{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:55:22Z","timestamp":1773510922411,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.62202457"],"award-info":[{"award-number":["No.62202457"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"Open Source Community Software Bill of Materials (SBOM) Platform","doi-asserted-by":"publisher","award":["No.E3GX310201"],"award-info":[{"award-number":["No.E3GX310201"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,17]]},"DOI":"10.1145\/3756681.3756933","type":"proceedings-article","created":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T08:30:04Z","timestamp":1766565004000},"page":"604-615","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Version-level Third-Party Library Detection in Android Applications via Class Structural Similarity"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-9246-6468","authenticated-orcid":false,"given":"Bolin","family":"Zhou","sequence":"first","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China and University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5561-9829","authenticated-orcid":false,"given":"Jingzheng","family":"Wu","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7377-7844","authenticated-orcid":false,"given":"Xiang","family":"Ling","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9454-2924","authenticated-orcid":false,"given":"Tianyue","family":"Luo","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8129-0582","authenticated-orcid":false,"given":"Jingkun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China and University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,12,24]]},"reference":[{"key":"e_1_3_3_1_2_2","volume-title":"ALLATORI JAVA OBFUSCATOR","year":"2005","unstructured":"2005-2024. ALLATORI JAVA OBFUSCATOR. https:\/\/allatori.com\/"},{"key":"e_1_3_3_1_3_2","doi-asserted-by":"publisher","unstructured":"Simone Aonzo Gabriel\u00a0Claudiu Georgiu Luca Verderame and Alessio Merlo. 2020. Obfuscapk: An open-source black-box obfuscation tool for Android apps. SoftwareX 11 (2020) 100403. 10.1016\/j.softx.2020.100403","DOI":"10.1016\/j.softx.2020.100403"},{"key":"e_1_3_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_3_1_5_2","first-page":"1021","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Bhoraskar Ravi","year":"2014","unstructured":"Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall. 2014. Brahmastra: Driving Apps to Test the Security of Third-Party Components. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 1021\u20131036. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/bhoraskar"},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978422"},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313549"},{"key":"e_1_3_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.29"},{"key":"e_1_3_3_1_9_2","volume-title":"CodeArts Governance","author":"Cloud Huawei","year":"2025","unstructured":"Huawei Cloud. 2025. CodeArts Governance. https:\/\/console.huaweicloud.com\/devsecurity\/"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"publisher","unstructured":"Mauro Conti Vinod P. and Alessio Vitella. 2022. Obfuscation detection in Android applications using deep learning. Journal of Information Security and Applications 70 (2022) 103311. 10.1016\/j.jisa.2022.103311","DOI":"10.1016\/j.jisa.2022.103311"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046739"},{"key":"e_1_3_3_1_12_2","first-page":"149","volume-title":"3rd IAPR-TC15 workshop on graph-based representations in pattern recognition","author":"Cordella Luigi\u00a0Pietro","year":"2001","unstructured":"Luigi\u00a0Pietro Cordella, Pasquale Foggia, Carlo Sansone, Mario Vento, et\u00a0al. 2001. An improved algorithm for matching large graphs. In 3rd IAPR-TC15 workshop on graph-based representations in pattern recognition. Citeseer, 149\u2013159."},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236045"},{"key":"e_1_3_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3177102.3177113"},{"key":"e_1_3_3_1_15_2","volume-title":"ProGuard","year":"2016","unstructured":"Guardsquare. 2016-2024. ProGuard. https:\/\/www.guardsquare.com\/proguard"},{"key":"e_1_3_3_1_16_2","unstructured":"Guardsquare. 2025. AppSweep. https:\/\/platform.guardsquare.com\/"},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA.2017.18"},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"publisher","unstructured":"Mahmoud Hammad Hamid Bagheri and Sam Malek. 2019. DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android. Journal of Systems and Software 149 (2019) 83\u2013100. 10.1016\/j.jss.2018.11.049","DOI":"10.1016\/j.jss.2018.11.049"},{"key":"e_1_3_3_1_19_2","doi-asserted-by":"publisher","unstructured":"Zhongkai He Guixin Ye Lu Yuan Zhanyong Tang Xiaofeng Wang Jie Ren Wei Wang Jianfeng Yang Dingyi Fang and Zheng Wang. 2019. Exploiting Binary-Level Code Virtualization to Protect Android Applications Against App Repackaging. IEEE Access 7 (2019) 115062\u2013115074. 10.1109\/ACCESS.2019.2921417","DOI":"10.1109\/ACCESS.2019.2921417"},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"publisher","unstructured":"Jianjun Huang Bo Xue Jiasheng Jiang Wei You Bin Liang Jingzheng Wu and Yanjun Wu. 2023. Scalably Detecting Third-Party Android Libraries With Two-Stage Bloom Filtering. IEEE Transactions on Software Engineering (Apr 2023) 2272\u20132284. 10.1109\/tse.2022.3215628","DOI":"10.1109\/tse.2022.3215628"},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.377"},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.38"},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-89500-0_28"},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380242"},{"key":"e_1_3_3_1_25_2","volume-title":"Scantist Software Composition Analysis","author":"Ltd. Scantist\u00a0Pte.","year":"2024","unstructured":"Scantist\u00a0Pte. Ltd.2024. Scantist Software Composition Analysis. https:\/\/scantist.io\/"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889178"},{"key":"e_1_3_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23353"},{"key":"e_1_3_3_1_28_2","doi-asserted-by":"publisher","unstructured":"O. Mirzaei J.M. de Fuentes J. Tapiador and L. Gonzalez-Manzano. 2019. AndrODet: An adaptive Android obfuscation detector. Future Generation Computer Systems 90 (2019) 240\u2013261. 10.1016\/j.future.2018.07.066","DOI":"10.1016\/j.future.2018.07.066"},{"key":"e_1_3_3_1_29_2","volume-title":"Java Security and Android Obfuscation with DashO","year":"2024","unstructured":"PreEmptive. 2024. Java Security and Android Obfuscation with DashO. https:\/\/www.preemptive.com\/products\/dasho\/"},{"key":"e_1_3_3_1_30_2","first-page":"553","volume-title":"21st USENIX Security Symposium (USENIX Security 12)","author":"Shekhar Shashi","year":"2012","unstructured":"Shashi Shekhar, Michael Dietz, and Dan\u00a0S. Wallach. 2012. AdSplit: Separating Smartphone Advertising from Applications. In 21st USENIX Security Symposium (USENIX Security 12). USENIX Association, Bellevue, WA, 553\u2013567. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/shekhar"},{"key":"e_1_3_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00069"},{"key":"e_1_3_3_1_32_2","doi-asserted-by":"crossref","unstructured":"Julian\u00a0R Ullmann. 2011. Bit-vector algorithms for binary constraint satisfaction and subgraph isomorphism. Journal of Experimental Algorithmics (JEA) 15 (2011) 1\u20131.","DOI":"10.1145\/1671970.1921702"},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"publisher","unstructured":"Nicolas Viennot Edward Garcia and Jason Nieh. 2014. A measurement study of google play. ACM SIGMETRICS Performance Evaluation Review (Jun 2014) 221\u2013233. 10.1145\/2637364.2592003","DOI":"10.1145\/2637364.2592003"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771795"},{"key":"e_1_3_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/3197231.3197248"},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.23"},{"key":"e_1_3_3_1_37_2","volume-title":"Hungarian algorithm","year":"2024","unstructured":"Wikipedia. 2024. Hungarian algorithm. https:\/\/en.wikipedia.org\/wiki\/Hungarian_algorithm"},{"key":"e_1_3_3_1_38_2","unstructured":"Stan Wisseman. 2016. Third-party libraries are one of the most insecure parts of an application. https:\/\/techbeacon.com\/security\/third-party-libraries-are-one-most-insecure-parts-application"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639132"},{"key":"e_1_3_3_1_40_2","first-page":"3385","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Wu Yafei","year":"2023","unstructured":"Yafei Wu, Cong Sun, Dongrui Zeng, Gang Tan, Siqi Ma, and Peicheng Wang. 2023. LibScan: Towards More Precise Third-Party Library Identification for Android Applications. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 3385\u20133402. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wu-yafei"},{"key":"e_1_3_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695554"},{"key":"e_1_3_3_1_42_2","unstructured":"WooJong Yoo Myeongju Ji M Kang and Jeong\u00a0Hyun Yi. 2016. String deobfuscation scheme based on dynamic code extraction for mobile malwares. IT Convergence Practice 4 2 (2016) 1\u20138."},{"key":"e_1_3_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"e_1_3_3_1_44_2","doi-asserted-by":"publisher","unstructured":"Xian Zhan Tianming Liu Lingling Fan Li Li Sen Chen Xiapu Luo and Yang Liu. 2022. Research on Third-Party Libraries in Android Apps: A Taxonomy and Systematic Literature Review. IEEE Transactions on Software Engineering 48 10 (2022) 4181\u20134213. 10.1109\/TSE.2021.3114381","DOI":"10.1109\/TSE.2021.3114381"},{"key":"e_1_3_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523652"},{"key":"e_1_3_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330204"}],"event":{"name":"EASE '25: Evaluation and Assessment in Software Engineering","location":"Istanbul Turkiye","acronym":"EASE '25"},"container-title":["Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3756681.3756933","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T08:37:43Z","timestamp":1766565463000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3756681.3756933"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,17]]},"references-count":45,"alternative-id":["10.1145\/3756681.3756933","10.1145\/3756681"],"URL":"https:\/\/doi.org\/10.1145\/3756681.3756933","relation":{},"subject":[],"published":{"date-parts":[[2025,6,17]]},"assertion":[{"value":"2025-12-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}