乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T06:30:04Z","timestamp":1740119404116,"version":"3.37.3"},"reference-count":62,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61472439"],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2024,9]]},"DOI":"10.1016\/j.cose.2024.103947","type":"journal-article","created":{"date-parts":[[2024,6,12]],"date-time":"2024-06-12T18:56:32Z","timestamp":1718218592000},"page":"103947","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":1,"special_numbering":"C","title":["Fuzzing JavaScript engines with a syntax-aware neural program model"],"prefix":"10.1016","volume":"144","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-7370-1651","authenticated-orcid":false,"given":"Haoran","family":"Xu","sequence":"first","affiliation":[]},{"given":"Yongjun","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Zhiyuan","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Shuhui","family":"Fan","sequence":"additional","affiliation":[]},{"given":"Shaojing","family":"Fu","sequence":"additional","affiliation":[]},{"given":"Peidai","family":"Xie","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"year":"2015","series-title":"A random SQL query generator","author":"Andreas","key":"10.1016\/j.cose.2024.103947_b1"},{"key":"10.1016\/j.cose.2024.103947_b2","unstructured":"Apple, ., 0000. The built-in JavaScript engine for WebKit [Online]. Available: https:\/\/developer.apple.com\/documentation\/javascriptcore."},{"year":"2017","series-title":"Mujs","author":"Artifex Software","key":"10.1016\/j.cose.2024.103947_b3"},{"key":"10.1016\/j.cose.2024.103947_b4","doi-asserted-by":"crossref","unstructured":"Aschermann, C., Frassetto, T., Holz, T., Jauernig, P., Sadeghi, A.-R., Teuchert, D., 2019. NAUTILUS: Fishing for Deep Bugs with Grammars. In: NDSS.","DOI":"10.14722\/ndss.2019.23412"},{"key":"10.1016\/j.cose.2024.103947_b5","doi-asserted-by":"crossref","unstructured":"Bernhard, L., Scharnowski, T., Schloegel, M., Blazytko, T., Holz, T., 2022. JIT-picking: Differential fuzzing of JavaScript engines. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. pp. 351\u2013364.","DOI":"10.1145\/3548606.3560624"},{"year":"2018","series-title":"mjs: Embedded JavaScript engine for C\/C++","author":"cesanta","key":"10.1016\/j.cose.2024.103947_b6"},{"key":"10.1016\/j.cose.2024.103947_b7","series-title":"2018 IEEE Symposium on Security and Privacy","first-page":"711","article-title":"Angora: Efficient fuzzing by principled search","author":"Chen","year":"2018"},{"key":"10.1016\/j.cose.2024.103947_b8","series-title":"2021 IEEE Symposium on Security and Privacy","first-page":"642","article-title":"One engine to fuzz\u2019em all: Generic language processor testing with semantic validation","author":"Chen","year":"2021"},{"year":"2014","series-title":"Learning phrase representations using RNN encoder-decoder for statistical machine translation","author":"Cho","key":"10.1016\/j.cose.2024.103947_b9"},{"key":"10.1016\/j.cose.2024.103947_b10","series-title":"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis","first-page":"95","article-title":"Compiler fuzzing through deep learning","author":"Cummins","year":"2018"},{"year":"2009","series-title":"Node.js","author":"Dahl","key":"10.1016\/j.cose.2024.103947_b11"},{"year":"2018","series-title":"Deno","author":"Dahl","key":"10.1016\/j.cose.2024.103947_b12"},{"key":"10.1016\/j.cose.2024.103947_b13","series-title":"2018 IEEE Symposium on Security and Privacy","first-page":"679","article-title":"Collafl: Path sensitive fuzzing","author":"Gan","year":"2018"},{"key":"10.1016\/j.cose.2024.103947_b14","doi-asserted-by":"crossref","unstructured":"Gavrin, E., Lee, S.-J., Ayrapetyan, R., Shitov, A., 2015. Ultra lightweight JavaScript engine for internet of things. In: Companion Proceedings of the 2015 ACM SIGPLAN International Conference on Systems, Programming, Languages and Applications: Software for Humanity. pp. 19\u201320.","DOI":"10.1145\/2814189.2816270"},{"year":"2022","series-title":"JavaScript stays as the 1st most used language","author":"Github","key":"10.1016\/j.cose.2024.103947_b15"},{"key":"10.1016\/j.cose.2024.103947_b16","series-title":"Proceedings of the 32nd IEEE\/ACM International Conference on Automated Software Engineering","first-page":"50","article-title":"Learn&fuzz: Machine learning for input fuzzing","author":"Godefroid","year":"2017"},{"year":"2008","series-title":"Google\u2019s open source high-performance JavaScript and WebAssembly engine","author":"Google","key":"10.1016\/j.cose.2024.103947_b17"},{"year":"2016","series-title":"Honggfuzz","author":"Google","key":"10.1016\/j.cose.2024.103947_b18"},{"key":"10.1016\/j.cose.2024.103947_b19","doi-asserted-by":"crossref","unstructured":"Gro\u00df, S., Koch, S., Bernhard, L., Holz, T., Johns, M., 2023. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In: Network and Distributed Systems Security (NDSS) Symposium.","DOI":"10.14722\/ndss.2023.24290"},{"key":"10.1016\/j.cose.2024.103947_b20","doi-asserted-by":"crossref","unstructured":"Han, H., Oh, D., Cha, S.K., 2019. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines. In: NDSS.","DOI":"10.14722\/ndss.2019.23263"},{"year":"2015","series-title":"Ecmascript parsing infrastructure for multipurpose analysis","author":"Hidayat","key":"10.1016\/j.cose.2024.103947_b21"},{"issue":"8","key":"10.1016\/j.cose.2024.103947_b22","doi-asserted-by":"crossref","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","article-title":"Long short-term memory","volume":"9","author":"Hochreiter","year":"1997","journal-title":"Neural Comput."},{"key":"10.1016\/j.cose.2024.103947_b23","doi-asserted-by":"crossref","unstructured":"Hodov\u00e1n, R., Kiss, \u00c1., Gyim\u00f3thy, T., 2018. Grammarinator: a grammar-based open source fuzzer. In: Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation. pp. 45\u201348.","DOI":"10.1145\/3278186.3278193"},{"key":"10.1016\/j.cose.2024.103947_b24","unstructured":"Holler, C., Herzig, K., Zeller, A., 2012. Fuzzing with code fragments. In: Presented As Part of the 21st {USENIX} Security Symposium. {USENIX} Security 12, pp. 445\u2013458."},{"year":"2015","series-title":"Ultra-lightweight JavaScript engine for the Internet of Things","author":"jerryscript-project","key":"10.1016\/j.cose.2024.103947_b25"},{"key":"10.1016\/j.cose.2024.103947_b26","series-title":"Journal of Physics: Conference Series, Vol. 1744, No. 4","article-title":"A review on JavaScript engine vulnerability mining","volume":"1744","author":"Kang","year":"2021"},{"key":"10.1016\/j.cose.2024.103947_b27","series-title":"2020 IEEE\/ACM 42nd International Conference on Software Engineering","first-page":"1073","article-title":"Big code!=big vocabulary: Open-vocabulary models for source code","author":"Karampatsis","year":"2020"},{"year":"2015","series-title":"Visualizing and understanding recurrent networks","author":"Karpathy","key":"10.1016\/j.cose.2024.103947_b28"},{"key":"10.1016\/j.cose.2024.103947_b29","unstructured":"Lee, S., Han, H., Cha, S.K., Son, S., 2020. Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer. In: 29th USENIX Security Symposium. USENIX Security 20, pp. 2613\u20132630."},{"key":"10.1016\/j.cose.2024.103947_b30","doi-asserted-by":"crossref","unstructured":"Lemieux, C., Sen, K., 2018. Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage. In: Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering. pp. 475\u2013485.","DOI":"10.1145\/3238147.3238176"},{"key":"10.1016\/j.cose.2024.103947_b31","series-title":"2018 IEEE Third International Conference on Data Science in Cyberspace","first-page":"930","article-title":"Data-driven vulnerability pattern analysis for fuzzing","author":"Li","year":"2018"},{"key":"10.1016\/j.cose.2024.103947_b32","article-title":"Generative pre-trained transformer-based reinforcement learning for testing web application firewalls","author":"Liang","year":"2023","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.cose.2024.103947_b33","doi-asserted-by":"crossref","unstructured":"Liu, X., Li, X., Prajapati, R., Wu, D., 2019. DeepFuzz: Automatic Generation of Syntax Valid C Programs for Fuzz Testing. In: Proceedings of the... AAAI Conference on Artificial Intelligence.","DOI":"10.1609\/aaai.v33i01.33011044"},{"year":"2017","series-title":"Libfuzzer:a library for coverage-guided fuzz testing","author":"LLVM","key":"10.1016\/j.cose.2024.103947_b34"},{"key":"10.1016\/j.cose.2024.103947_b35","unstructured":"Lyu, C., Ji, S., Zhang, C., Li, Y., Lee, W.-H., Song, Y., Beyah, R., 2019. {MOPT}: Optimized mutation scheduling for fuzzers. In: 28th USENIX Security Symposium. USENIX Security 19, pp. 1949\u20131966."},{"key":"10.1016\/j.cose.2024.103947_b36","series-title":"29th Annual Network and Distributed System Security Symposium","article-title":"EMS: History-driven mutation for coverage-based fuzzing","author":"Lyu","year":"2022"},{"issue":"11","key":"10.1016\/j.cose.2024.103947_b37","doi-asserted-by":"crossref","first-page":"2312","DOI":"10.1109\/TSE.2019.2946563","article-title":"The art, science, and engineering of fuzzing: A survey","volume":"47","author":"Man\u00e8s","year":"2019","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"OOPSLA","key":"10.1016\/j.cose.2024.103947_b38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3360581","article-title":"Compiler fuzzing: How much does it matter?","volume":"3","author":"Marcozzi","year":"2019","journal-title":"Proc. ACM Program. Lang."},{"year":"2015","series-title":"ChakraCore is an open source JavaScript engine with a C API","author":"Microsoft","key":"10.1016\/j.cose.2024.103947_b39"},{"key":"10.1016\/j.cose.2024.103947_b40","doi-asserted-by":"crossref","unstructured":"Mikolov, T., Karafi\u00e1t, M., Burget, L., \u010cernock\u1ef3, J., Khudanpur, S., 2010. Recurrent neural network based language model. In: Eleventh Annual Conference of the International Speech Communication Association.","DOI":"10.21437\/Interspeech.2010-343"},{"key":"10.1016\/j.cose.2024.103947_b41","unstructured":"Miller, C., 2008. Fuzz by numbers. In: CanSecWest Conference."},{"year":"2007","series-title":"A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine","author":"Mozilla","key":"10.1016\/j.cose.2024.103947_b42"},{"year":"2008","series-title":"Mozilla\u2019s JavaScript and WebAssembly engine","author":"Mozilla","key":"10.1016\/j.cose.2024.103947_b43"},{"key":"10.1016\/j.cose.2024.103947_b44","series-title":"2020 IEEE Symposium on Security and Privacy","first-page":"1629","article-title":"Fuzzing JavaScript engines with aspect-preserving mutation","author":"Park","year":"2020"},{"year":"2022","series-title":"V8 0-day In-the-Wild 2021\u20132022","author":"ProjectZero","key":"10.1016\/j.cose.2024.103947_b45"},{"key":"10.1016\/j.cose.2024.103947_b46","doi-asserted-by":"crossref","unstructured":"Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H., 2017. VUzzer: Application-aware Evolutionary Fuzzing. In: NDSS, Vol. 17. pp. 1\u201314.","DOI":"10.14722\/ndss.2017.23404"},{"year":"2018","series-title":"Safari RCE, sandbox escape, and LPE to kernel for macOS","author":"saelo","key":"10.1016\/j.cose.2024.103947_b47"},{"year":"2022","series-title":"Attacking JavaScript engines in 2022","author":"saelo","key":"10.1016\/j.cose.2024.103947_b48"},{"year":"2012","series-title":"ECMAScript code generator","author":"Suzuki","key":"10.1016\/j.cose.2024.103947_b49"},{"year":"2020","series-title":"ECMAScript language specification","author":"TC39","key":"10.1016\/j.cose.2024.103947_b50"},{"key":"10.1016\/j.cose.2024.103947_b51","series-title":"Advances in Neural Information Processing Systems","first-page":"5998","article-title":"Attention is all you need","author":"Vaswani","year":"2017"},{"key":"10.1016\/j.cose.2024.103947_b52","series-title":"European Symposium on Research in Computer Security","first-page":"581","article-title":"Ifuzzer: An evolutionary interpreter fuzzer using genetic programming","author":"Veggalam","year":"2016"},{"year":"2023","series-title":"Usage statistics of JavaScript as client-side programming language on websites","author":"W3Techs","key":"10.1016\/j.cose.2024.103947_b53"},{"key":"10.1016\/j.cose.2024.103947_b54","series-title":"2017 IEEE Symposium on Security and Privacy","first-page":"579","article-title":"Skyfire: Data-driven seed generation for fuzzing","author":"Wang","year":"2017"},{"key":"10.1016\/j.cose.2024.103947_b55","series-title":"2019 IEEE\/ACM 41st International Conference on Software Engineering","first-page":"724","article-title":"Superion: Grammar-aware greybox fuzzing","author":"Wang","year":"2019"},{"year":"2023","series-title":"FuzzJIT: Oracle-enhanced fuzzing for JavaScript engine JIT compiler","author":"Wang","key":"10.1016\/j.cose.2024.103947_b56"},{"year":"2020","series-title":"A collection of JavaScript test suites from JavaScript engine and Test262 repositories","author":"WSP-LAB","key":"10.1016\/j.cose.2024.103947_b57"},{"key":"10.1016\/j.cose.2024.103947_b58","doi-asserted-by":"crossref","unstructured":"Yang, X., Chen, Y., Eide, E., Regehr, J., 2011. Finding and understanding bugs in C compilers. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation. pp. 283\u2013294.","DOI":"10.1145\/1993498.1993532"},{"key":"10.1016\/j.cose.2024.103947_b59","doi-asserted-by":"crossref","unstructured":"Ye, G., Tang, Z., Tan, S.H., Huang, S., Fang, D., Sun, X., Bian, L., Wang, H., Wang, Z., 2021. Automated conformance testing for javascript engines via deep compiler fuzzing. In: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation. pp. 435\u2013450.","DOI":"10.1145\/3453483.3454054"},{"key":"10.1016\/j.cose.2024.103947_b60","unstructured":"Yue, T., Wang, P., Tang, Y., Wang, E., Yu, B., Lu, K., Zhou, X., 2020. {EcoFuzz}: Adaptive {Energy-Saving} Greybox Fuzzing as a Variant of the Adversarial {Multi-Armed} Bandit. In: 29th USENIX Security Symposium. USENIX Security 20, pp. 2307\u20132324."},{"year":"2017","series-title":"American fuzzy lop","author":"Zalewski","key":"10.1016\/j.cose.2024.103947_b61"},{"key":"10.1016\/j.cose.2024.103947_b62","doi-asserted-by":"crossref","unstructured":"Zhang, G., Wang, P., Yue, T., Kong, X., Huang, S., Zhou, X., Lu, K., 2022. Mobfuzz: Adaptive multi-objective optimization in gray-box fuzzing. In: Network and Distributed Systems Security (NDSS) Symposium, Vol. 2022.","DOI":"10.14722\/ndss.2022.24314"}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404824002529?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404824002529?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,10,31]],"date-time":"2024-10-31T03:50:28Z","timestamp":1730346628000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404824002529"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9]]},"references-count":62,"alternative-id":["S0167404824002529"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2024.103947","relation":{},"ISSN":["0167-4048"],"issn-type":[{"type":"print","value":"0167-4048"}],"subject":[],"published":{"date-parts":[[2024,9]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Fuzzing JavaScript engines with a syntax-aware neural program model","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2024.103947","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2024 Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"103947"}}