Clonewise - detecting package-level clones using machine learning

Cesare, Silvio, Xiang, Yang and Zhang, Jun 2013, Clonewise - detecting package-level clones using machine learning. In Zia, Tanveer, Zomaya, Albert, Varadharajan, Vijay and Mao, Morley (ed), Security and privacy in communication networks, Springer International Publishing, Berlin, Germany, pp.197-215, doi: 10.1007/978-3-319-04283-1_13.

Attached Files
Name Description MIMEType Size Downloads

Title Clonewise - detecting package-level clones using machine learning
Author(s) Cesare, Silvio
Xiang, YangORCID iD for Xiang, Yang
Zhang, JunORCID iD for Zhang, Jun
Title of book Security and privacy in communication networks
Editor(s) Zia, Tanveer
Zomaya, Albert
Varadharajan, Vijay
Mao, Morley
Publication date 2013
Series Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ; v.127
Chapter number 13
Total chapters 26
Start page 197
End page 215
Total pages 19
Publisher Springer International Publishing
Place of Publication Berlin, Germany
Keyword(s) vulnerability detection
code clone
Summary Developers sometimes maintain an internal copy of another software or fork development of an existing project. This practice can lead to software vulnerabilities when the embedded code is not kept up to date with upstream sources. We propose an automated solution to identify clones of packages without any prior knowledge of these relationships. We then correlate clones with vulnerability information to identify outstanding security problems. This approach motivates software maintainers to avoid using cloned packages and link against system wide libraries. We propose over 30 novel features that enable us to use to use pattern classification to accurately identify package-level clones. To our knowledge, we are the first to consider clone detection as a classification problem. Our results show our system, Clonewise, compares well to manually tracked databases. Based on our work, over 30 unknown package clones and vulnerabilities have been identified and patched.
Notes This paper was presented at the International Conference on Security and Privacy in Communication Networks (9th : 2013 : Sydney, NSW)
ISBN 3319042831
Language eng
DOI 10.1007/978-3-319-04283-1_13
Field of Research 109999 Technology not elsewhere classified
Socio Economic Objective 970110 Expanding Knowledge in Technology
HERDC Research category B1 Book chapter
ERA Research output type B Book chapter
HERDC collection year 2013
Copyright notice ©2013, Springer
Persistent URL

Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 2 times in TR Web of Science
Scopus Citation Count Cited 2 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 489 Abstract Views, 16 File Downloads  -  Detailed Statistics
Created: Thu, 20 Feb 2014, 11:08:06 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact