Mostrar el registro sencillo del ítem
A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums
| dc.contributor.author | Tereszkowski-Kaminski, Michal | |
| dc.contributor.author | Dash, Santanu Kumar | |
| dc.contributor.author | Suarez-Tangil, Guillermo | |
| dc.date.accessioned | 2024-09-23T16:05:03Z | |
| dc.date.available | 2024-09-23T16:05:03Z | |
| dc.date.issued | 2024-09 | |
| dc.identifier.citation | 1. Baltes, S., Diehl, S.: Usage and attribution of stack overflow code snippets in github projects. Empirical Software Engineering 24(3), 1259–1295 (2019) 2. Calleja, A., Tapiador, J., Caballero, J.: The malsource dataset: Quantifying com- plexity and code reuse in malware development. IEEE Transactions on Information Forensics and Security 14(12), 3175–3190 (2018) 3. Cheng, X., Jiang, L., Zhong, H., Yu, H., Zhao, J.: On the feasibility of detect- ing cross-platform code clones via identifier similarity. In: Proceedings of the 5th International Workshop on Software Mining, KDD. pp. 39–42 (2016) 4. Islam, R., Rokon, M.O.F., Darki, A., Faloutsos, M.: Hackerscope: The dynamics of a massive hacker online ecosystem. arXiv preprint arXiv:2011.07222 (2020) 5. Moradi-Jamei, B., Kramer, B.L., Calder´on, J.B.S., Korkmaz, G.: Community for- mation and detection on github collaboration networks. In: Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Anal- ysis and Mining, KDD. pp. 244–251 (2021) Title Suppressed Due to Excessive Length 19 6. Nafi, K.W., Kar, T.S., Roy, B., Roy, C.K., Schneider, K.A.: Clcdsa: cross language code clone detection using syntactical features and api documentation. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). pp. 1026–1037. IEEE (2019) 7. Nakagawa, T., Higo, Y., Kusumoto, S.: Nil: large-scale detection of large-variance clones. In: Proceedings of the 29th ACM Joint Meeting on European Software En- gineering Conference and Symposium on the Foundations of Software Engineering. pp. 830–841 (2021) 8. Pastrana, S., Thomas, D.R., Hutchings, A., Clayton, R.: Crimebb: Enabling cyber- crime research on underground forums at scale. In: Proceedings of the 2018 World Wide Web Conference. pp. 1845–1854 (2018) 9. Qian, Y., Zhang, Y., Chawla, N., Ye, Y., Zhang, C.: Malicious repositories detection with adversarial heterogeneous graph contrastive learning. In: Proceedings of the 31st ACM International Conference on Information & Knowledge Management. pp. 1645–1654 (2022) 10. Ragkhitwetsagul, C., Krinke, J., Clark, D.: A comparison of code similarity anal- ysers. Empirical Software Engineering 23(4), 2464–2519 (2018) 11. Ragkhitwetsagul, C., Krinke, J., Paixao, M., Bianco, G., Oliveto, R.: Toxic code snippets on stack overflow. IEEE Transactions on Software Engineering 47(3), 560–581 (2019) 12. Rokon, M.O.F., Islam, R., Darki, A., Papalexakis, E.E., Faloutsos, M.: Sourcefinder: Finding malware source-code from publicly available repositories in github. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2020). pp. 149–163 (2020) 13. Rokon, M.O.F., Yan, P., Islam, R., Faloutsos, M.: Repo2vec: A comprehensive embedding approach for determining repository similarity. In: 2021 IEEE Interna- tional Conference on Software Maintenance and Evolution (ICSME). pp. 355–365. IEEE (2021) 14. Roy, C.K., Cordy, J.R.: A survey on software clone detection research. Queen’s School of Computing TR 541(115), 64–68 (2007) 15. Saini, V., Farmahinifarahani, F., Lu, Y., Baldi, P., Lopes, C.V.: Oreo: Detection of clones in the twilight zone. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. pp. 354–365 (2018) 16. Sajnani, H., Saini, V., Svajlenko, J., Roy, C.K., Lopes, C.V.: Sourcerercc: Scal- ing code clone detection to big-code. In: Proceedings of the 38th International Conference on Software Engineering. pp. 1157–1168 (2016) 17. Svajlenko, J., Roy, C.K.: Cloneworks: a fast and flexible large-scale near-miss clone detection tool. In: ICSE (Companion Volume). pp. 177–179 (2017) 18. Thomas, K., Huang, D.Y., Wang, D., Bursztein, E., Grier, C., Holt, T.J., Kruegel, C., McCoy, D., Savage, S., Vigna, G.: Framing Dependencies Introduced by Un- derground Commoditization. In: Proceedings of the Workshop on the Economics of Information Security (WEIS) (June 2015) 19. Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: Large scale malicious code: A research agenda (2003) 20. Yahya, M.A., Kim, D.K.: Clcd-i: Cross-language clone detection by using deep learning with infercode. Computers 12(1), 12 (2023) 21. Yang, D., Martins, P., Saini, V., Lopes, C.: Stack overflow in github: any snippets there? In: 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR). pp. 280–290. IEEE (2017) 22. yoeo: Guesslang. https://github.com/yoeo/guesslang (2020) | es |
| dc.identifier.uri | https://hdl.handle.net/20.500.12761/1848 | |
| dc.description.abstract | To date, most analysis of collaboration between malware authors has been performed on meta-data and compiled binaries, while ignoring artifacts present in the source code. We collect a vast amount of malicious source code from Underground Forums posts, Underground Forum code attachments, and GitHub repositories and devise a methodology that allows us to filter out most auxiliary code, leaving the measurement to focus on malicious code. We leverage this to perform an in-depth measurement of the reuse of malicious code between these malware centers as well as StackOverflow. We find that our methodology has high precision in identifying malicious code (93.1%) and provides a contemporary snapshot of malware code reuse across the Web, offering insights into the manners in which this takes place. | es |
| dc.description.sponsorship | Spanish Ministry of Science and Innovation | es |
| dc.description.sponsorship | European Union-NextGeneration | es |
| dc.description.sponsorship | ERDF | es |
| dc.language.iso | eng | es |
| dc.title | A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums | es |
| dc.type | conference object | es |
| dc.conference.date | 16-20 September 2024 | es |
| dc.conference.place | Bydgoszcz, Poland | es |
| dc.conference.title | European Symposium On Research In Computer Security | * |
| dc.event.type | conference | es |
| dc.pres.type | paper | es |
| dc.type.hasVersion | AM | es |
| dc.rights.accessRights | open access | es |
| dc.acronym | ESORICS | * |
| dc.page.final | 22 | es |
| dc.page.initial | 1 | es |
| dc.rank | A | * |
| dc.subject.keyword | underground forum | es |
| dc.subject.keyword | source code reuse | es |
| dc.subject.keyword | malware | es |
| dc.description.refereed | TRUE | es |
| dc.description.status | inpress | es |
