , Wei Huo , Wei Zou , and Wenchang Shi . MVP : Detecting vulnerabilities using patch-enhanced vulnerability signatures . In 29th USENIX Security Symposium (USENIX Security 2020 ). USENIX Association , 2020 . Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. MVP: Detecting vulnerabilities using patch-enhanced vulnerability signatures. In 29th USENIX Security Symposium (USENIX Security 2020). USENIX Association, 2020."},{"key":"e_1_3_2_1_48_1","volume-title":"Neural Information Processing Systems 2019 (NeurIPS 2019)","author":"Zhou Yaqin","year":"2019","unstructured":"Yaqin Zhou , Shangqing Liu , Jing Kai Siow , Xiaoning Du , and Yang Liu . Devign : Effective vulnerability identification by learning comprehensive program semantics via graph neural networks . In Neural Information Processing Systems 2019 (NeurIPS 2019) , 2019 . Yaqin Zhou, Shangqing Liu, Jing Kai Siow, Xiaoning Du, and Yang Liu. Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In Neural Information Processing Systems 2019 (NeurIPS 2019), 2019."}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560664","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560664","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:59Z","timestamp":1750182539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560664"}},"subtitle":["Signature-based Static Analysis for Detecting Recurring Vulnerabilities"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":48,"alternative-id":["10.1145\/3548606.3560664","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560664","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}