{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:10:25Z","timestamp":1750219825618,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,8,4]],"date-time":"2023-08-04T00:00:00Z","timestamp":1691107200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Project supported by CNKLSTISS, National Nature Science Foundation of China","award":["No. 6142111200402, No. 62032019, No. 62032024"],"award-info":[{"award-number":["No. 6142111200402, No. 62032019, No. 62032024"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,8,4]]},"DOI":"10.1145\/3609437.3609461","type":"proceedings-article","created":{"date-parts":[[2023,10,5]],"date-time":"2023-10-05T22:11:25Z","timestamp":1696543885000},"page":"165-173","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["FAEG: Feature-Driven Automatic Exploit Generation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-0185-4974","authenticated-orcid":false,"given":"Peng","family":"Xu","sequence":"first","affiliation":[{"name":"College of Computer, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1645-2787","authenticated-orcid":false,"given":"Liangze","family":"Yin","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3776-0399","authenticated-orcid":false,"given":"Jiantong","family":"Ma","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-2669-217X","authenticated-orcid":false,"given":"Dong","family":"Yang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8033-7943","authenticated-orcid":false,"given":"Wei","family":"Dong","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,10,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"China Information Security Evaluation Center. 2023. National information security vulnerability database. https:\/\/www.cnnvd.org.cn\/.  China Information Security Evaluation Center. 2023. National information security vulnerability database. https:\/\/www.cnnvd.org.cn\/."},{"key":"e_1_3_2_1_2_1","unstructured":"AFL. 2023. AFL. http:\/\/lcamtuf. coredump. cx\/afl\/.  AFL. 2023. AFL. http:\/\/lcamtuf. coredump. cx\/afl\/."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_1_7_1","unstructured":"Cristian Cadar Daniel Dunbar Dawson\u00a0R Engler 2008. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI Vol.\u00a08. 209\u2013224.  Cristian Cadar Daniel Dunbar Dawson\u00a0R Engler 2008. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI Vol.\u00a08. 209\u2013224."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455518.1455522"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"e_1_3_2_1_11_1","unstructured":"CTFTIME. 2023. CTFTIME. https:\/\/ctftime.org\/.  CTFTIME. 2023. CTFTIME. https:\/\/ctftime.org\/."},{"key":"e_1_3_2_1_12_1","unstructured":"DARPA. 2016. DARPA. https:\/\/github.com\/CyberGrandChallenge.  DARPA. 2016. DARPA. https:\/\/github.com\/CyberGrandChallenge."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.15"},{"key":"e_1_3_2_1_15_1","first-page":"2009","article-title":"How to write shared libraries","volume":"16","author":"Drepper Ulrich","year":"2006","unstructured":"Ulrich Drepper . 2006 . How to write shared libraries . Retrieved Jul 16 (2006), 2009 . Ulrich Drepper. 2006. How to write shared libraries. Retrieved Jul 16 (2006), 2009.","journal-title":"Retrieved Jul"},{"key":"e_1_3_2_1_16_1","unstructured":"Austin Gadient Baltazar Ortiz Ricardo Barrato Eli Davis Jeff Perkins and Martin Rinard. 2019. Automatic Exploitation of Fully Randomized Executables. (2019).  Austin Gadient Baltazar Ortiz Ricardo Barrato Eli Davis Jeff Perkins and Martin Rinard. 2019. Automatic Exploitation of Fully Randomized Executables. (2019)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093564"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354224"},{"key":"e_1_3_2_1_20_1","unstructured":"Honggfuzz. 2022. Honggfuzz. https:\/\/github.com\/google\/honggfuzz.  Honggfuzz. 2022. Honggfuzz. https:\/\/github.com\/google\/honggfuzz."},{"volume-title":"24th { USENIX} Security Symposium ({ USENIX} Security 15). 177\u2013192.","author":"Hu Hong","key":"e_1_3_2_1_21_1","unstructured":"Hong Hu , Zheng\u00a0Leong Chua , Sendroiu Adrian , Prateek Saxena , and Zhenkai Liang . 2015. Automatic generation of data-oriented exploits . In 24th { USENIX} Security Symposium ({ USENIX} Security 15). 177\u2013192. Hong Hu, Zheng\u00a0Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang. 2015. Automatic generation of data-oriented exploits. In 24th { USENIX} Security Symposium ({ USENIX} Security 15). 177\u2013192."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2012.20"},{"key":"e_1_3_2_1_23_1","volume-title":"HFL: Hybrid Fuzzing on the Linux Kernel.. In NDSS.","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim , Dae\u00a0 R Jeong , Chung\u00a0Hwan Kim , Yeongjin Jang , Insik Shin , and Byoungyoung Lee . 2020 . HFL: Hybrid Fuzzing on the Linux Kernel.. In NDSS. Kyungtae Kim, Dae\u00a0R Jeong, Chung\u00a0Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid Fuzzing on the Linux Kernel.. In NDSS."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics10010011"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/158511.158618"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106295"},{"key":"e_1_3_2_1_28_1","unstructured":"LibFuzzer. 2023. LibFuzzer software official website. https:\/\/github.com\/Dors\/libfuzzer-workshop\/.  LibFuzzer. 2023. LibFuzzer software official website. https:\/\/github.com\/Dors\/libfuzzer-workshop\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"e_1_3_2_1_30_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Park Sunnyeo","year":"2022","unstructured":"Sunnyeo Park , Daejun Kim , Suman Jana , and Sooel Son . 2022 . { FUGIO} : Automatic Exploit Generation for { PHP} Object Injection Vulnerabilities . In 31st USENIX Security Symposium (USENIX Security 22) . 197\u2013214. Sunnyeo Park, Daejun Kim, Suman Jana, and Sooel Son. 2022. { FUGIO} : Automatic Exploit Generation for { PHP} Object Injection Vulnerabilities. In 31st USENIX Security Symposium (USENIX Security 22). 197\u2013214."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00056"},{"key":"e_1_3_2_1_32_1","volume-title":"Getting around non-executable stack (and fix). Bugtraq mailing list archives","author":"Peslyak Alexander","year":"1997","unstructured":"Alexander Peslyak . 1997. Getting around non-executable stack (and fix). Bugtraq mailing list archives ( 1997 ). Alexander Peslyak. 1997. Getting around non-executable stack (and fix). Bugtraq mailing list archives (1997)."},{"key":"e_1_3_2_1_33_1","volume-title":"Vuzzer: Application-aware evolutionary fuzzing.. In NDSS, Vol.\u00a017. 1\u201314.","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat , Vivek Jain , Ashish Kumar , Lucian Cojocar , Cristiano Giuffrida , and Herbert Bos . 2017 . Vuzzer: Application-aware evolutionary fuzzing.. In NDSS, Vol.\u00a017. 1\u201314. Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. Vuzzer: Application-aware evolutionary fuzzing.. In NDSS, Vol.\u00a017. 1\u201314."},{"key":"e_1_3_2_1_34_1","unstructured":"GITHUB Repository. 2021. GITHUB Repository. https:\/\/github.com\/radareorg\/radare2-r2pipe \/.  GITHUB Repository. 2021. GITHUB Repository. https:\/\/github.com\/radareorg\/radare2-r2pipe \/."},{"key":"e_1_3_2_1_35_1","unstructured":"GITHUB Repository. 2023. GITHUB Repository. https:\/\/github.com\/ChrisTheCoolHut\/Zeratool\/.  GITHUB Repository. 2023. GITHUB Repository. https:\/\/github.com\/ChrisTheCoolHut\/Zeratool\/."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_1_37_1","volume-title":"USENIX Security Symposium, Vol.\u00a010","author":"Schwartz J","year":"2011","unstructured":"Edward\u00a0 J Schwartz , Thanassis Avgerinos , and David Brumley . 2011 . Q: Exploit Hardening Made Easy .. In USENIX Security Symposium, Vol.\u00a010 . 2028092. Edward\u00a0J Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit Hardening Made Easy.. In USENIX Security Symposium, Vol.\u00a010. 2028092."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095430.1081750"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware.. In NDSS Vol.\u00a01. 1\u20131.  Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware.. In NDSS Vol.\u00a01. 1\u20131.","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_44_1","volume-title":"Driller: Augmenting fuzzing through selective symbolic execution.. In NDSS, Vol.\u00a016. 1\u201316.","author":"Stephens Nick","year":"2016","unstructured":"Nick Stephens , John Grosen , Christopher Salls , Andrew Dutcher , Ruoyu Wang , Jacopo Corbetta , Yan Shoshitaishvili , Christopher Kruegel , and Giovanni Vigna . 2016 . Driller: Augmenting fuzzing through selective symbolic execution.. In NDSS, Vol.\u00a016. 1\u201316. Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting fuzzing through selective symbolic execution.. In NDSS, Vol.\u00a016. 1\u201316."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04283-1_14"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243847"},{"volume-title":"27th { USENIX} Security Symposium ({ USENIX} Security 18). 781\u2013797.","author":"Wu Wei","key":"e_1_3_2_1_47_1","unstructured":"Wei Wu , Yueqi Chen , Jun Xu , Xinyu Xing , Xiaorui Gong , and Wei Zou . 2018. { FUZE} : Towards facilitating exploit generation for kernel use-after-free vulnerabilities . In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 781\u2013797. Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. 2018. { FUZE} : Towards facilitating exploit generation for kernel use-after-free vulnerabilities. In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 781\u2013797."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2018.00085"},{"volume-title":"27th { USENIX} Security Symposium ({ USENIX} Security 18). 745\u2013761.","author":"Yun Insu","key":"e_1_3_2_1_49_1","unstructured":"Insu Yun , Sangho Lee , Meng Xu , Yeongjin Jang , and Taesoo Kim . 2018. { QSYM} : A practical concolic execution engine tailored for hybrid fuzzing . In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 745\u2013761. Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. { QSYM} : A practical concolic execution engine tailored for hybrid fuzzing. In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 745\u2013761."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2962027"}],"event":{"name":"Internetware 2023: 14th Asia-Pacific Symposium on Internetware","acronym":"Internetware 2023","location":"Hangzhou China"},"container-title":["Proceedings of the 14th Asia-Pacific Symposium on Internetware"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609437.3609461","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3609437.3609461","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:24Z","timestamp":1750178784000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609437.3609461"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,4]]},"references-count":50,"alternative-id":["10.1145\/3609437.3609461","10.1145\/3609437"],"URL":"https:\/\/doi.org\/10.1145\/3609437.3609461","relation":{},"subject":[],"published":{"date-parts":[[2023,8,4]]},"assertion":[{"value":"2023-10-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}