{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T01:42:24Z","timestamp":1755999744321,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T00:00:00Z","timestamp":1701302400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["Grant No.62172305"],"award-info":[{"award-number":["Grant No.62172305"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3611643.3616274","type":"proceedings-article","created":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T23:14:38Z","timestamp":1701386078000},"page":"934-946","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Input-Driven Dynamic Program Debloating for Code-Reuse Attack Mitigation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1066-791X","authenticated-orcid":false,"given":"Xiaoke","family":"Wang","sequence":"first","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8871-1185","authenticated-orcid":false,"given":"Tao","family":"Hui","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2412-7279","authenticated-orcid":false,"given":"Lei","family":"Zhao","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6277-340X","authenticated-orcid":false,"given":"Yueqiang","family":"Cheng","sequence":"additional","affiliation":[{"name":"NIO, Mountain View, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,11,30]]},"reference":[{"volume-title":"zlib 1.2.11 Manual. https:\/\/www.zlib.net\/manual.html Accessed","year":"2021","key":"e_1_3_2_2_1_1","unstructured":"2004. zlib 1.2.11 Manual. https:\/\/www.zlib.net\/manual.html Accessed July 09, 2021"},{"key":"e_1_3_2_2_2_1","volume-title":"https:\/\/dumps.wikimedia.org\/ Accessed","author":"Downloads Wikimedia","year":"2021","unstructured":"2007. Wikimedia Downloads. https:\/\/dumps.wikimedia.org\/ Accessed Oct 10, 2021"},{"volume-title":"https:\/\/memcached.org\/ Accessed","year":"2021","key":"e_1_3_2_2_3_1","unstructured":"2009. Memcached. https:\/\/memcached.org\/ Accessed July 08, 2021"},{"volume-title":"https:\/\/redis.io\/ Accessed","year":"2021","key":"e_1_3_2_2_4_1","unstructured":"2010. Redis. https:\/\/redis.io\/ Accessed July 08, 2021"},{"key":"e_1_3_2_2_5_1","unstructured":"2013. Blind Return Oriented Programming (BROP). http:\/\/www.scs.stanford.edu\/brop\/ Accessed Oct 10 2021"},{"key":"e_1_3_2_2_6_1","volume-title":"https:\/\/www.exploit-db.com\/exploits\/25775 Accessed","author":"Chuncked Encoding Stack Buffer Nginx","year":"2021","unstructured":"2013. Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit). https:\/\/www.exploit-db.com\/exploits\/25775 Accessed Oct 10, 2021"},{"volume-title":"https:\/\/nginx.org\/ Accessed","year":"2021","key":"e_1_3_2_2_7_1","unstructured":"2015. Nginx. https:\/\/nginx.org\/ Accessed July 08, 2021"},{"volume-title":"https:\/\/github.com\/m4drat\/CVE-2013-2028-Exploit Accessed","year":"2021","key":"e_1_3_2_2_8_1","unstructured":"2020. CVE-2013-2028 Exploit. https:\/\/github.com\/m4drat\/CVE-2013-2028-Exploit Accessed Oct 10, 2021"},{"volume-title":"angrop. https:\/\/github.com\/angr\/angrop Accessed","year":"2021","key":"e_1_3_2_2_9_1","unstructured":"2021. angrop. https:\/\/github.com\/angr\/angrop Accessed Oct 10, 2021"},{"volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-2028 Accessed","year":"2021","key":"e_1_3_2_2_10_1","unstructured":"2021. CVE-2013-2028 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-2028 Accessed Oct 10, 2021"},{"key":"e_1_3_2_2_11_1","unstructured":"2021. September 2021 Web Server Survey. https:\/\/news.netcraft.com\/archives\/category\/web-server-survey\/ Accessed Oct 10 2021"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"e_1_3_2_2_14_1","volume-title":"Control Flow Analysis. SIGPLAN Not., 5, 7","author":"Allen Frances E.","year":"1970","unstructured":"Frances E. Allen. 1970. Control Flow Analysis. SIGPLAN Not., 5, 7 (1970), July."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/800028.808479"},{"key":"e_1_3_2_2_16_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Azad Babak Amin","year":"2019","unstructured":"Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis. 2019. Less is More: Quantifying the Security Benefits of Debloating Web Applications. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA. 1697\u20131714. isbn:978-1-939133-06-9 https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/azad"},{"key":"e_1_3_2_2_17_1","volume-title":"https:\/\/www.gnu.org\/software\/binutils\/ Accessed","author":"Binutils G BINUTILS.","year":"2021","unstructured":"G BINUTILS. 2007. GNU Binutils. https:\/\/www.gnu.org\/software\/binutils\/ Accessed July 08, 2021"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00051"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.23"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3141235.3141243"},{"key":"e_1_3_2_2_23_1","unstructured":"Crispan Cowan Calton Pu Dave Maier Jonathan Walpole Peat Bakke Steve Beattie Aaron Grier Perry Wagle Qian Zhang and Heather Hinton. 1998. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks.. In USENIX security symposium. 98 63\u201378."},{"key":"e_1_3_2_2_24_1","volume-title":"Privilege Escalation Vulnerability in Linux x32 Configuration. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0038 Visited on","author":"CVE.","year":"2021","unstructured":"CVE. 2013. Privilege Escalation Vulnerability in Linux x32 Configuration. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0038 Visited on July 07, 2021"},{"key":"e_1_3_2_2_25_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6485 Visited on","author":"CVE.","year":"2021","unstructured":"CVE. 2018. CVE-2018-6485. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6485 Visited on Oct 10, 2021"},{"key":"e_1_3_2_2_26_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-5155 Visited on","author":"CVE.","year":"2021","unstructured":"CVE. 2019. CVE-2009-5155. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-5155 Visited on Oct 10, 2021"},{"key":"e_1_3_2_2_27_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-1752 Visited on","author":"CVE.","year":"2021","unstructured":"CVE. 2019. CVE-2020-1752. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-1752 Visited on Oct 10, 2021"},{"key":"e_1_3_2_2_28_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-35942 Visited on","author":"CVE.","year":"2021","unstructured":"CVE. 2021. CVE-2021-35942. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-35942 Visited on Oct 10, 2021"},{"key":"e_1_3_2_2_29_1","unstructured":"Solar Designer. 1997. Getting around non-executable stack (and fix). http:\/\/ouah.bsdjeunz.org\/solarretlibc.html."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"crossref","unstructured":"Peter Deutsch. 1996. GZIP file format specification version 4.3.","DOI":"10.17487\/rfc1952"},{"key":"e_1_3_2_2_31_1","volume-title":"Uprobe-tracer: Uprobe-based Event Tracing. https:\/\/docs.kernel.org\/trace\/uprobetracer.html","author":"Dronamraju Srikar","year":"2021","unstructured":"Srikar Dronamraju. 2021. Uprobe-tracer: Uprobe-based Event Tracing. https:\/\/docs.kernel.org\/trace\/uprobetracer.html"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301324"},{"key":"e_1_3_2_2_33_1","volume-title":"XX Congreso Argentino de Ciencias de la Computaci\u00f3n (Buenos Aires","author":"Heitman Christian","year":"2014","unstructured":"Christian Heitman and Iv\u00e1n Arce. 2014. BARF: a multiplatform open source binary analysis and reverse engineering framework. In XX Congreso Argentino de Ciencias de la Computaci\u00f3n (Buenos Aires, 2014)."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1186736.1186737"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243838"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243739"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2016.146"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2016.27"},{"key":"e_1_3_2_2_40_1","volume-title":"Ltrace man page. URL https:\/\/man7.org\/linux\/man-pages\/man1\/ltrace.1.html, 1","author":"Juan Cespedes","year":"2021","unstructured":"Cespedes Juan and Machata Petr. 2021. Ltrace man page. URL https:\/\/man7.org\/linux\/man-pages\/man1\/ltrace.1.html, 1 (2021)."},{"key":"e_1_3_2_2_41_1","volume-title":"https:\/\/www.lighttpd.net\/ Accessed","author":"Kneschke Jan","year":"2021","unstructured":"Jan Kneschke. 2003. Lighttpd. https:\/\/www.lighttpd.net\/ Accessed July 08, 2021"},{"key":"e_1_3_2_2_42_1","first-page":"11","article-title":"Kernel Korner","volume":"2005","author":"Krishnakumar R.","year":"2005","unstructured":"R. Krishnakumar. 2005. Kernel Korner: Kprobes-a Kernel Debugger. Linux J., 2005, 133 (2005), May, 11. issn:1075-3583","journal-title":"Kprobes-a Kernel Debugger. Linux J."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_2_44_1","unstructured":"Collin Mulliner and Matthias Neugschwandtner. 2015. Breaking payloads with runtime code stripping and image freezing. Black Hat USA."},{"key":"e_1_3_2_2_45_1","unstructured":"Keiron O\u2019Shea and Ryan Nash. 2015. An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458."},{"volume-title":"PyTorch: An Imperative Style","author":"Paszke Adam","key":"e_1_3_2_2_46_1","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas Kopf, Edward Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. 2019. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In Advances in Neural Information Processing Systems 32, H. Wallach, H. Larochelle, A. Beygelzimer, F. d' Alch\u00e9-Buc, E. Fox, and R. Garnett (Eds.). Curran Associates, Inc., 8024\u20138035. http:\/\/papers.neurips.cc\/paper\/9015-pytorch-an-imperative-style-high-performance-deep-learning-library.pdf"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3386017"},{"key":"e_1_3_2_2_48_1","volume-title":"RAZOR: A Framework for Post-deployment Software Debloating. In 28 USENIX Security Symposium (USENIX Security 19)","author":"Qian Chenxiong","year":"2019","unstructured":"Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A Framework for Post-deployment Software Debloating. In 28 USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA. 1733\u20131750. isbn:978-1-939133-06-9 https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/qian"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417866"},{"key":"e_1_3_2_2_50_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Quach Anh","year":"2018","unstructured":"Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating Software through Piece-Wise Compilation and Loading. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD. 869\u2013886. isbn:978-1-939133-04-5 https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/quach"},{"key":"e_1_3_2_2_51_1","unstructured":"Mohit Rajpal William Blum and Rishabh Singh. 2017. Not all bytes are equal: Neural byte sieve for fuzzing. arXiv preprint arXiv:1711.04596."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106271"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3141235.3141241"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238160"},{"key":"e_1_3_2_2_58_1","unstructured":"Vincent Abella Starr Andersen. 2004. Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3: Memory Protection Technologies Data Execution Prevention. http:\/\/technet.microsoft.com\/en-us\/library\/bb457155.aspx"},{"key":"e_1_3_2_2_59_1","unstructured":"PaX Team. 2003. Address Space Layout Randomization (ASLR). https:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"e_1_3_2_2_60_1","unstructured":"Ashish Vaswani Noam Shazeer Niki Parmar Jakob Uszkoreit Llion Jones Aidan N Gomez Lukasz Kaiser and Illia Polosukhin. 2017. Attention is all you need. arXiv preprint arXiv:1706.03762."},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2010.04.008"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","unstructured":"F. Wang and Y. Shoshitaishvili. 2017. Angr - The Next Generation of Binary Analysis. In 2017 IEEE Cybersecurity Development (SecDev). 8\u20139. https:\/\/doi.org\/10.1109\/SecDev.2017.14 10.1109\/SecDev.2017.14","DOI":"10.1109\/SecDev.2017.14"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01234-2_1"},{"key":"e_1_3_2_2_64_1","volume-title":"LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Wu Jianliang","year":"2021","unstructured":"Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi. 2021. LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 339\u2013356. isbn:978-1-939133-24-3 https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wu-jianliang"},{"key":"e_1_3_2_2_65_1","unstructured":"M. Zalewski. 2017. American fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/"},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507768"},{"key":"e_1_3_2_2_67_1","volume-title":"Proceedings of the 28 International Conference on Neural Information Processing Systems -","volume":"1","author":"Zhang Xiang","year":"2015","unstructured":"Xiang Zhang, Junbo Zhao, and Yann LeCun. 2015. Character-Level Convolutional Networks for Text Classification. In Proceedings of the 28 International Conference on Neural Information Processing Systems - Volume 1 (NIPS\u201915). MIT Press, Cambridge, MA, USA. 649\u2013657."},{"key":"e_1_3_2_2_68_1","unstructured":"Ye Zhang and Byron Wallace. 2015. A sensitivity analysis of (and practitioners\u2019 guide to) convolutional neural networks for sentence classification. arXiv preprint arXiv:1510.03820."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_32"},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3358222"}],"event":{"name":"ESEC\/FSE '23: 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"San Francisco CA USA","acronym":"ESEC\/FSE '23"},"container-title":["Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3611643.3616274","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3611643.3616274","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:03Z","timestamp":1750178163000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3611643.3616274"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,30]]},"references-count":70,"alternative-id":["10.1145\/3611643.3616274","10.1145\/3611643"],"URL":"https:\/\/doi.org\/10.1145\/3611643.3616274","relation":{},"subject":[],"published":{"date-parts":[[2023,11,30]]},"assertion":[{"value":"2023-11-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}