{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T16:40:24Z","timestamp":1770223224285,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":97,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003696","name":"Electronics and Telecommunications Research Institute","doi-asserted-by":"publisher","award":["B0101-17-0644"],"award-info":[{"award-number":["B0101-17-0644"]}],"id":[{"id":"10.13039\/501100003696","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-0831300, CNS-1017265, DGE-1500084, CNS-1563848, SFS-1565523, CRI-1629851, CNS-1704701"],"award-info":[{"award-number":["CNS-0831300, CNS-1017265, DGE-1500084, CNS-1563848, SFS-1565523, CRI-1629851, CNS-1704701"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N000140911042, N000141512162"],"award-info":[{"award-number":["N000140911042, N000141512162"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100011512","name":"National Research Foundation","doi-asserted-by":"publisher","award":["2017R1A6A3A03002506"],"award-info":[{"award-number":["2017R1A6A3A03002506"]}],"id":[{"id":"10.13039\/100011512","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA8650-15-C-7556, HR0011-16-C-0059"],"award-info":[{"award-number":["FA8650-15-C-7556, HR0011-16-C-0059"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134048","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"2169-2185","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":103,"title":["Identifying Open-Source License Violation and 1-day Security Risk at Large Scale"],"prefix":"10.1145","author":[{"given":"Ruian","family":"Duan","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Ashish","family":"Bijlani","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Meng","family":"Xu","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Taesoo","family":"Kim","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"A. Aiken. 2017. Moss: a system for detecting software plagiarism. (2017). http:\/\/theory.stanford.edu\/~aiken\/moss\/"},{"key":"e_1_3_2_2_2_1","unstructured":"Devdatta Akhawe. 2015. Security bug resolved in the Dropbox SDKs for Android. (2015). https:\/\/blogs.dropbox.com\/developers\/2015\/03\/security-bug-resolved-in-the-dropbox-sdks-for-android\/"},{"key":"e_1_3_2_2_3_1","unstructured":"Antepedia. 2017. Antepedia Software Artifacts Knowledge Base. (2017). http:\/\/www.antepedia.com"},{"key":"e_1_3_2_2_4_1","unstructured":"AppBrain. 2016. Android library statistics. (2016). http:\/\/www.appbrain.com\/stats\/libraries"},{"key":"e_1_3_2_2_5_1","unstructured":"AppBrain 2017. Number of Android applications. (2017). https:\/\/www.appbrain.com\/stats\/free-and-paid-android-applications"},{"key":"e_1_3_2_2_6_1","unstructured":"Atlassian Inc. 2016. Code Manage Collaborate. (2016). https:\/\/bitbucket.org"},{"key":"e_1_3_2_2_7_1","volume-title":"Reliable Third-Party Library Detection in Android and its Security Applications Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS)","author":"Backes Michael","unstructured":"Michael Backes, Sven Bugiel, and Erik Derr 2016. Reliable Third-Party Library Detection in Android and its Security Applications Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS). Vienna, Austria."},{"key":"e_1_3_2_2_8_1","volume-title":"On Finding Duplication and Near-Duplication in Large Software Systems Proceedings of the 2nd Working Conference on Reverse Engineering (WCRE)","author":"Baker Brenda S.","year":"1995","unstructured":"Brenda S. Baker. 1995. On Finding Duplication and Near-Duplication in Large Software Systems Proceedings of the 2nd Working Conference on Reverse Engineering (WCRE). Toronto, Ontario, Canada."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539793246707"},{"key":"e_1_3_2_2_10_1","volume-title":"Baker and Udi Manber","author":"Brenda","year":"1998","unstructured":"Brenda S. Baker and Udi Manber 1998. Deducing Similarities in Java Sources from Bytecodes Proceedings of the 1998 USENIX Annual Technical Conference (ATC). New Orleans, Louisiana."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.1998.738528"},{"key":"e_1_3_2_2_12_1","unstructured":"Eli Bendersky. 2016. Pure-python library for parsing ELF and DWARF. (2016). https:\/\/github.com\/eliben\/pyelftools"},{"key":"e_1_3_2_2_13_1","volume-title":"Brahmastra: Driving Apps to Test the Security of Third-Party Components Proceedings of the 23rd USENIX Security Symposium (Security)","author":"Bhoraskar Ravi","unstructured":"Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall 2014. Brahmastra: Driving Apps to Test the Security of Third-Party Components Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA."},{"key":"e_1_3_2_2_14_1","unstructured":"Bintray.com. 2016. JCenter is the place to find and share popular Apache Maven packages. (2016). https:\/\/bintray.com\/bintray\/jcenter"},{"key":"e_1_3_2_2_15_1","unstructured":"Black Duck Software Inc. 2016. Black Duck Protex Automate Open Source Compliance. (2016). https:\/\/www.blackducksoftware.com\/products\/protex"},{"key":"e_1_3_2_2_16_1","volume-title":"Longitudinal Analysis of Android Ad Library Permissions Proceedings of the IEEE CS Security and Privacy Workshops (SPW)","author":"Book Theodore","unstructured":"Theodore Book, Adam Pridgen, and Dan S. Wallach. 2013. Longitudinal Analysis of Android Ad Library Permissions Proceedings of the IEEE CS Security and Privacy Workshops (SPW). San Francisco, CA."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2430553.2430557"},{"key":"e_1_3_2_2_18_1","volume-title":"Celery: Distributed Task Queue.","year":"2016","unstructured":"CeleryProject. 2016. Celery: Distributed Task Queue. (2016). http:\/\/www.celeryproject.org"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"crossref","unstructured":"Moses~S Charikar. 2002. Similarity estimation techniques from rounding algorithms Proceedings of the 34th Annual ACM Symposium on Theory of Computing (STOC). Montr\u00e9al Qu\u00e9bec Canada.","DOI":"10.1145\/509907.509965"},{"key":"e_1_3_2_2_21_1","volume-title":"OAuth Demystified for Mobile Application Developers Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS)","author":"Chen Eric","year":"2014","unstructured":"Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. 2014. OAuth Demystified for Mobile Application Developers Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS). Scottsdale, Arizona."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"crossref","unstructured":"Seokwoo Choi Heewan Park Hyun-Il Lim and Taisook Han. 2007. A Static Birthmark of Binary Executables Based on API Call Structure Proceedings of the 12th Advances in Computer Science Conference: computer and network security. Doha Qatar 2--16.","DOI":"10.1007\/978-3-540-76929-3_2"},{"key":"e_1_3_2_2_24_1","volume-title":"Android.","author":"Labs Corona","year":"2016","unstructured":"Corona Labs. 2016. Cross-Platform Mobile App Development for iOS, Android. (2016). https:\/\/coronalabs.com"},{"key":"e_1_3_2_2_25_1","volume-title":"Attack of the Clones: Detecting Cloned Applications on Android Markets Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS)","author":"Crussell Jonathan","year":"2012","unstructured":"Jonathan Crussell, Clint Gibler, and Hao Chen 2012. Attack of the Clones: Detecting Cloned Applications on Android Markets Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS). Pisa, Italy."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2014.2381212"},{"key":"e_1_3_2_2_27_1","volume-title":"A Language Independent Approach for Detecting Duplicated Code Proceedings of the International Conference on Software Maintenance (ICSM)","author":"Ducasse St\u00e9phane","unstructured":"St\u00e9phane Ducasse, Matthias Rieger, and Serge Demeyer. 1999. A Language Independent Approach for Detecting Duplicated Code Proceedings of the International Conference on Software Maintenance (ICSM). Oxford, England, UK."},{"key":"e_1_3_2_2_28_1","volume-title":"discovre: Efficient cross-architecture identification of bugs in binary code Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS)","author":"Eschweiler Sebastian","unstructured":"Sebastian Eschweiler, Khaled Yakdan, and Elmar Gerhards-Padilla 2016. discovre: Efficient cross-architecture identification of bugs in binary code Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA."},{"key":"e_1_3_2_2_29_1","volume-title":"https:\/\/f-droid.org","author":"Limited Droid","year":"2016","unstructured":"F-Droid Limited and Contributors. 2016. F-Droid. (2016). https:\/\/f-droid.org"},{"key":"e_1_3_2_2_30_1","volume-title":"Scalable Graph-based Bug Search for Firmware Images Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS)","author":"Feng Qian","year":"2016","unstructured":"Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. 2016. Scalable Graph-based Bug Search for Firmware Images Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS). Vienna, Austria."},{"key":"e_1_3_2_2_31_1","unstructured":"FOSSology Workgroup. 2016. Open Source License Compliance by Open Source Software. (2016). https:\/\/www.fossology.org\/"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"crossref","unstructured":"Mark Gabel Junfeng Yang Yuan Yu Moises Goldszmidt and Zhendong Su 2010. Scalable and Systematic Detection of Buggy Inconsistencies in Source Code Proceedings of the 20th Annual ACM Conference on Object-Oriented Programming Systems Languages and Applications (OOPSLA). Reno\/Tahoe Nevada USA.","DOI":"10.1145\/1869459.1869475"},{"key":"e_1_3_2_2_33_1","volume-title":"BinHunt: Automatically Finding Semantic Differences in Binary Programs Proceedings of the 10th International Conference on Information and Communications Security","author":"Gao Debin","year":"2008","unstructured":"Debin Gao, Michael~K. Reiter, and Dawn Song 2008. BinHunt: Automatically Finding Semantic Differences in Binary Programs Proceedings of the 10th International Conference on Information and Communications Security. Birmingham, UK."},{"key":"e_1_3_2_2_34_1","unstructured":"GitHub Inc. 2016. How people build software. (2016).https:\/\/github.com\/features"},{"key":"e_1_3_2_2_35_1","unstructured":"Google Inc. 2016. Android Studio The Official IDE for Android. (2016). https:\/\/developer.android.com\/studio\/index.html"},{"key":"e_1_3_2_2_36_1","volume-title":"Unsafe exposure analysis of mobile in-app advertisements Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)","author":"Grace Michael C","unstructured":"Michael C Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. 2012. Unsafe exposure analysis of mobile in-app advertisements Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). Budapest, Hungary."},{"key":"e_1_3_2_2_37_1","volume-title":"The Protection of Computer Software--its Technology and Applications","author":"Grover Derrick","unstructured":"Derrick Grover. 1989. The Protection of Computer Software--its Technology and Applications. Cambridge University Press, New York, NY, USA. 119--150 pages."},{"key":"e_1_3_2_2_38_1","volume-title":"Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications Proceedings of the 9th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). Heraklion","author":"Hanna Steve","year":"2012","unstructured":"Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen, and Dawn Song. 2012. Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications Proceedings of the 9th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). Heraklion, Crete, Greece."},{"key":"e_1_3_2_2_39_1","volume-title":"Finding Software License Violations Through Binary Code Clone Detection Proceedings of the 8th Working Conference on Mining Software Repositories (MSR)","author":"Hemel Armijn","year":"2011","unstructured":"Armijn Hemel, Karl~Trygve Kalleberg, Rob Vermaas, and Eelco Dolstra 2011. Finding Software License Violations Through Binary Code Clone Detection Proceedings of the 8th Working Conference on Mining Software Repositories (MSR). Honolulu, HI."},{"key":"e_1_3_2_2_40_1","unstructured":"Adobe~Systems Inc. 2016. Build amazing mobile apps powered by open web tech. (2016). http:\/\/phonegap.com"},{"key":"e_1_3_2_2_41_1","unstructured":"Google Inc. 2016. App Security Improvement Program. (2016). https:\/\/developer.android.com\/google\/play\/asi.html"},{"key":"e_1_3_2_2_42_1","unstructured":"Google Inc. 2016natexlabc. How to address MoPub vulnerabilities in your apps. (2016).https:\/\/support.google.com\/faqs\/answer\/6345928"},{"key":"e_1_3_2_2_43_1","unstructured":"Google Inc. 2016natexlabd. How to address OpenSSL vulnerabilities in your apps. (2016). https:\/\/support.google.com\/faqs\/answer\/6376725"},{"key":"e_1_3_2_2_44_1","unstructured":"Google Inc. 2016natexlabe. How to fix apps containing Libpng Vulnerability. (2016). https:\/\/support.google.com\/faqs\/answer\/7011127"},{"key":"e_1_3_2_2_45_1","volume-title":"ReDeBug: finding unpatched code clones in entire os distributions Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland)","author":"Jang Jiyong","unstructured":"Jiyong Jang, Abeer Agrawal, and David Brumley. 2012. ReDeBug: finding unpatched code clones in entire os distributions Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046742"},{"key":"e_1_3_2_2_47_1","volume-title":"Deckard: Scalable and accurate tree-based detection of code clones Proceedings of the 29th International Conference on Software Engineering (ICSE)","author":"Jiang Lingxiao","unstructured":"Lingxiao Jiang, Ghassan Misherghi, Zhendong Su, and Stephane Glondu 2007. Deckard: Scalable and accurate tree-based detection of code clones Proceedings of the 29th International Conference on Software Engineering (ICSE). Minneapolis, MN."},{"key":"e_1_3_2_2_48_1","volume-title":"Identifying Redundancy in Source Code Using Fingerprints Proceedings of the 1993 Conference of the Centre for Advanced Studies on Collaborative Research: Software Engineering -","volume":"1","author":"Johnson J. Howard","year":"1993","unstructured":"J. Howard Johnson. 1993. Identifying Redundancy in Source Code Using Fingerprints Proceedings of the 1993 Conference of the Centre for Advanced Studies on Collaborative Research: Software Engineering - Volume 1. Toronto, Ontario, Canada, 171--183."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2002.1019480"},{"key":"e_1_3_2_2_50_1","first-page":"25","article-title":"Open Source Software Detection using Function-level Static Software Birthmark","volume":"4","author":"Kim Dongjin","year":"2014","unstructured":"Dongjin Kim, Seong je Cho, Sangchul Han, Minkyu Park, and Ilsun You 2014. Open Source Software Detection using Function-level Static Software Birthmark. Journal of Internet Services and Information Security (JISIS), Vol. 4, 4 (2014), 25--37.","journal-title":"Journal of Internet Services and Information Security (JISIS)"},{"key":"e_1_3_2_2_51_1","volume-title":"VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery Proceedings of the 38th IEEE Symposium on Security and Privacy (Oakland)","author":"Kim Seulbae","year":"2017","unstructured":"Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. 2017. VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery Proceedings of the 38th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA."},{"key":"e_1_3_2_2_52_1","volume-title":"Using Slicing to Identify Duplication in Source Code Proceedings of the 8th International Symposium on Static Analysis","author":"Komondoor Raghavan","unstructured":"Raghavan Komondoor and Susan Horwitz 2001. Using Slicing to Identify Duplication in Source Code Proceedings of the 8th International Symposium on Static Analysis. Paris, France."},{"key":"e_1_3_2_2_53_1","unstructured":"Mohit Kumar. 2014. Facebook SDK vulnerability puts millions of smartphone users' accounts at risk. (2014). http:\/\/thehackernews.com\/2014\/07\/facebook-sdk-vulnerability-puts.html"},{"key":"e_1_3_2_2_54_1","unstructured":"Eric Lafortune. 2016. ProGuard. (2016). http:\/\/proguard.sourceforge.net\/"},{"key":"e_1_3_2_2_55_1","volume-title":"The Soot framework for Java program analysis: a retrospective Proceedings of the 2011 Cetus Users and Compiler Infrastructure Workshop","author":"Lam Patrick","unstructured":"Patrick Lam, Eric Bodden, Ondrej Lhot\u00e1k, and Laurie Hendren. 2011. The Soot framework for Java program analysis: a retrospective Proceedings of the 2011 Cetus Users and Compiler Infrastructure Workshop. Galveston Island, TX."},{"key":"e_1_3_2_2_56_1","volume-title":"Libd: Scalable and precise third-party library detection in Android markets Proceedings of the 39th International Conference on Software Engineering (ICSE). Buenos Aires, Argentina.","author":"Li Menghao","year":"2017","unstructured":"Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, and Wei Huo. 2017. Libd: Scalable and precise third-party library detection in Android markets Proceedings of the 39th International Conference on Software Engineering (ICSE). Buenos Aires, Argentina."},{"key":"e_1_3_2_2_57_1","volume-title":"CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code Proceedings of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Li Zhenmin","year":"2004","unstructured":"Zhenmin Li, Shan Lu, Suvda Myagmar, and Yuanyuan Zhou. 2004. CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code Proceedings of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI). San Francisco, CA."},{"key":"e_1_3_2_2_58_1","unstructured":"Jason Long. 2016. cve-search - a tool to perform local searches for known vulnerabilities. (2016). http:\/\/cve-search.github.io\/cve-search\/"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635900"},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2655046"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889178"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/FLOSS.2007.10"},{"key":"e_1_3_2_2_63_1","volume-title":"Proceedings of the Mobile Security Technologies (MoST)","author":"Mutchler Patrick","year":"2015","unstructured":"Patrick Mutchler, Adam Doupe, John Mitchell, and Chris Kruegeland~Giovanni Vigna 2015. A Large-Scale Study of Mobile Web App Security. Proceedings of the Mobile Security Technologies (MoST). San Jose, CA."},{"key":"e_1_3_2_2_64_1","volume-title":"Maven Repository: Search\/Browse\/Explore.","year":"2016","unstructured":"MvnRepository. 2016. Maven Repository: Search\/Browse\/Explore. (2016). https:\/\/mvnrepository.com"},{"key":"e_1_3_2_2_65_1","volume-title":"Detecting software theft via whole program path birthmarks International Conference on Information Security","author":"Myles Ginger","unstructured":"Ginger Myles and Christian Collberg 2004. Detecting software theft via whole program path birthmarks International Conference on Information Security. Palo Alto, California."},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066677.1066753"},{"key":"e_1_3_2_2_67_1","volume-title":"Addetect: Automated detection of android ad libraries using semantic analysis Proceedings of the 9th Intelligent Sensors, Sensor Networks and Information Processing.","author":"Narayanan Annamalai","year":"2014","unstructured":"Annamalai Narayanan, Lihui Chen, and Chee~Keong Chan. 2014. Addetect: Automated detection of android ad libraries using semantic analysis Proceedings of the 9th Intelligent Sensors, Sensor Networks and Information Processing. Singapore, Singapore."},{"key":"e_1_3_2_2_68_1","volume-title":"Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). Washington, D.C.","author":"Neugschwandtner Matthias","year":"2013","unstructured":"Matthias Neugschwandtner, Martina Lindorfer, and Christian Platzer 2013. A View To A Kill: WebView Exploitation. In Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). Washington, D.C."},{"key":"e_1_3_2_2_69_1","unstructured":"Ryan Paul. 2009. Cisco settles FSF GPL lawsuit appoints compliance officer. (2009). http:\/\/arstechnica.com\/information-technology\/2009\/05\/cisco-settles-fsf-gpl-lawsuit-appoints-compliance-officer"},{"key":"e_1_3_2_2_70_1","unstructured":"RedisLabs. 2016. Redis Cluster Specification. (2016). http:\/\/redis.io\/topics\/cluster-spec"},{"key":"e_1_3_2_2_71_1","volume-title":"Securing Embedded User Interfaces: Android and Beyond Proceedings of the 22th USENIX Security Symposium (Security)","author":"Roesner Franziska","year":"2013","unstructured":"Franziska Roesner and Tadayoshi Kohno 2013. Securing Embedded User Interfaces: Android and Beyond Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC."},{"key":"e_1_3_2_2_72_1","unstructured":"Inc Rogue Wave~Software. 2016. Solve open source issues with full-stack enterprise support. (2016). http:\/\/www.roguewave.com\/products-services\/open-source-support"},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572287"},{"key":"e_1_3_2_2_74_1","volume-title":"Detecting software theft with api call sequence sets Workshop Software Reengineering (WSR","author":"Schuler David","year":"2006","unstructured":"David Schuler and Valentin Dallmeier 2006. Detecting software theft with api call sequence sets Workshop Software Reengineering (WSR 2006). Bad-Honnef, Germany."},{"key":"e_1_3_2_2_75_1","unstructured":"ScrapingHub. 2016. Scrapy A Fast and Powerful Scraping and Web Crawling Framework. (2016). https:\/\/scrapy.org"},{"key":"e_1_3_2_2_76_1","volume-title":"AdSplit: Separating Smartphone Advertising from Applications Proceedings of the 21st USENIX Security Symposium (Security)","author":"Shekhar Shashi","unstructured":"Shashi Shekhar, Michael Dietz, and Dan~S. Wallach. 2012. AdSplit: Separating Smartphone Advertising from Applications Proceedings of the 21st USENIX Security Symposium (Security). Bellevue, WA."},{"key":"e_1_3_2_2_77_1","volume-title":"https:\/\/oss.sonatype.org\/content\/repositories\/releases\/","author":"Sonatype Inc","year":"2016","unstructured":"Inc Sonatype. 2016. Sonatype Releases. (2016). https:\/\/oss.sonatype.org\/content\/repositories\/releases\/"},{"key":"e_1_3_2_2_78_1","volume-title":"https:\/\/sourceforge.net","author":"Publish Open","year":"2016","unstructured":"SourceForge.net 2016. Find, Create, and Publish Open Source software for free. (2016). https:\/\/sourceforge.net"},{"key":"e_1_3_2_2_79_1","unstructured":"Android Studio. 2016. Shrink Your Code and Resources. (2016). https:\/\/developer.android.com\/studio\/build\/shrink-code.html"},{"key":"e_1_3_2_2_80_1","volume-title":"NativeGuard: Protecting Android Applications from Third-Party Native Libraries Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)","author":"Sun Mengtao","unstructured":"Mengtao Sun and Gang Tan 2014. NativeGuard: Protecting Android Applications from Third-Party Native Libraries Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). Oxford, UK."},{"key":"e_1_3_2_2_81_1","unstructured":"Synopsys 2017. Software Composition Analysis - Protecode. (2017). https:\/\/www.synopsys.com\/software-integrity\/products\/software-composition-analysis.html"},{"key":"e_1_3_2_2_82_1","unstructured":"Haruaki Tamada Masahide Nakamura and Akito Monden. 2004. Design and evaluation of birthmarks for detecting theft of Java programs Proceedings of the IASTED IASTED International Conference on Software Engineering. Innsbruck Austria."},{"key":"e_1_3_2_2_83_1","unstructured":"The Apache Software Foundation. 2016. Apache Maven Project. (2016). https:\/\/maven.apache.org\/index.html"},{"key":"e_1_3_2_2_84_1","unstructured":"ToughDev 2015. Comparison of popular PDF libraries on iOS and Android. (2015). http:\/\/www.toughdev.com\/content\/2015\/02\/comparison-of-popular-pdf-libraries-on-ios-and-android\/"},{"key":"e_1_3_2_2_85_1","unstructured":"Steven Vaughan. 2015. VMware sued for failure to comply with Linux license. (2015). http:\/\/www.zdnet.com\/article\/vmware-sued-for-failure-to-comply-with-linuxs-license"},{"key":"e_1_3_2_2_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.245"},{"key":"e_1_3_2_2_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2591971.2592003"},{"key":"e_1_3_2_2_88_1","volume-title":"WuKong: A Scalable and Accurate Two-Phase Approach to Android App Clone Detection Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)","author":"Wang Haoyu","unstructured":"Haoyu Wang, Yao Guo, Ziang Ma, and Xiangqun Chen. 2015. WuKong: A Scalable and Accurate Two-Phase Approach to Android App Clone Detection Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). Baltimore, MA."},{"key":"e_1_3_2_2_89_1","volume-title":"Proceedings of the 22th USENIX Security Symposium (Security)","author":"Wang Rui","year":"2013","unstructured":"Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. 2013. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC."},{"key":"e_1_3_2_2_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653696"},{"key":"e_1_3_2_2_91_1","volume-title":"Detecting software theft via system call based birthmarks Proceedings of the Annual Computer Security Applications Conference (ACSAC)","author":"Wang Xinran","unstructured":"Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, and Peng Liu. 2009. Detecting software theft via system call based birthmarks Proceedings of the Annual Computer Security Applications Conference (ACSAC). Honolulu, Hawaii, USA."},{"key":"e_1_3_2_2_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557560"},{"key":"e_1_3_2_2_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627395"},{"key":"e_1_3_2_2_94_1","volume-title":"AFrame: Isolating Advertisements from Mobile Applications in Android Proceedings of the Annual Computer Security Applications Conference (ACSAC)","author":"Zhang Xiao","unstructured":"Xiao Zhang, Amit Ahlawat, and Wenliang Du 2013. AFrame: Isolating Advertisements from Mobile Applications in Android Proceedings of the Annual Computer Security Applications Conference (ACSAC). New Orleans, LA."},{"key":"e_1_3_2_2_95_1","volume-title":"Scalable Detection of \"Piggybacked\" Mobile Applications Proceedings of the 3rd Annual ACM Conference on Data and Applications Security and Privacy (CODASPY)","author":"Zhou Wu","unstructured":"Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou 2013. Fast, Scalable Detection of \"Piggybacked\" Mobile Applications Proceedings of the 3rd Annual ACM Conference on Data and Applications Security and Privacy (CODASPY). San Antonio, TX."},{"key":"e_1_3_2_2_96_1","volume-title":"Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces Proceedings of the 2nd Annual ACM Conference on Data and Applications Security and Privacy (CODASPY)","author":"Zhou Wu","year":"2012","unstructured":"Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces Proceedings of the 2nd Annual ACM Conference on Data and Applications Security and Privacy (CODASPY). San Antonio, TX."},{"key":"e_1_3_2_2_97_1","volume-title":"SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Proceedings of the 23rd USENIX Security Symposium (Security)","author":"Zhou Yuchen","year":"2014","unstructured":"Yuchen Zhou and David Evans 2014. SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA."},{"key":"e_1_3_2_2_98_1","unstructured":"Zynamics 2017. zynamics.com - BinDiff. (2017). https:\/\/www.zynamics.com\/bindiff.html"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134048","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134048","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134048","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:03Z","timestamp":1750212663000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134048"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":97,"alternative-id":["10.1145\/3133956.3134048","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134048","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}