{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T22:10:05Z","timestamp":1755900605996,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":16,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,6]],"date-time":"2023-12-06T00:00:00Z","timestamp":1701820800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,6]]},"DOI":"10.1145\/3638782.3638784","type":"proceedings-article","created":{"date-parts":[[2024,4,18]],"date-time":"2024-04-18T11:07:37Z","timestamp":1713438457000},"page":"6-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["CapSan-UB: Bug Capabilities Detector Based on Undefined Behavior"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-2106-1687","authenticated-orcid":false,"given":"Wei","family":"Zhao","sequence":"first","affiliation":[{"name":"College of Electronic Science and Technology, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4351-365X","authenticated-orcid":false,"given":"Zhiwei","family":"Li","sequence":"additional","affiliation":[{"name":"College of Electronic Science and Technology, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4395-1351","authenticated-orcid":false,"given":"Ruilin","family":"Li","sequence":"additional","affiliation":[{"name":"College of Electronic Science and Technology, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9025-2791","authenticated-orcid":false,"given":"Chaojing","family":"Tang","sequence":"additional","affiliation":[{"name":"College of Electronic Science and Technology, National University of Defense Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,4,18]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Android In-The-Wild Exploit https:\/\/googleprojectzero.blogspot.com\/2019\/11\/bad-binder-android-in-wild-exploit.html","author":"Binder Bad","year":"2019","unstructured":"[1] Bad Binder: Android In-The-Wild Exploit https:\/\/googleprojectzero.blogspot.com\/2019\/11\/bad-binder-android-in-wild-exploit.html, 2019."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1109\/QRS.2018.00047"},{"unstructured":"[3]Jacob P. Tyo. 2016. Empirical analysis and automated classification of security bug reports. In Graduate Thesis and Reports.","key":"e_1_3_2_1_3_1"},{"key":"e_1_3_2_1_4_1","volume-title":"AURORA: Statistical Crash Analysis for Automated Root Cause Explanation. In USENIX Security (SEC). USENIX, 235\u2013252.","author":"Blazytko Tim","year":"2020","unstructured":"[4] Tim Blazytko, Moritz Schl\u00f6gel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon W\u00f6rner, and Thorsten Holz. 2020. AURORA: Statistical Crash Analysis for Automated Root Cause Explanation. In USENIX Security (SEC). USENIX, 235\u2013252."},{"doi-asserted-by":"crossref","unstructured":"[5]George Klees Andrew Ruef Benji Cooper Shiyi Wei and Michael Hicks. 2018. Evaluating Fuzz Testing. In Computer and Communications Security (CCS). ACM 2123\u20132138.","key":"e_1_3_2_1_5_1","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_6_1","volume-title":"KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities. In USENIX Security (SEC). USENIX, 1093\u20131110.","author":"Chen Weiteng","year":"2020","unstructured":"[6]Weiteng Chen, Xiaochen Zou, Guoren Li, and Zhiyun Qian. 2020. KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities. In USENIX Security (SEC). USENIX, 1093\u20131110."},{"key":"e_1_3_2_1_7_1","volume-title":"ACM","author":"Wang Yan","year":"2018","unstructured":"[7]Yan Wang, Chao Zhang, Xiaobo Xiang, Zixuan Zhao, Wenjie Li, Xiaorui Gong, Bingchang Liu, Kaixiang Chen, and Wei Zou. 2018. Revery: From Proof-ofConcept to Exploitable. In Computer and Communications Security (CCS). ACM, 1914\u20131927."},{"key":"e_1_3_2_1_8_1","volume-title":"FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In USENIX Security (SEC). USENIX, 781\u2013797.","author":"Wu Wei","year":"2018","unstructured":"[8]Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. 2018. FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In USENIX Security (SEC). USENIX, 781\u2013797."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1145\/3548606.3560575"},{"key":"e_1_3_2_1_10_1","volume-title":"AddressSanitizer: A Fast Address Sanity Checker. In Annual Technical Conference (ATC). USENIX, 309\u2013318","author":"Serebryany Konstantin","year":"2012","unstructured":"[10]Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Annual Technical Conference (ATC). USENIX, 309\u2013318."},{"key":"e_1_3_2_1_11_1","volume-title":"Workshop on Offensive Technologies (WOOT). USENIX.","author":"Fioraldi Andrea","year":"2020","unstructured":"[11]Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++: Combining incremental steps of fuzzing research. In Workshop on Offensive Technologies (WOOT). USENIX."},{"unstructured":"[12]afl-fuzz: crash exploration mode. https:\/\/lcamtuf.blogspot.com\/2014\/11\/afl-fuzz-crash-exploration-mode.html.","key":"e_1_3_2_1_12_1"},{"volume-title":"USENIX Security (SEC)","author":"Zou Xiaochen","unstructured":"[13]Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, and Zhiyun Qian. 2022. SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel. In USENIX Security (SEC). USENIX, Boston, MA, 3201\u20133217.","key":"e_1_3_2_1_13_1"},{"volume-title":"Tools and Algorithms for the Construction and Analysis of Systems (TACAS)","author":"Anand Saswat","unstructured":"[14]Saswat Anand, Patrice Godefroid, and Nikolai Tillmann. 2008. Demand-driven compositional symbolic execution. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Springer, 367\u2013381.","key":"e_1_3_2_1_14_1"},{"doi-asserted-by":"crossref","unstructured":"[15]Shiqi Shen Shweta Shinde Soundarya Ramesh Abhik Roychoudhury and Prateek Saxena. 2019. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In Network and Distributed Systems Security (NDSS).","key":"e_1_3_2_1_15_1","DOI":"10.14722\/ndss.2019.23530"},{"unstructured":"[16]UndefinedBehaviorSanitizer https:\/\/releases.llvm.org\/16.0.0\/tools\/clang\/docs\/UndefinedBehaviorSanitizer.html 2023","key":"e_1_3_2_1_16_1"}],"event":{"acronym":"ICCNS 2023","name":"ICCNS 2023: 2023 13th International Conference on Communication and Network Security","location":"Fuzhou China"},"container-title":["Proceedings of the 2023 13th International Conference on Communication and Network Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3638782.3638784","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3638782.3638784","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T21:35:47Z","timestamp":1755898547000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3638782.3638784"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,6]]},"references-count":16,"alternative-id":["10.1145\/3638782.3638784","10.1145\/3638782"],"URL":"https:\/\/doi.org\/10.1145\/3638782.3638784","relation":{},"subject":[],"published":{"date-parts":[[2023,12,6]]},"assertion":[{"value":"2024-04-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}