{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:41:32Z","timestamp":1773841292717,"version":"3.50.1"},"reference-count":154,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2021,3,5]],"date-time":"2021-03-05T00:00:00Z","timestamp":1614902400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003833","name":"Hydro-Qu\u00e9bec","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003833","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007034","name":"Thales Group","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100007034","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2022,3,31]]},"abstract":"<jats:p>In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.<\/jats:p>","DOI":"10.1145\/3432893","type":"journal-article","created":{"date-parts":[[2021,3,6]],"date-time":"2021-03-06T04:09:57Z","timestamp":1615003797000},"page":"1-42","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":50,"title":["Automatic Vulnerability Detection in Embedded Devices and Firmware"],"prefix":"10.1145","volume":"54","author":[{"given":"Abdullah","family":"Qasem","sequence":"first","affiliation":[{"name":"Concordia University, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5592-1518","authenticated-orcid":false,"given":"Paria","family":"Shirani","sequence":"additional","affiliation":[{"name":"Concordia University, Canada"}]},{"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[{"name":"Concordia University, Canada"}]},{"given":"Lingyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Concordia University, Canada"}]},{"given":"Bernard","family":"Lebel","sequence":"additional","affiliation":[{"name":"Thales Canada Inc., Canada"}]},{"given":"Basile L.","family":"Agba","sequence":"additional","affiliation":[{"name":"Institut de recherche d\u2019Hydro-Qu\u00e9bec, Canada"}]}],"member":"320","published-online":{"date-parts":[[2021,3,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/bs.adcom.2017.12.007"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377644.3377654"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCSim.2014.6903734"},{"key":"e_1_2_1_4_1","unstructured":"Magnus Almgren Davide Balzarotti Jan Stijohann and Emmanuele Zambon. 2014. D5.3 report on automated vulnerability discovery techniques. CRISALIS EU Project. https:\/\/docplayer.net\/53692826-D5-3-report-on-automated-vulnerability-discovery-techniques.html.  Magnus Almgren Davide Balzarotti Jan Stijohann and Emmanuele Zambon. 2014. D5.3 report on automated vulnerability discovery techniques. CRISALIS EU Project. https:\/\/docplayer.net\/53692826-D5-3-report-on-automated-vulnerability-discovery-techniques.html."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.01.011"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3175492"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99073-6_2"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1516512.1516518"},{"key":"e_1_2_1_9_1","unstructured":"Amazon. 2018. Amazon elastic compute cloud. Retrieved from https:\/\/aws.amazon.com\/ec2\/.  Amazon. 2018. Amazon elastic compute cloud. Retrieved from https:\/\/aws.amazon.com\/ec2\/."},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis , Tim April , Michael Bailey , Matt Bernhard , Elie Bursztein , Jaime Cochran , Zakir Durumeric , J. Alex Halderman , Luca Invernizzi , Michalis Kallitsis , et\u00a0al. 2017 . Understanding the Mirai botnet . In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917) . 1093--1110. Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et\u00a0al. 2017. Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917). 1093--1110."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2013.207"},{"key":"e_1_2_1_12_1","volume-title":"Wasserstein gan. Arxiv Preprint Arxiv:1701.07875","author":"Arjovsky Martin","year":"2017","unstructured":"Martin Arjovsky , Soumith Chintala , and L\u00e9on Bottou . 2017. Wasserstein gan. Arxiv Preprint Arxiv:1701.07875 ( 2017 ). Martin Arjovsky, Soumith Chintala, and L\u00e9on Bottou. 2017. Wasserstein gan. Arxiv Preprint Arxiv:1701.07875 (2017)."},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the International Symposium on Software Testing and Analysis (ISSTA\u201911)","author":"Babi\u0107 Domagoj","year":"2011","unstructured":"Domagoj Babi\u0107 , Lorenzo Martignoni , Stephen McCamant , and Dawn Song . 2011 . Statically-directed dynamic automated test generation . In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA\u201911) . ACM, 12--22. Domagoj Babi\u0107, Lorenzo Martignoni, Stephen McCamant, and Dawn Song. 2011. Statically-directed dynamic automated test generation. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA\u201911). ACM, 12--22."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24723-4_2"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"e_1_2_1_16_1","volume-title":"23rd USENIX Security Symposium (USENIX Security\u201914)","author":"Bao Tiffany","year":"2014","unstructured":"Tiffany Bao , Jonathan Burket , Maverick Woo , Rafael Turner , and David Brumley . 2014 . BYTEWEIGHT: Learning to recognize functions in binary code . In 23rd USENIX Security Symposium (USENIX Security\u201914) . 845--860. Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to recognize functions in binary code. In 23rd USENIX Security Symposium (USENIX Security\u201914). 845--860."},{"key":"e_1_2_1_17_1","volume-title":"Problem solving for the 21st century: Efficient solver for satisfiability modulo theories","author":"Barrett Clark","unstructured":"Clark Barrett , Daniel Kroening , and Thomas Melham . 2014. Problem solving for the 21st century: Efficient solver for satisfiability modulo theories . London Mathematical Society and Smith Institute for Industrial Mathematics and System Engineering . Clark Barrett, Daniel Kroening, and Thomas Melham. 2014. Problem solving for the 21st century: Efficient solver for satisfiability modulo theories. London Mathematical Society and Smith Institute for Industrial Mathematics and System Engineering."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJESDF.2007.016865"},{"key":"e_1_2_1_19_1","first-page":"14","article-title":"Embedded management interfaces: Emerging massive insecurity","volume":"1","author":"Bojinov Hristo","year":"2009","unstructured":"Hristo Bojinov , Elie Bursztein , Eric Lovett , and Dan Boneh . 2009 . Embedded management interfaces: Emerging massive insecurity . BlackHat USA 1 , 8 (2009), 14 . Hristo Bojinov, Elie Bursztein, Eric Lovett, and Dan Boneh. 2009. Embedded management interfaces: Emerging massive insecurity. BlackHat USA 1, 8 (2009), 14.","journal-title":"BlackHat USA"},{"key":"e_1_2_1_20_1","unstructured":"Boofuzz. 2019. 2Binwalk: firmware analysis tool. Retrieved from https:\/\/boofuzz.readthedocs.io\/en\/latest.  Boofuzz. 2019. 2Binwalk: firmware analysis tool. Retrieved from https:\/\/boofuzz.readthedocs.io\/en\/latest."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_2"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1142\/9789812797926_0003"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the Science and Information (SAI\u201918)","author":"Brooks Teresa Nicole","year":"2018","unstructured":"Teresa Nicole Brooks . 2018 . Survey of automated vulnerability detection and exploit generation techniques in cyber reasoning systems . In Proceedings of the Science and Information (SAI\u201918) Conference. Springer, 1083--1102. Teresa Nicole Brooks. 2018. Survey of automated vulnerability detection and exploit generation techniques in cyber reasoning systems. In Proceedings of the Science and Information (SAI\u201918) Conference. Springer, 1083--1102."},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI\u201908)","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar , Daniel Dunbar , Dawson R. Engler , et\u00a0al. 2008 . KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs . In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI\u201908) . 209--224. Cristian Cadar, Daniel Dunbar, Dawson R. Engler, et\u00a0al. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI\u201908). 209--224."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.50"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950350"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2014.2363153"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134640"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961296.1950396"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918)","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani , Giovanni Camurati , and Aur\u00e9lien Francillon . 2018 . Inception: System-wide security testing of real-world embedded systems software . In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918) . 309--326. Nassim Corteggiani, Giovanni Camurati, and Aur\u00e9lien Francillon. 2018. Inception: System-wide security testing of real-world embedded systems software. In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918). 309--326."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897900"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201913)","author":"Cui Ang","unstructured":"Ang Cui , Michael Costello , and Salvatore J. Stolfo . 2013. When firmware modifications attack: A case study of embedded exploitation . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201913) . Ang Cui, Michael Costello, and Salvatore J. Stolfo. 2013. When firmware modifications attack: A case study of embedded exploitation. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201913)."},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the 26th Computer Security Applications Conference (ACSAC\u201910)","author":"Cui Ang","unstructured":"Ang Cui and Salvatore J. Stolfo . 2010. A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan . In Proceedings of the 26th Computer Security Applications Conference (ACSAC\u201910) . ACM, 97--106. Ang Cui and Salvatore J. Stolfo. 2010. A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. In Proceedings of the 26th Computer Security Applications Conference (ACSAC\u201910). ACM, 97--106."},{"key":"e_1_2_1_40_1","first-page":"1","article-title":"k-nearest neighbour classifiers","volume":"34","author":"Cunningham Padraig","year":"2007","unstructured":"Padraig Cunningham and Sarah Jane Delany . 2007 . k-nearest neighbour classifiers . Mult. Class. Syst. 34 , 8 (2007), 1 -- 17 . Padraig Cunningham and Sarah Jane Delany. 2007. k-nearest neighbour classifiers. Mult. Class. Syst. 34, 8 (2007), 1--17.","journal-title":"Mult. Class. Syst."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23262"},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the International Conference on Machine Learning (ICML\u201916)","author":"Dai Hanjun","year":"2016","unstructured":"Hanjun Dai , Bo Dai , and Le Song . 2016 . Discriminative embeddings of latent variable models for structured data . In Proceedings of the International Conference on Machine Learning (ICML\u201916) . 2702--2711. Hanjun Dai, Bo Dai, and Le Song. 2016. Discriminative embeddings of latent variable models for structured data. In Proceedings of the International Conference on Machine Learning (ICML\u201916). 2702--2711."},{"key":"e_1_2_1_43_1","unstructured":"DARPA. 2018. Cyber Grand Challenge. Retrieved from http:\/\/cybergrandchallenge.com.  DARPA. 2018. Cyber Grand Challenge. Retrieved from http:\/\/cybergrandchallenge.com."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2980983.2908126"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062387"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594343"},{"key":"e_1_2_1_48_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201913)","author":"Davidson Drew","year":"2013","unstructured":"Drew Davidson , Benjamin Moench , Thomas Ristenpart , and Somesh Jha . 2013 . FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution . In Proceedings of the USENIX Security Symposium (USENIX Security\u201913) . 463--478. Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution. In Proceedings of the USENIX Security Symposium (USENIX Security\u201913). 463--478."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_2_1_50_1","unstructured":"die.net. 2018. Determine file type. Retrieved from https:\/\/linux.die.net\/man\/1\/file.  die.net. 2018. Determine file type. Retrieved from https:\/\/linux.die.net\/man\/1\/file."},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the ReCon 2014 Conference.","author":"Dinaburg Artem","year":"2014","unstructured":"Artem Dinaburg and Andrew Ruef . 2014 . Mcsema: Static translation of X86 instructions to LLVM . In Proceedings of the ReCon 2014 Conference. Artem Dinaburg and Andrew Ruef. 2014. Mcsema: Static translation of X86 instructions to LLVM. In Proceedings of the ReCon 2014 Conference."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.15"},{"key":"e_1_2_1_53_1","unstructured":"Dominic Rath. 2018. OpenOCD. Retrieved from http:\/\/openocd.org.  Dominic Rath. 2018. OpenOCD. Retrieved from http:\/\/openocd.org."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSMR.2012.74"},{"key":"e_1_2_1_55_1","volume-title":"23rd USENIX Security Symposium (USENIX Security\u201914)","author":"Egele Manuel","year":"2014","unstructured":"Manuel Egele , Maverick Woo , Peter Chapman , and David Brumley . 2014 . Blanket execution: Dynamic similarity testing for program binaries and components . In 23rd USENIX Security Symposium (USENIX Security\u201914) . 303--317. Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley. 2014. Blanket execution: Dynamic similarity testing for program binaries and components. In 23rd USENIX Security Symposium (USENIX Security\u201914). 303--317."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.4064\/fm-49-2-129-141"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23185"},{"key":"e_1_2_1_58_1","volume-title":"Vulnerabilities reached a historic peak","author":"ESET.","year":"2017","unstructured":"ESET. 2018. Vulnerabilities reached a historic peak in 2017 . Retrieved from https:\/\/bit.ly\/2Mgk4x9. ESET. 2018. Vulnerabilities reached a historic peak in 2017. Retrieved from https:\/\/bit.ly\/2Mgk4x9."},{"key":"e_1_2_1_59_1","unstructured":"F-Secure. 2015. Vulnerabilities in Foscam IP cameras enable root and remote control. Retrieved from https:\/\/bit.ly\/2PONhRW.  F-Secure. 2015. Vulnerabilities in Foscam IP cameras enable root and remote control. Retrieved from https:\/\/bit.ly\/2PONhRW."},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3015135.3015137"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-014-0203-1"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052995"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_2_1_64_1","volume-title":"Proceedings of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA\u201904)","author":"Flake Halvar","year":"2004","unstructured":"Halvar Flake . 2004 . Structural comparison of executable objects . In Proceedings of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA\u201904) . Gesellschaft f\u00fcr Informatik eV, 161--174. Halvar Flake. 2004. Structural comparison of executable objects. In Proceedings of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA\u201904). Gesellschaft f\u00fcr Informatik eV, 161--174."},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1002\/nav.20056"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88625-9_16"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3240480"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523650"},{"key":"e_1_2_1_69_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201908)","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid , Michael Y. Levin , David A. Molnar , et\u00a0al. 2008 . Automated whitebox fuzz testing . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201908) . 151--166. Patrice Godefroid, Michael Y. Levin, David A. Molnar, et\u00a0al. 2008. Automated whitebox fuzz testing. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201908). 151--166."},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.5555\/3155562.3155573"},{"key":"e_1_2_1_71_1","unstructured":"Andy Greenberg. 2017. The Reaper IoT Botnet Has Already Infected a Million Networks. Retrieved from https:\/\/bit.ly\/2SiYZpJ.  Andy Greenberg. 2017. The Reaper IoT Botnet Has Already Infected a Million Networks. Retrieved from https:\/\/bit.ly\/2SiYZpJ."},{"key":"e_1_2_1_72_1","volume-title":"Graph Theory: Penn State Math 485 Lecture Notes.","author":"Griffin C.","year":"2012","unstructured":"C. Griffin . 2012 . Graph Theory: Penn State Math 485 Lecture Notes. Retrieved from http:\/\/www. personal.psu.edu\/cxg286\/Math485.pdf. C. Griffin. 2012. Graph Theory: Penn State Math 485 Lecture Notes. Retrieved from http:\/\/www. personal.psu.edu\/cxg286\/Math485.pdf."},{"key":"e_1_2_1_73_1","volume-title":"Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201919)","author":"Gustafson Eric","year":"2019","unstructured":"Eric Gustafson , Marius Muench , Chad Spensky , Nilo Redini , Aravind Machiry , Yanick Fratantonio , Davide Balzarotti , Aur\u00e9lien Francillon , Yung Ryn Choe , Christophe Kruegel , et\u00a0al. 2019 . Toward the analysis of embedded firmware through automated re-hosting . In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201919) . 135--150. Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aur\u00e9lien Francillon, Yung Ryn Choe, Christophe Kruegel, et\u00a0al. 2019. Toward the analysis of embedded firmware through automated re-hosting. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201919). 135--150."},{"key":"e_1_2_1_74_1","unstructured":"H. Craig. 2019. 2Binwalk: firmware analysis tool. Retrieved from https:\/\/github.com\/ReFirmLabs\/binwalk.  H. Craig. 2019. 2Binwalk: firmware analysis tool. Retrieved from https:\/\/github.com\/ReFirmLabs\/binwalk."},{"key":"e_1_2_1_75_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201913)","author":"Haller Istvan","year":"2013","unstructured":"Istvan Haller , Asia Slowinska , Matthias Neugschwandtner , and Herbert Bos . 2013 . Dowsing for overflows: A guided fuzzer to find buffer boundary violations . In Proceedings of the USENIX Security Symposium (USENIX Security\u201913) . 49--64. Istvan Haller, Asia Slowinska, Matthias Neugschwandtner, and Herbert Bos. 2013. Dowsing for overflows: A guided fuzzer to find buffer boundary violations. In Proceedings of the USENIX Security Symposium (USENIX Security\u201913). 49--64."},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985441.1985453"},{"key":"e_1_2_1_77_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201912)","volume":"8","author":"Heninger Nadia","unstructured":"Nadia Heninger , Zakir Durumeric , Eric Wustrow , and J. Alex Halderman . 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices . In Proceedings of the USENIX Security Symposium (USENIX Security\u201912) , Vol. 8 . 1. Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In Proceedings of the USENIX Security Symposium (USENIX Security\u201912), Vol. 8. 1."},{"key":"e_1_2_1_78_1","unstructured":"Luigi Auriemma. 2018. Signsrch signature identification tool. http:\/\/aluigi.altervista.org\/mytoolz.htm.  Luigi Auriemma. 2018. Signsrch signature identification tool. http:\/\/aluigi.altervista.org\/mytoolz.htm."},{"key":"e_1_2_1_79_1","unstructured":"IT Governance Blog. 2018. 6 reasons why software is becoming more vulnerable to cyber attacks. Retrieved from https:\/\/bit.ly\/2tJq7nu.  IT Governance Blog. 2018. 6 reasons why software is becoming more vulnerable to cyber attacks. Retrieved from https:\/\/bit.ly\/2tJq7nu."},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065016"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSC.2018.00017"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.30"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSC.2016.33"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2012.70"},{"key":"e_1_2_1_86_1","first-page":"417","article-title":"Analysis of HTTP protocol implementation in smart card embedded web server","volume":"2","author":"Kamel Nassima","year":"2013","unstructured":"Nassima Kamel and Jean-Louis Lanet . 2013 . Analysis of HTTP protocol implementation in smart card embedded web server . Int. J. Inf. Netw. Secur. 2 , 5 (2013), 417 . Nassima Kamel and Jean-Louis Lanet. 2013. Analysis of HTTP protocol implementation in smart card embedded web server. Int. J. Inf. Netw. Secur. 2, 5 (2013), 417.","journal-title":"Int. J. Inf. Netw. Secur."},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2002.1019480"},{"key":"e_1_2_1_88_1","volume-title":"Proceedings of the 10th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE\u201916)","author":"Kammerstetter Markus","year":"2016","unstructured":"Markus Kammerstetter , Daniel Burian , and Wolfgang Kastner . 2016 . Embedded security testing with peripheral device caching and runtime program state approximation . In Proceedings of the 10th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE\u201916) . Markus Kammerstetter, Daniel Burian, and Wolfgang Kastner. 2016. Embedded security testing with peripheral device caching and runtime program state approximation. In Proceedings of the 10th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE\u201916)."},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590301"},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314399"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-005-0002-9"},{"key":"e_1_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.5555\/2487085.2487147"},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.34"},{"key":"e_1_2_1_94_1","volume-title":"Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT\u201915)","author":"Koscher Karl","year":"2015","unstructured":"Karl Koscher , Tadayoshi Kohno , and David Molnar . 2015 . SURROGATES: Enabling near-real-time dynamic analyses of embedded systems . In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT\u201915) . Karl Koscher, Tadayoshi Kohno, and David Molnar. 2015. SURROGATES: Enabling near-real-time dynamic analyses of embedded systems. In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT\u201915)."},{"key":"e_1_2_1_95_1","volume-title":"Proceedings of the International Workshop on Recent Advances in Intrusion Detection (RAID\u201905)","author":"Kruegel Christopher","year":"2005","unstructured":"Christopher Kruegel , Engin Kirda , Darren Mutz , William Robertson , and Giovanni Vigna . 2005 . Polymorphic worm detection using structural information of executables . In Proceedings of the International Workshop on Recent Advances in Intrusion Detection (RAID\u201905) . Springer, 207--226. Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, and Giovanni Vigna. 2005. Polymorphic worm detection using structural information of executables. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection (RAID\u201905). Springer, 207--226."},{"key":"e_1_2_1_96_1","volume-title":"Proceedings of the USENIX Security Symposium","volume":"13","author":"Kruegel Christopher","year":"2004","unstructured":"Christopher Kruegel , William Robertson , Fredrik Valeur , and Giovanni Vigna . 2004 . Static disassembly of obfuscated binaries . In Proceedings of the USENIX Security Symposium , Vol. 13 . 18--18. Christopher Kruegel, William Robertson, Fredrik Valeur, and Giovanni Vigna. 2004. Static disassembly of obfuscated binaries. In Proceedings of the USENIX Security Symposium, Vol. 13. 18--18."},{"key":"e_1_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2015.274"},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-018-0002-y"},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106295"},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238199"},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635900"},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2655046"},{"key":"e_1_2_1_103_1","volume-title":"SmartSeed: Smart seed generation for efficient fuzzing. Arxiv Preprint Arxiv:1807.02606","author":"Lv Chenyang","year":"2018","unstructured":"Chenyang Lv , Shouling Ji , Yuwei Li , Junfeng Zhou , Jianhai Chen , Pan Zhou , and Jing Chen . 2018. SmartSeed: Smart seed generation for efficient fuzzing. Arxiv Preprint Arxiv:1807.02606 ( 2018 ). Chenyang Lv, Shouling Ji, Yuwei Li, Junfeng Zhou, Jianhai Chen, Pan Zhou, and Jing Chen. 2018. SmartSeed: Smart seed generation for efficient fuzzing. Arxiv Preprint Arxiv:1807.02606 (2018)."},{"key":"e_1_2_1_104_1","volume-title":"Manuel Egele, Edward J. Schwartz, and Maverick Woo.","author":"Marie Man\u00e8s Valentin Jean","year":"2019","unstructured":"Valentin Jean Marie Man\u00e8s , HyungSeok Han , Choongwoo Han , Sang Kil Cha , Manuel Egele, Edward J. Schwartz, and Maverick Woo. 2019 . The art, science, and engineering of fuzzing: A survey. IEEE Trans. Softw. Eng . (2019), 1--1. DOI:10.1109\/TSE.2019.2946563 10.1109\/TSE.2019.2946563 Valentin Jean Marie Man\u00e8s, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo. 2019. The art, science, and engineering of fuzzing: A survey. IEEE Trans. Softw. Eng. (2019), 1--1. DOI:10.1109\/TSE.2019.2946563"},{"key":"e_1_2_1_105_1","volume-title":"Backtrack search algorithms and the maximal common subgraph problem. Softw.: Pract. Exper. 12, 1","author":"McGregor James J.","year":"1982","unstructured":"James J. McGregor . 1982. Backtrack search algorithms and the maximal common subgraph problem. Softw.: Pract. Exper. 12, 1 ( 1982 ). James J. McGregor. 1982. Backtrack search algorithms and the maximal common subgraph problem. Softw.: Pract. Exper. 12, 1 (1982)."},{"key":"e_1_2_1_106_1","unstructured":"Mitre. 2018. CWE-416: Use after free. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/416.html.  Mitre. 2018. CWE-416: Use after free. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/416.html."},{"key":"e_1_2_1_107_1","volume-title":"Muchnick et\u00a0al","author":"Steven","year":"1997","unstructured":"Steven S. Muchnick et\u00a0al . 1997 . Advanced Compiler Design Implementation. Morgan Kaufmann . Steven S. Muchnick et\u00a0al. 1997. Advanced Compiler Design Implementation. Morgan Kaufmann."},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23017"},{"key":"e_1_2_1_109_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23166"},{"key":"e_1_2_1_110_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201911)","author":"Mulliner Collin","year":"2011","unstructured":"Collin Mulliner , Nico Golde , and Jean-Pierre Seifert . 2011 . SMS of death: From analyzing to attacking mobile phones on a large scale . In Proceedings of the USENIX Security Symposium (USENIX Security\u201911) . 99. Collin Mulliner, Nico Golde, and Jean-Pierre Seifert. 2011. SMS of death: From analyzing to attacking mobile phones on a large scale. In Proceedings of the USENIX Security Symposium (USENIX Security\u201911). 99."},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066677.1066753"},{"key":"e_1_2_1_113_1","unstructured":"Mary\n      Natrella\n    . 2010. NIST\/\n      SEMATECH\n     e-handbook of statistical methods.\n   (\n  2010\n  ). Retrieved from http:\/\/www.itl.nist.gov\/div898\/handbook\/.  Mary Natrella. 2010. NIST\/SEMATECH e-handbook of statistical methods. (2010). Retrieved from http:\/\/www.itl.nist.gov\/div898\/handbook\/."},{"key":"e_1_2_1_114_1","unstructured":"Jose Nazario. 2007. BlackEnergy DDoS Bot Analysis. Arbor Networks. http:\/\/pds15.egloos.com\/pds\/201001\/01\/66\/BlackEnergy_DDoS_Bot_Analysis.pdf.  Jose Nazario. 2007. BlackEnergy DDoS Bot Analysis. Arbor Networks. http:\/\/pds15.egloos.com\/pds\/201001\/01\/66\/BlackEnergy_DDoS_Bot_Analysis.pdf."},{"key":"e_1_2_1_115_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250746"},{"key":"e_1_2_1_116_1","doi-asserted-by":"publisher","DOI":"10.1093\/acprof:oso\/9780199206650.001.0001"},{"key":"e_1_2_1_117_1","volume-title":"Proceedings of the 12th Network and Distributed Systems Security Symposium (NDSS\u201905)","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Song . 2005 . Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software . In Proceedings of the 12th Network and Distributed Systems Security Symposium (NDSS\u201905) . Citeseer. James Newsome and Dawn Song. 2005. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In Proceedings of the 12th Network and Distributed Systems Security Symposium (NDSS\u201905). Citeseer."},{"key":"e_1_2_1_118_1","volume-title":"Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS\u201902)","author":"Ng Andrew Y.","year":"2002","unstructured":"Andrew Y. Ng , Michael I. Jordan , and Yair Weiss . 2002 . On spectral clustering: Analysis and an algorithm . In Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS\u201902) . 849--856. Andrew Y. Ng, Michael I. Jordan, and Yair Weiss. 2002. On spectral clustering: Analysis and an algorithm. In Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS\u201902). 849--856."},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2013.83"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970281"},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1109\/CTC.2013.9"},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00056"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.49"},{"key":"e_1_2_1_124_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664269"},{"key":"e_1_2_1_125_1","unstructured":"Protean Security. 2018. Next Generation Dynamic Analysis with PANDA. Retrieved from https:\/\/bit.ly\/2ZfXlq8.  Protean Security. 2018. Next Generation Dynamic Analysis with PANDA. Retrieved from https:\/\/bit.ly\/2ZfXlq8."},{"key":"e_1_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2015.2470241"},{"key":"e_1_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.05.015"},{"key":"e_1_2_1_128_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23404"},{"key":"e_1_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2012.30"},{"key":"e_1_2_1_130_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201914)","author":"Rebert Alexandre","year":"2014","unstructured":"Alexandre Rebert , Sang Kil Cha , Thanassis Avgerinos , Jonathan Foote , David Warren , Gustavo Grieco , and David Brumley . 2014 . Optimizing seed selection for fuzzing . In Proceedings of the USENIX Security Symposium (USENIX Security\u201914) . 861--875. Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. 2014. Optimizing seed selection for fuzzing. In Proceedings of the USENIX Security Symposium (USENIX Security\u201914). 861--875."},{"key":"e_1_2_1_132_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_6"},{"key":"e_1_2_1_133_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_14"},{"key":"e_1_2_1_135_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_2_1_136_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_2_1_137_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2017.20"},{"key":"e_1_2_1_138_1","unstructured":"Steelix. 2020. LAVA-M. Retrieved from https:\/\/sites.google.com\/site\/steelix2017\/home\/lava.  Steelix. 2020. LAVA-M. Retrieved from https:\/\/sites.google.com\/site\/steelix2017\/home\/lava."},{"key":"e_1_2_1_139_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_2_1_140_1","doi-asserted-by":"publisher","DOI":"10.1145\/1024393.1024404"},{"key":"e_1_2_1_141_1","volume-title":"Counterattacking the Packers. McAfee Avert Labs","author":"Taha Gaith","unstructured":"Gaith Taha . 2007. Counterattacking the Packers. McAfee Avert Labs , Aylesbury, UK . Gaith Taha. 2007. Counterattacking the Packers. McAfee Avert Labs, Aylesbury, UK."},{"key":"e_1_2_1_142_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04138-9_26"},{"key":"e_1_2_1_143_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04897-0_12"},{"key":"e_1_2_1_144_1","volume-title":"Discovering vulnerabilities in COTS IoT devices through blackbox fuzzing web management interface. Secur. Commun. Netw. 2019","author":"Wang Dong","year":"2019","unstructured":"Dong Wang , Xiaosong Zhang , Ting Chen , and Jingwei Li. 2019. Discovering vulnerabilities in COTS IoT devices through blackbox fuzzing web management interface. Secur. Commun. Netw. 2019 ( 2019 ). Dong Wang, Xiaosong Zhang, Ting Chen, and Jingwei Li. 2019. Discovering vulnerabilities in COTS IoT devices through blackbox fuzzing web management interface. Secur. Commun. Netw. 2019 (2019)."},{"key":"e_1_2_1_145_1","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3183494"},{"key":"e_1_2_1_146_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_2_1_147_1","article-title":"RPFuzzer: A framework for discovering router protocols vulnerabilities based on fuzzing","volume":"7","author":"Wang Zhiqiang","year":"2013","unstructured":"Zhiqiang Wang , Yuqing Zhang , and Qixu Liu . 2013 . RPFuzzer: A framework for discovering router protocols vulnerabilities based on fuzzing . KSII Trans. Internet Inf. Syst. 7 , 8 (2013). Zhiqiang Wang, Yuqing Zhang, and Qixu Liu. 2013. RPFuzzer: A framework for discovering router protocols vulnerabilities based on fuzzing. KSII Trans. Internet Inf. Syst. 7, 8 (2013).","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"e_1_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.5555\/800078.802557"},{"key":"e_1_2_1_149_1","volume-title":"A large scale investigation of obfuscation use in Google Play. Arxiv Preprint Arxiv:1801.02742","author":"Wermke Dominik","year":"2018","unstructured":"Dominik Wermke , Nicolas Huaman , Yasemin Acar , Brad Reaves , Patrick Traynor , and Sascha Fahl . 2018. A large scale investigation of obfuscation use in Google Play. Arxiv Preprint Arxiv:1801.02742 ( 2018 ). Dominik Wermke, Nicolas Huaman, Yasemin Acar, Brad Reaves, Patrick Traynor, and Sascha Fahl. 2018. A large scale investigation of obfuscation use in Google Play. Arxiv Preprint Arxiv:1801.02742 (2018)."},{"key":"e_1_2_1_150_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_2_1_151_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421003"},{"key":"e_1_2_1_152_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363247"},{"key":"e_1_2_1_153_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918)","author":"Yun Insu","year":"2018","unstructured":"Insu Yun , Sangho Lee , Meng Xu , Yeongjin Jang , and Taesoo Kim . 2018 . QSYM: A practical concolic execution engine tailored for hybrid fuzzing . In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918) . USENIX Association, 745--761. Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918). USENIX Association, 745--761."},{"key":"e_1_2_1_154_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"e_1_2_1_155_1","volume-title":"American fuzzy lop: A security-oriented fuzzer.","author":"Zalewski Michal","year":"2010","unstructured":"Michal Zalewski . 2010. American fuzzy lop: A security-oriented fuzzer. Retrieved from http:\/\/lcamtuf.coredump.cx\/afl\/ ( 2010 ). Michal Zalewski. 2010. American fuzzy lop: A security-oriented fuzzer. Retrieved from http:\/\/lcamtuf.coredump.cx\/afl\/ (2010)."},{"key":"e_1_2_1_156_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516664"},{"key":"e_1_2_1_157_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201913)","author":"Zhang Mingwei","unstructured":"Mingwei Zhang and R. Sekar . 2013. Control flow integrity for COTS binaries . In Proceedings of the USENIX Security Symposium (USENIX Security\u201913) . 337--352. Mingwei Zhang and R. Sekar. 2013. Control flow integrity for COTS binaries. In Proceedings of the USENIX Security Symposium (USENIX Security\u201913). 337--352."},{"key":"e_1_2_1_158_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919)","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng , Ali Davanian , Heng Yin , Chengyu Song , Hongsong Zhu , and Limin Sun . 2019 . FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation . In Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919) . 1099--1114. Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation. In Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919). 1099--1114."},{"key":"e_1_2_1_159_1","volume-title":"Neural machine translation inspired binary code similarity comparison beyond function pairs. Arxiv Preprint Arxiv:1808.04706","author":"Zuo Fei","year":"2018","unstructured":"Fei Zuo , Xiaopeng Li , Zhexin Zhang , Patrick Young , Lannan Luo , and Qiang Zeng . 2018. Neural machine translation inspired binary code similarity comparison beyond function pairs. Arxiv Preprint Arxiv:1808.04706 ( 2018 ). Fei Zuo, Xiaopeng Li, Zhexin Zhang, Patrick Young, Lannan Luo, and Qiang Zeng. 2018. Neural machine translation inspired binary code similarity comparison beyond function pairs. Arxiv Preprint Arxiv:1808.04706 (2018)."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3432893","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3432893","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:47:11Z","timestamp":1750193231000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3432893"}},"subtitle":["Survey and Layered Taxonomies"],"short-title":[],"issued":{"date-parts":[[2021,3,5]]},"references-count":154,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,3,31]]}},"alternative-id":["10.1145\/3432893"],"URL":"https:\/\/doi.org\/10.1145\/3432893","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,5]]},"assertion":[{"value":"2019-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-10-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-03-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}