Examines impact of Ghidra’s 39 releases and 13,000 commits on code similarity analysis and metrics like analysis time and function detection, revealing that newer versions don’t always provide superior results for every use case.
Automated Docker framework enabling comparative analysis of binary files across all 39 Ghidra versions to measure how tool updates affect disassembly, decompilation, and code similarity results.
PhD dissertation presenting scalable semantics-based approaches for detecting similar Android applications, with applications to clone detection, malware analysis, and security assessment.
Journal article presenting AnDarwin’s scalable semantic analysis approach that detected 4,295 cloned and 36,106 rebranded apps from 265,359 applications across 17 markets including Google Play, with automatic library code removal.
Presents MAdFraud, analyzing 130,339 apps to detect mobile ad fraud including background ad requests (30% of apps) and 27 apps with automated clicking, revealing stealthy techniques to evade detection.
Introduces AnDarwin, a scalable tool that analyzed 265,359 apps from 17 markets to detect 4,295 clones and 36,106 rebranded apps, discovering 88 new malware variants by comparing semantic information without pairwise comparison.
Presents DNADroid, a tool that detects Android application cloning by comparing program dependency graphs, identifying at least 141 cloned apps including cases of malware injection and ad revenue redirection.