{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T17:13:49Z","timestamp":1769015629211,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ERC","award":["850868"],"award-info":[{"award-number":["850868"]}]},{"name":"SNSF","award":["PCEGP2-186974"],"award-info":[{"award-number":["PCEGP2-186974"]}]},{"name":"DARPA","award":["HR001119S0089-AMP-FP-03"],"award-info":[{"award-number":["HR001119S0089-AMP-FP-03"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3637642","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"1480-1494","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-6464-355X","authenticated-orcid":false,"given":"Gwangmu","family":"Lee","sequence":"first","affiliation":[{"name":"EPFL, Lausanne, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8082-154X","authenticated-orcid":false,"given":"Duo","family":"Xu","sequence":"additional","affiliation":[{"name":"EPFL, Lausanne, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1275-8373","authenticated-orcid":false,"given":"Solmaz","family":"Salimi","sequence":"additional","affiliation":[{"name":"Sharif University of Technology, Teheran, Iran"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7746-0572","authenticated-orcid":false,"given":"Byoungyoung","family":"Lee","sequence":"additional","affiliation":[{"name":"Seoul National University, Seoul, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5054-7547","authenticated-orcid":false,"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"EPFL, Lausanne, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"CodeQL. https:\/\/codeql.github.com\/."},{"key":"e_1_3_2_1_2_1","unstructured":"difflib. https:\/\/docs.python.org\/3\/library\/difflib.html."},{"key":"e_1_3_2_1_3_1","unstructured":"gitpy. https:\/\/gitpython.readthedocs.io\/en\/stable\/."},{"key":"e_1_3_2_1_4_1","unstructured":"ImageMagick. https:\/\/github.com\/ImageMagick\/ImageMagick."},{"key":"e_1_3_2_1_5_1","unstructured":"Joern: open-source code analysis platform for C\/C++ based on code property graphs. https:\/\/joern.io\/."},{"key":"e_1_3_2_1_6_1","unstructured":"OSSfuzz. https:\/\/github.com\/google\/oss-fuzz."},{"key":"e_1_3_2_1_7_1","unstructured":"Syzbot. https:\/\/syzkaller.appspot.com\/."},{"key":"e_1_3_2_1_8_1","first-page":"359","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Alexopoulos Nikolaos","year":"2022","unstructured":"Nikolaos Alexopoulos, Manuel Brack, Jan Philipp Wagner, Tim Grube, and Max M\u00fchlh\u00e4user. How long do vulnerabilities live in the code? a Large-Scale empirical measurement study on FOSS vulnerability lifetimes. In 31st USENIX Security Symposium (USENIX Security 22), pages 359--376, 2022."},{"key":"e_1_3_2_1_9_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Blazytko Tim","year":"2020","unstructured":"Tim Blazytko, Moritz Schl\u00f6gel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon W\u00f6rner, and Thorsten Holz. AURORA: Statistical crash analysis for automated root cause explanation. In 29th USENIX Security Symposium (USENIX Security 20), 2020."},{"key":"e_1_3_2_1_10_1","first-page":"2329","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17","author":"B\u00f6hme Marcel","year":"2017","unstructured":"Marcel B\u00f6hme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. Directed greybox fuzzing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, page 2329--2344, New York, NY, USA, 2017. Association for Computing Machinery."},{"key":"e_1_3_2_1_11_1","first-page":"561","volume-title":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS '22","author":"Canakci Sadullah","year":"2022","unstructured":"Sadullah Canakci, Nikolay Matyunin, Kalman Graffi, Ajay Joshi, and Manuel Egele. TargetFuzz: Using darts to guide directed greybox fuzzers. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS '22, page 561--573, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_12_1","first-page":"1456","volume-title":"Proceedings of the 44th International Conference on Software Engineering, ICSE '22","author":"Cao Sicong","year":"2022","unstructured":"Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, and Chuanqi Tao. MVD: Memory-related vulnerability detection based on flow-sensitive graph neural networks. In Proceedings of the 44th International Conference on Software Engineering, ICSE '22, page 1456--1468, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_13_1","first-page":"2095","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS '18","author":"Chen Hongxu","year":"2018","unstructured":"Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. Hawkeye: Towards a desired directed grey-box fuzzer. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS '18, page 2095--2108, New York, NY, USA, 2018. Association for Computing Machinery."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","first-page":"1580","DOI":"10.1109\/SP40000.2020.00002","volume-title":"2020 IEEE Symposium on Security and Privacy (SP)","author":"Chen Yaohui","year":"2020","unstructured":"Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. SAVIOR: Towards bug-driven hybrid testing. In 2020 IEEE Symposium on Security and Privacy (SP), pages 1580--1596, 2020."},{"key":"e_1_3_2_1_15_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Cho Mingi","year":"2023","unstructured":"Mingi Cho, Dohyeon An, Hoyong Jin, and Taekyoung Kwon. BoKASAN: Binary-only kernel address sanitizer for effective kernel fuzzing. In 32nd USENIX Security Symposium (USENIX Security 23), 2023."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","first-page":"677","DOI":"10.1109\/SP40001.2021.00114","volume-title":"2021 IEEE Symposium on Security and Privacy (SP)","author":"Choi Jaeseung","year":"2021","unstructured":"Jaeseung Choi, Kangsu Kim, Daejin Lee, and Sang Kil Cha. NtFuzz: Enabling type-aware kernel fuzzing on windows with static binary analysis. In 2021 IEEE Symposium on Security and Privacy (SP), pages 677--693, 2021."},{"key":"e_1_3_2_1_17_1","first-page":"946","volume-title":"Proceedings of the 44th International Conference on Software Engineering, ICSE '22","author":"Ciborowska Agnieszka","year":"2022","unstructured":"Agnieszka Ciborowska and Kostadin Damevski. Fast changeset-based bug localization with bert. In Proceedings of the 44th International Conference on Software Engineering, ICSE '22, page 946--957, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_18_1","first-page":"820","volume-title":"Proceedings of the 38th International Conference on Software Engineering, ICSE '16","author":"Cui Weidong","year":"2016","unstructured":"Weidong Cui, Marcus Peinado, Sang Kil Cha, Yanick Fratantonio, and Vasileios P. Kemerlis. Retracer: Triaging crashes by reverse execution from partial memory dumps. In Proceedings of the 38th International Conference on Software Engineering, ICSE '16, page 820--831, New York, NY, USA, 2016. Association for Computing Machinery."},{"key":"e_1_3_2_1_19_1","first-page":"60","volume-title":"Proceedings of the 41st International Conference on Software Engineering, ICSE '19","author":"Du Xiaoning","year":"2019","unstructured":"Xiaoning Du, Bihuan Chen, Yuekang Li, Jianmin Guo, Yaqin Zhou, Yang Liu, and Yu Jiang. Leopard: Identifying vulnerable code for vulnerability assessment through program metrics. In Proceedings of the 41st International Conference on Software Engineering, ICSE '19, page 60--71. IEEE Press, 2019."},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 29th ACM\/IEEE International Conference on Automated Software Engineering","author":"Falleri Jean-R\u00e9my","year":"2014","unstructured":"Jean-R\u00e9my Falleri, Flor\u00e9al Morandat, Xavier Blanc, Matias Martinez, and Martin Monperrus. Fine-grained and accurate source code differencing. In Proceedings of the 29th ACM\/IEEE International Conference on Automated Software Engineering, 2014."},{"key":"e_1_3_2_1_21_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Fleischer Marius","year":"2023","unstructured":"Marius Fleischer, Dipanjan Das, Priyanka Bose, Weiheng Bai, Kangjie Lu, Mathias Payer, Christopher Kruegel, and Giovanni Vigna. ACTOR: Action-Guided kernel fuzzing. In 32nd USENIX Security Symposium (USENIX Security 23), 2023."},{"key":"e_1_3_2_1_22_1","volume-title":"syzkaller - linux syscall fuzzer","year":"2017","unstructured":"Google. syzkaller - linux syscall fuzzer, 2017. https:\/\/github.com\/google\/syzkaller."},{"issue":"6","key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","first-page":"1276","DOI":"10.1109\/TSE.2011.103","article-title":"A systematic literature review on fault prediction performance in software engineering","volume":"38","author":"Hall Tracy","year":"2012","unstructured":"Tracy Hall, Sarah Beecham, David Bowes, David Gray, and Steve Counsell. A systematic literature review on fault prediction performance in software engineering. IEEE Transactions on Software Engineering, 38(6):1276--1304, 2012.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_24_1","first-page":"2345","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Han HyungSeok","year":"2017","unstructured":"HyungSeok Han and Sang Kil Cha. IMF: Inferred model-based fuzzer. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 2345--2358. ACM, 2017."},{"key":"e_1_3_2_1_25_1","first-page":"518","volume-title":"Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering, ICSE '20","author":"Hoang Thong","year":"2020","unstructured":"Thong Hoang, Hong Jin Kang, David Lo, and Julia Lawall. CC2Vec: Distributed representations of code changes. In Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering, ICSE '20, page 518--529, New York, NY, USA, 2020. Association for Computing Machinery."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1109\/MSR.2019.00016","volume-title":"2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR)","author":"Hoang Thong","year":"2019","unstructured":"Thong Hoang, Hoa Khanh Dam, Yasutaka Kamei, David Lo, and Naoyasu Ubayashi. Deepjit: An end-to-end deep learning framework for just-in-time defect prediction. In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR), pages 34--45, 2019."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1145\/2372225.2372230","volume-title":"Proceedings of the 4th International Workshop on Security Measurements and Metrics, MetriSec '12","author":"Hovsepyan Aram","year":"2012","unstructured":"Aram Hovsepyan, Riccardo Scandariato, Wouter Joosen, and James Walden. Software vulnerability prediction using text analysis techniques. In Proceedings of the 4th International Workshop on Security Measurements and Metrics, MetriSec '12, page 7--10, New York, NY, USA, 2012. Association for Computing Machinery."},{"key":"e_1_3_2_1_28_1","first-page":"0","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (S&P)","author":"Jeong Dae R","unstructured":"Dae R Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. Razzer: Finding kernel race bugs through fuzzing. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), page 0. IEEE, 2018."},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium [Prepublication], SEC'23. USENIX Association","author":"Kim Hyungsub","year":"2023","unstructured":"Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, and Dongyan Xu. PatchVerif: Discovering faulty patches in robotic vehicles. In Proceedings of the 32nd USENIX Conference on Security Symposium [Prepublication], SEC'23. USENIX Association, 2023."},{"key":"e_1_3_2_1_30_1","volume-title":"NDSS","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Dae R Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. HFL: Hybrid fuzzing on the linux kernel. In NDSS, 2020."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1109\/CGO.2004.1281665","volume-title":"International Symposium on Code Generation and Optimization, 2004. CGO 2004.","author":"Lattner Chris","year":"2004","unstructured":"Chris Lattner and Vikram Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization, 2004. CGO 2004., pages 75--86. IEEE, 2004."},{"issue":"5","key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","first-page":"3745","DOI":"10.1109\/TCYB.2020.3013675","article-title":"Vulnerability prediction-assisted evolutionary fuzzing for binary programs","volume":"52","author":"Li Yuwei","year":"2022","unstructured":"Yuwei Li, Shouling Ji, Chenyang Lyu, Yuan Chen, Jianhai Chen, Qinchen Gu, Chunming Wu, and Raheem Beyah. V-Fuzz: Vulnerability prediction-assisted evolutionary fuzzing for binary programs. IEEE Transactions on Cybernetics, 52(5):3745--3756, 2022.","journal-title":"IEEE Transactions on Cybernetics"},{"key":"e_1_3_2_1_33_1","volume-title":"25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Li Zhen","year":"2018","unstructured":"Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. Vuldeepecker: A deep learning-based system for vulnerability detection. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society, 2018."},{"key":"e_1_3_2_1_34_1","volume-title":"2022 IEEE Symposium on Security and Privacy (SP)","author":"Lin Zhenpeng","year":"2022","unstructured":"Zhenpeng Lin, Yueqi Chen, Yuhang Wu, Dongliang Mu, Chensheng Yu, Xinyu Xing, and Kang Li. GREBE: Unveiling exploitation potential for linux kernel bugs. In 2022 IEEE Symposium on Security and Privacy (SP), 2022."},{"key":"e_1_3_2_1_35_1","first-page":"181","volume-title":"2008 ACM\/IEEE 30th International Conference on Software Engineering","author":"Moser Raimund","year":"2008","unstructured":"Raimund Moser, Witold Pedrycz, and Giancarlo Succi. A comparative analysis of the efficiency of change metrics and static code attributes for defect prediction. In 2008 ACM\/IEEE 30th International Conference on Software Engineering, pages 181--190, 2008."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","first-page":"309","DOI":"10.1109\/ISSRE.2010.25","volume-title":"2010 IEEE 21st International Symposium on Software Reliability Engineering","author":"Nagappan Nachiappan","year":"2010","unstructured":"Nachiappan Nagappan, Andreas Zeller, Thomas Zimmermann, Kim Herzig, and Brendan Murphy. Change bursts as defect predictors. In 2010 IEEE 21st International Symposium on Software Reliability Engineering, pages 309--318, 2010."},{"key":"e_1_3_2_1_37_1","first-page":"1273","volume-title":"2020 IEEE\/ACM 42nd International Conference on Software Engineering (ICSE)","author":"Noller Yannic","year":"2020","unstructured":"Yannic Noller, Corina S P\u0103s\u0103reanu, Marcel B\u00f6hme, Youcheng Sun, Hoang Lam Nguyen, and Lars Grunske. HyDiff: Hybrid differential software analysis. In 2020 IEEE\/ACM 42nd International Conference on Software Engineering (ICSE), pages 1273--1285. IEEE, 2020."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium, SEC'20, USA","author":"\u00d6sterlund Sebastian","year":"2020","unstructured":"Sebastian \u00d6sterlund, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. Parmesan: Sanitizer-guided greybox fuzzing. In Proceedings of the 29th USENIX Conference on Security Symposium, SEC'20, USA, 2020. USENIX Association."},{"key":"e_1_3_2_1_39_1","first-page":"729","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Pailoor Shankara","year":"2018","unstructured":"Shankara Pailoor, Andrew Aday, and Suman Jana. MoonShine: Optimizing OS fuzzer seed selection with trace distillation. In 27th USENIX Security Symposium (USENIX Security 18), pages 729--743, 2018."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","first-page":"543","DOI":"10.1109\/ICMLA.2015.99","volume-title":"2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA)","author":"Pang Yulei","year":"2015","unstructured":"Yulei Pang, Xiaozhen Xue, and Akbar Siami Namin. Predicting vulnerable software components through n-gram analysis and statistical feature selection. In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pages 543--548, 2015."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium, SEC'20, USA","author":"Peng Hui","year":"2020","unstructured":"Hui Peng and Mathias Payer. USBFuzz: A framework for fuzzing usb drivers by device emulation. In Proceedings of the 29th USENIX Conference on Security Symposium, SEC'20, USA, 2020. USENIX Association."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1109\/SP.2017.27","volume-title":"2017 IEEE Symposium on Security and Privacy (SP)","author":"Petsios Theofilos","year":"2017","unstructured":"Theofilos Petsios, Adrian Tang, Salvatore Stolfo, Angelos D. Keromytis, and Suman Jana. Nezha: Efficient domain-independent differential testing. In 2017 IEEE Symposium on Security and Privacy (SP), pages 615--632, 2017."},{"key":"e_1_3_2_1_43_1","volume-title":"Machine Intelligence","author":"Plotkin Gordon","year":"1970","unstructured":"Gordon Plotkin. A note on inductive generalization. Machine Intelligence, 1970."},{"key":"e_1_3_2_1_44_1","first-page":"167","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium, SEC'17","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. KAFL: Hardware-assisted feedback fuzzing for os kernels. In Proceedings of the 26th USENIX Conference on Security Symposium, SEC'17, page 167--182, USA, 2017. USENIX Association."},{"key":"e_1_3_2_1_45_1","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Song Dokyung","year":"2019","unstructured":"Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz. PeriScope: An effective probing and fuzzing framework for the hardwareOS boundary. In Network and Distributed System Security Symposium (NDSS), 2019."},{"key":"e_1_3_2_1_46_1","first-page":"344","volume-title":"Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, SOSP '21","author":"Sun Hao","year":"2021","unstructured":"Hao Sun, Yuheng Shen, Cong Wang, Jianzhong Liu, Yu Jiang, Ting Chen, and Aiguo Cui. HEALER: Relation learning guided kernel fuzzing. In Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, SOSP '21, page 344--358, New York, NY, USA, 2021. Association for Computing Machinery."},{"key":"e_1_3_2_1_47_1","first-page":"2741","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Wang Daimeng","year":"2021","unstructured":"Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V Krishnamurthy, and Nael Abu-Ghazaleh. SyzVegas: Beating kernel fuzzing odds with reinforcement learning. In 30th USENIX Security Symposium (USENIX Security 21), pages 2741--2758, 2021."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","first-page":"2409","DOI":"10.1109\/SP46215.2023.10179479","volume-title":"2023 IEEE Symposium on Security and Privacy (SP)","author":"Wang Shu","year":"2023","unstructured":"Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. GraphSPD: Graph-based security patch detection with enriched code semantics. In 2023 IEEE Symposium on Security and Privacy (SP), pages 2409--2426, 2023."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1109\/DSN.2019.00056","volume-title":"2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Wang Xinda","year":"2019","unstructured":"Xinda Wang, Kun Sun, Archer Batcheller, and Sushil Jajodia. Detecting \"0-day\" vulnerability: An empirical study of secret security patch in oss. In 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pages 485--492, 2019."},{"key":"e_1_3_2_1_50_1","volume-title":"2021 IEEE Military Communications Conference (MILCOM)","author":"Wang Xinda","year":"2021","unstructured":"Xinda Wang, Shu Wang, Pengbin Feng, Kun Sun, Sushil Jajodia, Sanae Benchaaboun, and Frank Geck. PatchRNN: A deep learning-based system for security patch identification. In 2021 IEEE Military Communications Conference (MILCOM), 2021."},{"key":"e_1_3_2_1_51_1","first-page":"2365","volume-title":"Proceedings of the 44th International Conference on Software Engineering, ICSE '22","author":"Wu Yueming","year":"2022","unstructured":"Yueming Wu, Deqing Zou, Shihan Dou, Wei Yang, Duo Xu, and Hai Jin. VulCNN: An image-inspired scalable vulnerability detection system. In Proceedings of the 44th International Conference on Software Engineering, ICSE '22, page 2365--2376, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium","author":"Wu Yuhang","year":"2023","unstructured":"Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang K Le, Dongliang Mu, and Xinyu Xing. Mitigating security risks in linux with KLAUS: A method for evaluating patch correctness. In Proceedings of the 32nd USENIX Conference on Security Symposium, 2023."},{"key":"e_1_3_2_1_53_1","first-page":"385","volume-title":"2010 10th International Conference on Quality Software","author":"Xie Xiaoyuan","year":"2010","unstructured":"Xiaoyuan Xie, Tsong Yueh Chen, and Baowen Xu. Isolating suspiciousness from spectrum-based fault localization techniques. In 2010 10th International Conference on Quality Software, pages 385--392, 2010."},{"key":"e_1_3_2_1_54_1","volume-title":"Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS)","author":"Xin Xiong Zhuang Liu Jiadong Lu","year":"2023","unstructured":"Jiadong Lu Xin Xiong Zhuang Liu Xin Tan, Yuan Zhang and Min Yang. SyzDirect: Directed greybox fuzzing for linux kernel. In Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), 2023."},{"issue":"5","key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","first-page":"880","DOI":"10.1016\/j.infsof.2012.08.006","article-title":"A general noise-reduction framework for fault localization of java programs","volume":"55","author":"Xu Jian","year":"2013","unstructured":"Jian Xu, Zhenyu Zhang, W. K. Chan, T. H. Tse, and Shanping Li. A general noise-reduction framework for fault localization of java programs. Inf. Softw. Technol., 55(5):880--896, may 2013.","journal-title":"Inf. Softw. Technol."},{"key":"e_1_3_2_1_56_1","first-page":"320","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS '21","author":"Yagemann Carter","year":"2021","unstructured":"Carter Yagemann, Simon P. Chung, Brendan Saltaformaggio, and Wenke Lee. Automated bug hunting with data-driven symbolic root cause analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS '21, page 320--336, New York, NY, USA, 2021. Association for Computing Machinery."},{"key":"e_1_3_2_1_57_1","first-page":"2139","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17","author":"You Wei","year":"2017","unstructured":"Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, and Bin Liang. SemFuzz: Semantics-based automatic generation of proof-of-concept exploits. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, page 2139--2154, New York, NY, USA, 2017. Association for Computing Machinery."},{"key":"e_1_3_2_1_58_1","volume-title":"American fuzzy lop","author":"Zalewski M.","year":"2017","unstructured":"M. Zalewski. American fuzzy lop, 2017. http:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt."},{"key":"e_1_3_2_1_59_1","first-page":"427","volume-title":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021","author":"Zeng Zhengran","year":"2021","unstructured":"Zhengran Zeng, Yuqun Zhang, Haotian Zhang, and Lingming Zhang. Deep just-in-time defect prediction: How far are we? In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021, page 427--438, New York, NY, USA, 2021. Association for Computing Machinery."},{"key":"e_1_3_2_1_60_1","volume-title":"2022 Network and Distributed System Security Symposium","author":"Zhai Yizhuo","year":"2022","unstructured":"Yizhuo Zhai, Yu Hao, Zheng Zhang, Weiteng Chen, Guoren Li, Zhiyun Qian, Chengyu Song, Manu Sridharan, Srikanth V Krishnamurthy, Trent Jaeger, et al. Progressive scrutiny: Incremental detection of ubi bugs in the linux kernel. In 2022 Network and Distributed System Security Symposium, 2022."},{"key":"e_1_3_2_1_61_1","first-page":"111","volume-title":"Proceedings of the 43rd International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP '21","author":"Zheng Yunhui","year":"2021","unstructured":"Yunhui Zheng, Saurabh Pujar, Burn Lewis, Luca Buratti, Edward Epstein, Bo Yang, Jim Laredo, Alessandro Morari, and Zhong Su. D2A: A dataset built for ai-based vulnerability detection methods using differential analysis. In Proceedings of the 43rd International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP '21, page 111--120. IEEE Press, 2021."},{"key":"e_1_3_2_1_62_1","volume-title":"Curran Associates Inc.","author":"Zhou Yaqin","year":"2019","unstructured":"Yaqin Zhou, Shangqing Liu, Jingkai Siow, Xiaoning Du, and Yang Liu. Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks. Curran Associates Inc., Red Hook, NY, USA, 2019."},{"key":"e_1_3_2_1_63_1","volume-title":"ACM Trans. Softw. Eng. Methodol.","author":"Zhou Yaqin","year":"2021","unstructured":"Yaqin Zhou, Jing Kai Siow, Chenyu Wang, Shangqing Liu, and Yang Liu. SPI: Automated identification of security patches via commits. ACM Trans. Softw. Eng. Methodol., 2021."},{"key":"e_1_3_2_1_64_1","first-page":"2169","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","author":"Zhu Xiaogang","year":"2021","unstructured":"Xiaogang Zhu and Marcel B\u00f6hme. Regression greybox fuzzing. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 2169--2182, 2021."}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637642","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:05Z","timestamp":1750290245000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637642"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":64,"alternative-id":["10.1145\/3634737.3637642","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3637642","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}