English
Related papers

Related papers: Static Detection of DoS Vulnerabilities in Program…

200 papers

Regular expressions are a concise yet expressive language for expressing patterns. For instance, in networked software, they are used for input validation and intrusion detection. Yet some widely deployed regular expression matchers based…

Programming Languages · Computer Science 2013-01-08 James Kirrage , Asiri Rathnayake , Hayo Thielecke

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear…

Software Engineering · Computer Science 2022-12-16 Sk Adnan Hassan , Zainab Aamir , Dongyoon Lee , James C. Davis , Francisco Servant

Regular Expression Denial of Service (ReDoS) is a vulnerability class that has become prominent in recent years. Attackers can weaponize such weaknesses as part of asymmetric cyberattacks that exploit the slow worst-case matching time of…

Cryptography and Security · Computer Science 2025-08-27 Masudul Hasan Masud Bhuiyan , Berk Çakar , Ethan H. Burmane , James C. Davis , Cristian-Alexandru Staicu

ReDoS is a well-known type of algorithmic complexity attack, where an adversary supplies maliciously crafted strings to a regular expression matching engine, aiming to exhaust computational resources of systems. Even quadratic-time behavior…

Data Structures and Algorithms · Computer Science 2026-05-11 Soh Kumabe , Yuya Uezato

Regular expressions cause string-related bugs and open security vulnerabilities for DOS attacks. However, beyond ReDoS (Regular expression Denial of Service), little is known about the extent to which regular expression issues affect…

Software Engineering · Computer Science 2021-04-21 Peipei Wang , Chris Brown , Jamie A. Jennings , Kathryn T. Stolee

Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an…

Cryptography and Security · Computer Science 2017-08-29 Theofilos Petsios , Jason Zhao , Angelos D. Keromytis , Suman Jana

Regular expression matching using backtracking can have exponential runtime, leading to an algorithmic complexity attack known as REDoS in the systems security literature. In this paper, we build on a recently published static analysis that…

Programming Languages · Computer Science 2017-08-15 Asiri Rathnayake , Hayo Thielecke

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

There has been much work on synthesizing and repairing regular expressions (regexes for short) from examples. These programming-by-example (PBE) methods help the users write regexes by letting them reflect their intention by examples.…

Programming Languages · Computer Science 2022-08-23 Nariyoshi Chida , Tachio Terauchi

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally.…

Cryptography and Security · Computer Science 2023-03-06 Efe Barlas , Xin Du , James C. Davis

Algorithmic complexity vulnerabilities are a class of security problems that enables attackers to trigger the worst-case complexity of certain algorithms. Such vulnerabilities can be leveraged to deploy low-volume, asymmetric, CPU-based…

Cryptography and Security · Computer Science 2022-11-22 Masudul Hasan Masud Bhuiyan , Cristian-Alexandru Staicu

Existing support for regular expressions in automated test generation or verification tools is lacking. Common aspects of regular expression engines found in mainstream programming languages, such as backreferences or greedy matching, are…

Programming Languages · Computer Science 2020-03-16 Blake Loring , Duncan Mitchell , Johannes Kinder

Denial of Service (DOS) attack is one of the most attack that attract the cyber criminals which aims to reduce the network performance from doing its intended functions. Moreover, DOS Attacks can cause a huge damage on the data…

Networking and Internet Architecture · Computer Science 2019-06-04 Yousef Khaled Shaheen , Mohammad Al Kasassbeh

Cyber-attacks have been one of the deadliest attacks in today's world. One of them is DDoS (Distributed Denial of Services). It is a cyber-attack in which the attacker attacks and makes a network or a machine unavailable to its intended…

Cryptography and Security · Computer Science 2022-01-25 Aman Rangapur , Tarun Kanakam , Ajith Jubilson

This paper presents the first systematic study of denial-of-service vulnerabilities in Regular Expressions with Backreferences (REwB). We introduce the Two-Phase Memory Automaton (2PMFA), an automaton model that precisely captures REwB…

Cryptography and Security · Computer Science 2026-02-26 Yichen Liu , Berk Çakar , Aman Agrawal , Minseok Seo , James C. Davis , Dongyoon Lee

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing collection particular overhaul disruptions, often for total periods of instance. The relative ease and low costs of…

Cryptography and Security · Computer Science 2013-02-22 Saravanan Kumarasamy , Dr. R. Asokan

Software is prone to security vulnerabilities. Program analysis tools to detect them have limited effectiveness in practice due to their reliance on human labeled specifications. Large language models (or LLMs) have shown impressive code…

Cryptography and Security · Computer Science 2025-04-08 Ziyang Li , Saikat Dutta , Mayur Naik

Regular expressions (regexes) are a powerful mechanism for solving string-matching problems. They are supported by all modern programming languages, and have been estimated to appear in more than a third of Python and JavaScript projects.…

Software Engineering · Computer Science 2023-03-07 Louis G. Michael , James Donohue , James C. Davis , Dongyoon Lee , Francisco Servant

A distributed denial-of-service (DDoS) attack is an attempt to produce humongous traffic within a network by overwhelming a targeted server or its neighboring infrastructure with a flood of service requests ceaselessly coming from multiple…

Cryptography and Security · Computer Science 2024-11-25 Mohammad Arafat Ullah , Arthy Anjum , Rashedul Amin Tuhin , Shamim Akhter

Regular expressions (regexes) are foundational to modern computing for critical tasks like input validation and data parsing, yet their ubiquity exposes systems to regular expression denial of service (ReDoS), a vulnerability requiring…

Artificial Intelligence · Computer Science 2025-10-13 Sicheol Sung , Joonghyuk Hahn , Yo-Sub Han
‹ Prev 1 2 3 10 Next ›