Winnowing: local algorithms for document fingerprinting
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
CP-Miner: Finding Copy-Paste and Related Bugs in Large-Scale Software Code
IEEE Transactions on Software Engineering
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
DECKARD: Scalable and Accurate Tree-Based Detection of Code Clones
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Deducing similarities in Java sources from bytecodes
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Scalable detection of semantic clones
Proceedings of the 30th international conference on Software engineering
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Feature hashing for large scale multitask learning
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Large-scale malware indexing using function-call graphs
Proceedings of the 16th ACM conference on Computer and communications security
MeCC: memory comparison-based clone detector
Proceedings of the 33rd International Conference on Software Engineering
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
BitShred: feature hashing malware for scalable triage and semantic analysis
Proceedings of the 18th ACM conference on Computer and communications security
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
AppInk: watermarking android apps for repackaging deterrence
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Structural detection of android malware using embedded call graphs
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Is data clustering in adversarial settings secure?
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Systematic audit of third-party android phones
Proceedings of the 4th ACM conference on Data and application security and privacy
DIVILAR: diversifying intermediate language for anti-repackaging on android platform
Proceedings of the 4th ACM conference on Data and application security and privacy
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
Mobile application markets such as the Android Marketplace provide a centralized showcase of applications that end users can purchase or download for free onto their mobile phones. Despite the influx of applications to the markets, applications are cursorily reviewed by marketplace maintainers due to the vast number of submissions. User policing and reporting is the primary method to detect misbehaving applications. This reactive approach to application security, especially when programs can contain bugs, malware, or pirated (inauthentic) code, puts too much responsibility on the end users. In light of this, we propose Juxtapp, a scalable infrastructure for code similarity analysis among Android applications. Juxtapp provides a key solution to a number of problems in Android security, including determining if apps contain copies of buggy code, have significant code reuse that indicates piracy, or are instances of known malware. We evaluate our system using more than 58,000 Android applications and demonstrate that our system scales well and is effective. Our results show that Juxtapp is able to detect: 1) 463 applications with confirmed buggy code reuse that can lead to serious vulnerabilities in real-world apps, 2) 34 instances of known malware and variants (13 distinct variants of the GoldDream malware), and 3) pirated variants of a popular paid game.