{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:27:46Z","timestamp":1766442466394,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T00:00:00Z","timestamp":1763769600000},"content-version":"vor","delay-in-days":3,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2331424,2321117"],"award-info":[{"award-number":["2331424,2321117"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NIST","award":["14147259"],"award-info":[{"award-number":["14147259"]}]},{"name":"Eugene McDermott Graduate Fellowships","award":["202208, 202504, and 202405."],"award-info":[{"award-number":["202208, 202504, and 202405."]}]},{"name":"IITP MSIT","award":["No.2021-0-01332"],"award-info":[{"award-number":["No.2021-0-01332"]}]},{"name":"DOT","award":["National Center for Transportation Cyber- security and Resiliency (TraCR)"],"award-info":[{"award-number":["National Center for Transportation Cyber- security and Resiliency (TraCR)"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765040","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"2489-2503","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Walking The Last Mile: Studying Decompiler Output Correction in Practice"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-2513-2896","authenticated-orcid":false,"given":"Joshua","family":"Wiedemeier","sequence":"first","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3333-2452","authenticated-orcid":false,"given":"Simon","family":"Klancher","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4857-5705","authenticated-orcid":false,"given":"Joel","family":"Flores","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5503-2570","authenticated-orcid":false,"given":"Max","family":"Zheng","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4831-4699","authenticated-orcid":false,"given":"Jaehyun","family":"Park","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, Tx, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6012-7228","authenticated-orcid":false,"given":"Sang Kil","family":"Cha","sequence":"additional","affiliation":[{"name":"Korea Advanced Institute of Science and Technology, Daejeon, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3797-4637","authenticated-orcid":false,"given":"Kangkook","family":"Jee","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"PYPL PopularitY of Programming Language Index. 2025. (Visited on 01\/22\/2025)."},{"key":"e_1_3_2_1_2_1","volume-title":"USENIX Workshop on Offensive Technologies (WOOT).","author":"Kholia Dhiru","year":"2013","unstructured":"Dhiru Kholia and Przemyslaw Wegrzyn. ''Looking inside the (Drop) box''. In: USENIX Workshop on Offensive Technologies (WOOT). Aug. 2013."},{"key":"e_1_3_2_1_3_1","volume-title":"Black Hat USA.","author":"Pinto Alessandro Di","year":"2018","unstructured":"Alessandro Di Pinto, Younes Dragoni, and Andrea Carcano. ''TRITON: The First ICS Cyber Attack on Safety Instrument Systems''. In: Black Hat USA. Aug. 2018."},{"key":"e_1_3_2_1_4_1","volume-title":"rep","author":"Dragos Inc. TRISIS Malware. Tech.","year":"2017","unstructured":"Dragos Inc. TRISIS Malware. Tech. rep. Dec. 2017. url: https:\/\/dragos.com\/wpcontent\/uploads\/TRISIS-01.pdf."},{"key":"e_1_3_2_1_5_1","volume-title":"Python Malware On The Rise. https:\/\/www.cyborgsecurity.com\/cyborg_labs\/python-malware-on-the-rise\/","author":"Security Cyborg","year":"2020","unstructured":"Cyborg Security. Python Malware On The Rise. https:\/\/www.cyborgsecurity.com\/cyborg_labs\/python-malware-on-the-rise\/. July 2020."},{"key":"e_1_3_2_1_6_1","unstructured":"Vasilios Koutsokostas and Constantinos Patsakis. Python and Malware: Developing Stealth and Evasive Malware Without Obfuscation. https:\/\/arxiv.org\/pdf\/ 2105.00565.pdf."},{"key":"e_1_3_2_1_7_1","unstructured":"Kotaro Ogino. Unboxing Snake - Python Infostealer Lurking Through Messaging Services. https:\/\/www.cybereason.com\/blog\/unboxing-snake-python-infostealer-lurking-through-messaging-service."},{"key":"e_1_3_2_1_8_1","unstructured":"Josh Grunzweig. Unit 42 Technical Analysis: Seaduke. https:\/\/unit42.paloaltonetworks.com\/unit-42-technical-analysis-seaduke\/."},{"key":"e_1_3_2_1_9_1","unstructured":"jinye. Necro Frequent Upgrades New Version Begins Using PyInstaller and DGA. https:\/\/blog.netlab.360.com\/not-really-new-pyhton-ddos-bot-n3cr0m0rphnecromorph\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Ian Kenefick et al. A Closer Look at the Locky Poser PyLocky Ransomware. https:\/\/www.trendmicro.com\/en_us\/research\/18\/i\/a-closer-look-at-thelocky-poser-pylocky-ransomware.html."},{"key":"e_1_3_2_1_11_1","unstructured":"Warren Mercer. PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. https:\/\/blog.talosintelligence.com\/poetrat-covid-19-lures\/."},{"key":"e_1_3_2_1_12_1","unstructured":"Josh Grunzweig. Python-Based PWOBot Targets European Organizations. https:\/\/unit42.paloaltonetworks.com\/unit42-python-based-pwobot-targets-european-organizations\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Claud Xiao Cong Zheng and Xingyu Jin. Xbash Combines Botnet Ransomware Coinmining in Worm that Targets Linux and Windows. https :\/\/unit42.paloaltonetworks.com\/unit42-xbash-combines-botnet-ransomwarecoinmining-worm-targets-linux-windows\/."},{"key":"e_1_3_2_1_14_1","volume-title":"IEEE Symposium on Security and Privacy (SP).","author":"Ali","year":"2023","unstructured":"Ali Ahad et al. ''PYFET: Forensically Equivalent Transformation for Python Binary Decompilation''. In: IEEE Symposium on Security and Privacy (SP). May 2023."},{"key":"e_1_3_2_1_15_1","volume-title":"IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy (SP).","author":"Joshua","year":"2025","unstructured":"Joshua Wiedemeier et al. ''PyLingual: Toward Perfect Decompilation of Evolving High-Level Languages''. In: IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy (SP). May 2025."},{"key":"e_1_3_2_1_16_1","unstructured":"uncompyle6 PyPI. https:\/\/pypi.org\/project\/uncompyle6\/."},{"key":"e_1_3_2_1_17_1","unstructured":"decompyle3 \u00b7 PyPI. https:\/\/pypi.org\/project\/decompyle3\/."},{"key":"e_1_3_2_1_18_1","unstructured":"zrax\/pycdc: C python bytecode disassembler and decompiler. https:\/\/github.com\/zrax\/pycdc."},{"key":"e_1_3_2_1_19_1","unstructured":"syssec-utd\/pylingual: Python decompiler for modern Python versions. url: https:\/\/github.com\/syssec-utd\/pylingual."},{"key":"e_1_3_2_1_20_1","unstructured":"PyLingual. https:\/\/pylingual.io\/."},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security Symposium (USENIX Security). USENIX Association","author":"Kevin","year":"2022","unstructured":"Kevin Burk et al. ''Decomperson: How Humans Decompile and What We Can Learn From It''. In: USENIX Security Symposium (USENIX Security). USENIX Association, Aug. 2022."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23008"},{"key":"e_1_3_2_1_23_1","unstructured":"Status of Python versions. url: https:\/\/devguide.python.org\/versions\/."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N19-1423"},{"key":"e_1_3_2_1_25_1","first-page":"10683","article-title":"Exploring the Limits of Transfer Learning with a Unified Text-to-Text Transformer","author":"Colin Raffel","year":"1910","unstructured":"Colin Raffel et al. ''Exploring the Limits of Transfer Learning with a Unified Text-to-Text Transformer''. In: CoRR abs\/1910.10683 (2019). arXiv: 1910.10683. url: http:\/\/arxiv.org\/abs\/1910.10683.","journal-title":"CoRR abs\/"},{"key":"e_1_3_2_1_26_1","volume-title":"CodeT5: Identifier-aware Unified Pre-trained Encoder-Decoder Models for Code Understanding and Generation","author":"Yue Wang","year":"2021","unstructured":"Yue Wang et al. CodeT5: Identifier-aware Unified Pre-trained Encoder-Decoder Models for Code Understanding and Generation. 2021. arXiv: 2109. 00859."},{"issue":"1","key":"e_1_3_2_1_27_1","first-page":"100","article-title":"testing for software","volume":"10","author":"McKeeman William M","year":"1998","unstructured":"William M McKeeman. ''Differential testing for software''. In: Digital Technical Journal 10.1 (1998), pp. 100-107.","journal-title":"Digital Technical Journal"},{"key":"e_1_3_2_1_28_1","unstructured":"Monaco Editor. url: https:\/\/microsoft.github.io\/monaco-editor\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34238-8_3"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.11613\/BM.2013.018"},{"key":"e_1_3_2_1_31_1","volume-title":"Jina Embeddings 2:  8192-Token General-Purpose Text Embeddings for Long Documents","author":"Michael G\u00fcnther","year":"2024","unstructured":"Michael G\u00fcnther et al. Jina Embeddings 2: 8192-Token General-Purpose Text Embeddings for Long Documents. 2024. arXiv: 2310.19923 [cs.CL]. url: https: \/\/arxiv.org\/abs\/2310.19923."},{"key":"e_1_3_2_1_32_1","unstructured":"dashingsoft. pyarmor. https:\/\/github.com\/dashingsoft\/pyarmor."},{"key":"e_1_3_2_1_33_1","unstructured":"Oxyry Python Obfuscator. 2025. (Visited on 01\/22\/2025)."},{"key":"e_1_3_2_1_34_1","unstructured":"PyInstaller Quickstart \u2014 PyInstaller bundles Python applications. https:\/\/www. pyinstaller.org\/."},{"key":"e_1_3_2_1_35_1","unstructured":"Rocky Bernstein. python-xdis. https:\/\/github.com\/rocky\/python-xdis."},{"key":"e_1_3_2_1_36_1","first-page":"1875","volume-title":"USENIX Security Symposium (SEC). USENIX Security Symposium (SEC). USENIX Association","author":"Daniel","year":"2020","unstructured":"Daniel Votipka et al. ''An Observational Investigation of Reverse Engineers' Processes''. In: USENIX Security Symposium (SEC). USENIX Security Symposium (SEC). USENIX Association, Oct. 2020, pp. 1875--1892. isbn: 978-1-939133-17-5. url: https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/votipka-observational."},{"key":"e_1_3_2_1_37_1","first-page":"2727","volume-title":"USENIX Security Symposium (SEC). USENIX Security Symposium (SEC)","author":"Alessandro","year":"2022","unstructured":"Alessandro Mantovani et al. ''RE-Mind: a First Look Inside the Mind of a Reverse Engineer''. In: USENIX Security Symposium (SEC). USENIX Security Symposium (SEC). Boston, MA: USENIX Association, Jan. 2022, pp. 2727-- 2745. isbn: 978-1-939133-31-1. url: https:\/\/www.usenix.org\/conference usenixsecurity22\/presentation\/mantovani."},{"key":"e_1_3_2_1_38_1","unstructured":"Cristina Cifuentes. ''Reverse Compilation Techniques''. PhD thesis. 1994."},{"key":"e_1_3_2_1_39_1","volume-title":"USENIX Security Symposium (USENIX Security). Washington, D.C.","author":"David","year":"2013","unstructured":"David Brumley et al. ''Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring''. In: USENIX Security Symposium (USENIX Security). Washington, D.C., July 2013."},{"key":"e_1_3_2_1_40_1","volume-title":"Network Distributed Security Symposium (NDSS).","author":"Khaled","year":"2015","unstructured":"Khaled Yakdan et al. ''No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations''. In: Network Distributed Security Symposium (NDSS). Feb. 2015."},{"key":"e_1_3_2_1_41_1","first-page":"158","volume-title":"(May","author":"Khaled","year":"2016","unstructured":"Khaled Yakdan et al. ''Helping Johnny to Analyze Malware: A Usability- Optimized Decompiler and Malware Analysis User Study''. In: (May 2016), pp. 158--177."},{"key":"e_1_3_2_1_42_1","volume-title":"The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler","author":"Eagle Chris","year":"2011","unstructured":"Chris Eagle. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. USA: No Starch Press, 2011. isbn: 1593272898."},{"key":"e_1_3_2_1_43_1","volume-title":"Ghidra - Journey from Classified NSA Tool to Open Source","author":"Brian Knighton Chris Delikat","year":"2019","unstructured":"Chris Delikat Brian Knighton. Ghidra - Journey from Classified NSA Tool to Open Source. Aug. 2019."},{"volume-title":"Radare2 GitHub repository. https:\/\/github.com\/radare\/radare2","year":"2017","key":"e_1_3_2_1_44_1","unstructured":"Radare2 Team. Radare2 GitHub repository. https:\/\/github.com\/radare\/radare2. 2017."},{"key":"e_1_3_2_1_45_1","unstructured":"RetDec:: Home. https:\/\/retdec.com\/."},{"key":"e_1_3_2_1_46_1","unstructured":"Mike Van Emmerik. ''Static Single Assignment for Decompilation''. PhD thesis."},{"key":"e_1_3_2_1_47_1","volume-title":"BlackBerry Research & Intelligence Team, 2021","author":"New Tricks Old Dogs","year":"2021","unstructured":"Old Dogs New Tricks: Attackers adopt exotic programming languages. Tech. rep. BlackBerry Research & Intelligence Team, 2021. url: https: \/\/blogs.blackberry.com\/en\/2021\/07\/old-dogs-new-tricks-attackers-adopt-exoticprogramming-languages."},{"key":"e_1_3_2_1_48_1","unstructured":"This malware was written in an unusual programming language to stop it from being detected | ZDNet. https:\/\/www.zdnet.com\/article\/this-malware-waswritten-in-an-unusual-programming- language-to-stop-it-from-beingdetected\/."},{"key":"e_1_3_2_1_49_1","first-page":"13","volume-title":"Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research. CASCON '99. Mississauga","author":"Raja","year":"1999","unstructured":"Raja Vall\u00e9e-Rai et al. ''Soot - a Java Bytecode Optimization Framework''. In: Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research. CASCON '99. Mississauga, Ontario, Canada: IBM Press, 1999, p. 13."},{"key":"e_1_3_2_1_50_1","unstructured":"icsharpcode\/ILSpy: .NET Decompiler with support for PDB generation Ready- ToRun Metadata (&more) - cross-platform! https:\/\/github.com\/icsharpcode\/ILSpy."},{"key":"e_1_3_2_1_51_1","unstructured":"dotPeek: Free .NET Decompiler & Assembly Browser by JetBrains. https:\/\/www.jetbrains.com\/decompiler\/."},{"key":"e_1_3_2_1_52_1","unstructured":"cout\/ruby-decompiler: A decompiler for ruby code (both MRI and YARV). https:\/\/github.com\/cout\/ruby-decompiler."},{"key":"e_1_3_2_1_53_1","unstructured":"Tool: Lua 5.1 Decompiler. https:\/\/lua-decompiler.ferib.dev\/."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00052"},{"key":"e_1_3_2_1_55_1","first-page":"2409","author":"Tianyang Zhong","year":"2024","unstructured":"Tianyang Zhong et al. Evaluation of OpenAI o1: Opportunities and Challenges of AGI. 2024. arXiv: 2409.18486 [cs.CL]. url: https:\/\/arxiv.org\/abs\/2409.18486.","journal-title":"Evaluation of OpenAI o1: Opportunities and Challenges of AGI."},{"key":"e_1_3_2_1_56_1","volume-title":"Mamba: Linear-Time Sequence Modeling with Selective State Spaces","author":"Gu Albert","year":"2024","unstructured":"Albert Gu and Tri Dao. Mamba: Linear-Time Sequence Modeling with Selective State Spaces. 2024. arXiv: 2312.00752 [cs.LG]. url: https:\/\/arxiv.org\/abs\/2312.00752."},{"key":"e_1_3_2_1_57_1","volume-title":"Titans: Learning to Memorize at Test Time","author":"Behrouz Ali","year":"2024","unstructured":"Ali Behrouz, Peilin Zhong, and Vahab Mirrokni. Titans: Learning to Memorize at Test Time. 2024. arXiv: 2501.00663 [cs.LG]. url: https:\/\/arxiv.org\/abs\/2501.00663."},{"key":"e_1_3_2_1_58_1","volume-title":"DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning","author":"AI","year":"2025","unstructured":"DeepSeek-AI et al. DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning. 2025. arXiv: 2501.12948 [cs.CL]. url: https:\/\/arxiv.org\/abs\/2501.12948."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765040","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765040","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:26:15Z","timestamp":1766442375000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765040"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":58,"alternative-id":["10.1145\/3719027.3765040","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765040","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}