Deakin University
Browse

File(s) under permanent embargo

Clonewise - detecting package-level clones using machine learning

chapter
posted on 2013-01-01, 00:00 authored by Silvio Cesare, Yang Xiang, Jun Zhang
Developers sometimes maintain an internal copy of another software or fork development of an existing project. This practice can lead to software vulnerabilities when the embedded code is not kept up to date with upstream sources. We propose an automated solution to identify clones of packages without any prior knowledge of these relationships. We then correlate clones with vulnerability information to identify outstanding security problems. This approach motivates software maintainers to avoid using cloned packages and link against system wide libraries. We propose over 30 novel features that enable us to use to use pattern classification to accurately identify package-level clones. To our knowledge, we are the first to consider clone detection as a classification problem. Our results show our system, Clonewise, compares well to manually tracked databases. Based on our work, over 30 unknown package clones and vulnerabilities have been identified and patched.

History

Title of book

Security and privacy in communication networks

Series

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ; v.127

Chapter number

13

Pagination

197 - 215

Publisher

Springer International Publishing

Place of publication

Berlin, Germany

ISBN-13

9783319042831

ISBN-10

3319042831

Language

eng

Notes

This paper was presented at the International Conference on Security and Privacy in Communication Networks (9th : 2013 : Sydney, NSW)

Publication classification

B1 Book chapter; B Book chapter

Copyright notice

2013, Springer

Extent

26

Editor/Contributor(s)

T Zia, A Zomaya, V Varadharajan, M Mao

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC