International Journal of Machine Learning and Cybernetics

https://doi.org/10.1007/s13042-020-01246-9

ORIGINAL ARTICLE

Clone detection in 5G‑enabled social IoT system using graph

semantics and deep learning model
Farhan Ullah1 · Muhammad Rashid Naeem2 · Leonardo Mostarda3 · Syed Aziz Shah4

Received: 29 July 2020 / Accepted: 19 November 2020

© Springer-Verlag GmbH Germany, part of Springer Nature 2021

Abstract
The protection and privacy of the 5G-IoT framework is a major challenge due to the vast number of mobile devices. Special-
ized applications running these 5G-IoT systems may be vulnerable to clone attacks. Cloning applications can be achieved
by stealing or distributing commercial Android apps to harm the advanced services of the 5G-IoT framework. Meanwhile,
most Android app stores run and manage Android apps that developers have submitted separately without any central veri-
fication systems. Android scammers sell pirated versions of commercial software to other app stores under different names.
Android applications are typically stored on cloud servers, while API access services may be used to detect and prevent
cloned applications from being released. In this paper, we proposed a hybrid approach to the Control Flow Graph (CFG) and
a deep learning model to secure the smart services of the 5G-IoT framework. First, the newly submitted APK file is extracted
and the JDEX decompiler is used to retrieve Java source files from possibly original and cloned applications. Second, the
source files are broken down into various android-based components. After generating Control-Flow Graphs (CFGs), the
weighted features are stripped from each component. Finally, the Recurrent Neural Network (RNN) is designed to predict
potential cloned applications by training features from different components of android applications. Experimental results
have shown that the proposed approach can achieve an average accuracy of 96.24% for cloned applications selected from
different android application stores.

Keywords 5G IoT · Clone detection · Control flow graph · Deep learning · Security · Privacy

1 Introduction

There is an overwhelming number of 5G-IoT networks due

to recent developments in electronics and communication
* Farhan Ullah methods (e.g., portable electronics, IoT devices, and 5G tel-
farhankhan.cs@yahoo.com ecommunications services solutions). These developments
Muhammad Rashid Naeem have enabled the quality of public services, including health-
rashidnaeem717@yahoo.com care, shipping, transport, etc. In recent years, the protection
Leonardo Mostarda of these systems has become increasingly important due to
leonardo.mostarda@unicam.it the obvious emergence of 5G-IoT systems and the fact that
Syed Aziz Shah the advancement of AI has made them more autonomous
ad5190@coventry.ac.uk and intelligent, with growing amounts of personal data being
produced and communicated using these modern 5G-IoT
1
School of Software, Northwestern Polytechnical University, systems. Many of these emerging security problems can-
Xi’an 710072, Shaanxi, People’s Republic of China
not be resolved by existing security frameworks to protect
2
School of Artificial Intelligence, Leshan Normal University, privacy. This has created significant challenges in the exist-
Leshan 614000, People’s Republic of China
ing 5G-IoT network architectures with a view to resolving
3
Computer Science Department, Camerino University, the protection and privacy of increasingly mobile devices,
Camerino 62032, Italy
servers, and the vast volume of data transmitted in real-time.
4
Mobile Health Centre for Intelligent Healthcare, Coventry As a result, the development of a secured 5G-IoT network is
University, Coventry CV15FB, UK

13
Vol.:(0123456789)

Fig. 1  A chunk of cloned applications. a–c APK Pure (com.jiuzhangtech.hangman). d Google Market (br.com.passeionaweb)
required with new security approaches to handle the security
and privacy of mobile applications. Android applications
can be used over 5G-IoT devices [1–3]. Code components
are usually reused by copying and pasting into a different
section in computer programming without or with minimal
changes. This reproduced code is called a code clone, and
this procedure is called code cloning [4]. Roy et al. [5] state
that cloning is valuable, but, in certain ways, it can even
be detrimental. For instance, if a bug is found through one
block of code, then the same bug must be examined for all
fragments similar to it. It may also raise maintenance costs
for applications. With consideration of high maintenance
costs, the identification of software clones is an impor-
tant area of study. For the detection of code clones, many
approaches and tools have been developed. In particular,
text-based approaches, Token-based [6], Tree-based [7, 8],
Semantic [9], and Hybrid approaches [10] are being used
to detect code clones. In the last few years, the revenue of
cell devices has grown considerably. Android does have a
new market share in smartphones, and recently, its mobile
device has been activated at 850,000 per day. While Android
OS offers the primary mobile experience, a large part of
our customer experience is dependent on applications from
third parties.
Android has a range of platforms where users can down-
load applications from third-party networks that allow easy
access. Users need to be safe from scammers who seek to
take advantage of a real developer’s personal effort. Android
applications are made available on the authorized app store
or other third-party marketplaces [11, 12]. A stable busi-
ness climate for developers must be established in order to
produce ongoing applications. A purchased application can
be breached and published, as well as a free application that
makes the advertisement return to the scammer. A scammer
can substitute the project’s user details and modify an exist-
ing software catalogue and insert a new revenue catalogue.
13
International Journal of Machine Learning and Cybernetics
Open source Android assists scammers to clone and resub-
mit apps to the market place. The apps should undergo an
approval process in the Apple App Store in relation to the
Android mobile market. A system that checks the latest
applications1,2 has been launched recently to the Android
store.
Figure 1 illustrates that four projects are closely related
to the menu system and code, but different developers have
published them in the various phone marketplaces [13]. The
result shows that the code of all apps overlaps, indicating
that at least three of them are a clone. As the prominence
of Android apps growing, the number of applications has
increased rapidly. Consequently, it is necessary to shield
developers’ intellectual property and revenue streams [14,
15].
The logic flow of the programming codes can be used to
investigate the clone attacks in the modified versions. In this
paper, we used the CFG features from source codes to view
the logic flow of the codes. Then, these features are given to
the designed RNN model for efficient classification of code
clones. The main contributions of the paper are:
1. An approach for Clone Detection in Android-based
5G-IoT System is proposed.
2. Component-based CFG features are mined from source
codes using ANTLR parser.
3. Term Frequency Inverse Document Frequency (TFIDF)
method is used to extract the importance of each feature.
4. CFG-based RNN model is proposed for component-
based clone detection on large scale.
1
http://stack​overf​l ow.com/quest​ions/56001​43/andro​id-game-keeps​
getti​ng-hacke​d.
2
http://googl​emobi​le.blogs​pot.com/2012/02/andro​id-and-secur​ity.
html.
International Journal of Machine Learning and Cybernetics
The remainder part of the part is organized as follows:
Sect. 2 discussed the recent literature, Sect. 3 explains the
proposed methodology, Sect. 4 presents the experimental
results with discussions, and finally, Sect. 5 concludes the
paper.
• Literature review
We characterize the pros and cons of a variety of
approaches for clone detection and conclude with the
proposed scheme. For instance, there are a number of
approaches used for clone detection such as tokeniza-
tion, Abstract Syntax Tree (AST), semantic and hybrid
approaches, etc. Every approach has a specific weakness
and strengths in different circumstances, which are dis-
cussed below. String matching Techniques based on string
matching are used to find similar strings between the source
codes. The string-based matching algorithm is used between
two programs to identify the Longest Common Sequence
(LCS) [16, 17]. This method is robust in string compari-
sons but fragile in renaming identification, code sequencing,
structural and semantic information. Finger Printing based
approach generates fingerprints of each source code docu-
ment containing statistical information about it, such as the
average number of words in a line, number of similar words,
number of keywords in the entire document, number of sin-
gle operands and operators, number of operand and operator
occurrences, etc. Two programs shall be considered similar
if they share the same fingerprints. Several studies [18–20]
are proposed to estimate the closeness using the distance
formula. Such approaches are fragile to code sequences,
structural, and source code logic flows.
The tokenization method is used to divide to source codes
into tokens, and later these tokens are compared to compute
the similarity between program pairs. Different methods
are proposed, which are quite popular for identification of
similar tokens in academics such as JPlag [21], Measure of
Software Similarity (MOSS) [22, 23], Yet Another Plague
(YAP) [24], etc. These methods transform the source codes
into tokens, and then they use different distance techniques
to compare two tokens-based programs. This approach is
more effective than a simple string-based matching system
but fails when the statements are distorted in order. The
tokenization-based plagiarism detection method is robust
against identification renaming, spacing, and alignment, but
it is fragile for code sequence, structural and semantic infor-
mation. Tree matching based methods are used to compare
the abstract view of structural information based on Abstract
Syntax Tree (AST) [25–27]. The AST has abstract view
information that presents variables and function statements.
This method is used to convert source codes to hierarchical
features known as ASTs. These features are then used to
equate the two source codes. The AST demonstrates abstract
synthetic structure but does not provide full execution paths.
As a consequence, this approach is fragile to control replace-
ment, data variations, and code insertions.
The semantic-based features are most efficient for accu-
rate clone detection. These are high-quality features com-
posed of graph structures. These graphical features are
used to capture the logic flow of the source codes instead
of just renaming or abstract view of statements. By doing
this, the graph-based semantic features can catch any type
of clone attack made by scammer [28–30]. Therefore, the
semantic-based approach is significant, which can crawl the
high-quality features for clone detection. We used the CFG-
based RNN approach for the identification of code clones in
the android application.
2 Proposed scheme: clone detection
in android‑based 5G‑IoT system
The software clone is a serious threat to the android-based
5G-IoT system. The android application can be decompiled
to extract the Java source codes. After that, some compo-
nents can be cloned and publish it again by new account cre-
dentials. By doing this, the original developer can be harmed
with huge economic loss.
Figure 2 shows the complete framework for component-
based android clone detection system. 5G-IoT devices can
be used to interconnect different android markets via cloud
architecture. The users are free to use 5G-IoT devices for
upload and download android applications among different
android stores. Due to this, the genuine application can be
easily downloaded, cloned, and upload to the store. There-
fore, an intelligent android clone detection system is required
to implement the cloud architecture. The cloud infrastructure
initiates the clone detection system to evaluate the submitted
android app, whether it has been cloned or not. The instance
of a cloned detection model has started. The software called
“apkExtractor” generates android Dalvik Executable (DEX)
files from the packaged device. The scammer is submitting
an APK to the app store for publication.
2.1 Component‑based source codes extraction
The Jdex decompiler captures the source files in different
types of directories, which indicate the android internal
component architecture. Sometimes, scammer targets only
specific components for cloning, such as User interface (UI),
view model, and model source. Android offers a collection
of pre-built UI components that enable users to create a GUI
for the app, such as structured layout objects and UI controls.
Other interface UI modules, such as dialogues, alerts, or
menus, are also supported by Android. The UI contains the
libraries and classes which support the GUI (Graphical User
13

Android App Market
Developer/Cracker
Recurrent Neural Network
TFIDF Features’ Weighng Extracon
Component-based Clone
Classificaon
Fig. 2  Clone detection in android-based 5G IoT system using CFG and deep learning
Interface) to view, input, and output. Architecture Compo-
nents support the UI controller with a ViewModel helper
class which is responsible for setting up UI data. During
configuration changes, ViewModel objects are immediately
preserved such that the data they contain is instantly acces-
sible for the next instance of the operation. For instance,
when we need to list the application’s users, ensure that we
are responsible for acquiring and maintaining a ViewModel
user list. These classes can be cloned to change the func-
tionalities of the app so that the android store can consider
that it is a genuine application. We select component-based
source code files instead of processing the whole application
at once. The proposed method selects different components
of the same directory to perform the clone detection system
in parallel. By doing this, we can only focus on a specific
portion of the cloned application and thus save time and
resources [28, 31].
2.2 Control flow graph features extraction
The control-flow graph (CFG) contains graph-based
features used to covert the source codes through logic
paths. These paths are then used to show the semantics
13
International Journal of Machine Learning and Cybernetics
APK Extractor
So
ware Clone
Detecon System
Jdex
Android Component-based Source Codes
View / UI Acvity /Fragment
Live Data
View Model ViewModel
Enty
Linear Features Extracon Model Source RoomDatabase
DAO
Pre-Processing
Maximum and Minimum
Frequencies
Control Flow Graph
Stemming
Bag of Words
Linear CFGs Features
Local Features + Global Features
of programming codes. CFG uses graph notation to rep-
resent all paths that may be traversed in the execution of
a program. In the CFG, each node in the graph denotes a
basic block such as a statement of code which can be with
or without a jump. The jump focusses on the start and end
of a block of statements. This shows the control flow of
the programming code using the directed edges. So, the
combination of nodes and edges represent the source code
structure. Generally, there are two specific blocks used as
the input block, that allows controlling the starting point
of the flow, and the exit block, that leaves the control [32,
33]. Figure 3 shows the program execution paths of the
corresponding pseudocode. The P and S indicate the predi-
cate and statement nodes, respectively. T and F indicate
the true and false of the statement. We used a random
graph walker strategy to mine the control and data flow
execution paths of each programming code. The predicate
node executes on the basis of the pre-condition statement.
For example, the S2 is the block of statements controlled
by P1. If P1 is true, then S2 will execute otherwise S4.
Similarly, S3 depends on P2 in the if statement. These
are semantical features that show the actual programming
flow. It can capture the unique programming style features
International Journal of Machine Learning and Cybernetics
Fig. 3  Program flow paths with
pseudocode
of each author. The CFG deal with three types of nodes in
random walking, as following:
• Statement node: It refers to a node in the control-flow
graph of the program, which has only one exit.
• Predicate node: It represents a Boolean expression that
can be used inside if, while, or for, etc. It refers to a
vertex that has two exits in the control-flow graph of
the particular programming code.
• Region node: It does not relate to programming state-
ments. It is included to summarize the dependencies of
a vertex, and it can be interpreted as a point of entry to
a series of statements or a block of code.
We extract component-based CFG features from
android source codes. Figure 4 shows an example of the
CFG of each method used in the merge sort. The compo-
nent-based CFG features are extracted for deep analysis of
cloned files. There are three sub-components which inte-
grate the working of merge sort. The node numbers repre-
sent the order of execution of each statement or block. The
edge indicates the control flow of the code that is used to
extract the semantic features from component-based. Due
to this, we can analyze the order of statements through
CFG features without the execution of the program. After
extracting the component-based features, we analyzed the
significance of each feature using the weighting method.
These high-quality features can address the following
types of clone attacks.
• Modifying the data flow in source code such as replacing
the variables’ values.
• Changing the control flow of statements such as replacing
function calls or if statements.
• Code insertion at different places.
• Changing the order of statements within code blocks with
semantics modification.
• Addition of redundant statements or variables.
2.3 Features weighting
The CFG features are hierarchal in nature and need to
transform in linear form for efficient processing. We used
the preprocessing method to extract nodes and edges, pre-
serving the order of execution. The overloaded noisy data
is removed during preprocessing, as it may affect the clone
detection process. For instance, stop words, special sym-
bols, etc. do not carry meaningful information for seman-
tic features. We extract nodes and edges with a number of
frequencies for each component. Next, we used local and
global weighting method to compute the importance of
each feature. For instance, some nodes and edges may be
more important for clone classification, while some may
be noisy. These noisy features can affect classification
accuracy. Due to this, we filtered the data for valuable fea-
tures. The Term Frequency Inverse Document Frequency
(TFIDF) is a statistical model that is proposed to reflect
how important a feature means to a single file in a group of
files. It has two parts, that is TF for local weight and IDF
13

Fig. 4  An example: component-based CFG extraction from merge-sort
for global weight. Let T indicates the AST, and for each
subtree s there is weight ws,T. The overall estimated weight
of a node is the multiplication of TF. and IDF methods, as
defined using Eq. 1 [34].
ws,T = TF(s, T) ∗ IDF(s, T)
Mathematically, the TF(s,T) and IDF(s,T) can be defined
as in Eqs. 2 and 3. For each subtree s and AST tree T, the
weight can be calculated by multiplying TF and IDF. The
TF is further explained mathematically in Eq. 2.
cnt(s, T)
TF(s, T) =
n(T)
Where cnt is the count which indicates the number of edges
or nodes, such that s ∈ ST and n(T) is the number of subtrees
in the selected portion. The ST is the set of all subtrees used
in the corpus. The mathematical form of IDF is given in
Eq. 3.
13
International Journal of Machine Learning and Cybernetics
N
IDF(s, T) = log (3)
c(s)
Where c(s) is the number of CFG in s, and N denotes the
(1) total number of generated CFG from a collection of source
code documents. Nodes with equivalent TFIDF values can
play an important role in the clone detection process. On
the other hand, if a node has a higher weight in one file but
null or lower in other files, then it has a small impact on the
efficacy of the proposed method.
(2)
2.4 Deep learning model
The Tensor Flow is an open-source library that is essential
for heterogeneous implementations of deep learning algo-
rithms. Several studies [35–37] reported that Tensor Flow
is a serious need for the research market to practice online
machine and deep learning analysis tools. It has powerful
processing for visualization facility through which we can
International Journal of Machine Learning and Cybernetics

Table 1  RNN configuration with input, output, dropout layers, conversion of K numbers within [0,1]. In multiclass neural
shapes, and number of parameters networks, it is often used to transform the non-normalized
Layer Type Shape Parameters output to a predictive class. The softmax function [39] is
used in the output as we are dealing with a multiclass prob-
RNN_1 RNN 100 400
lem. The standard softmax function 𝜎 ∶ ℝK → ℝK which can
dropout_1 Dropout 100 0
be defined using Eq. 4.
RNN_2 RNN 80 8080
dropout_2 Dropout 80 0 ezi
𝜎(z)i = ∑K for i = 1, … , K and z = (z1 , ..., zK ) ∈ ℝK
RNN_3 RNN 60 4860 j e
zj

dropout_3 Dropout 60 0 (4)

RNN_4 RNN 40 2440
We incorporate a standardized exponential method for
dropout_4 Dropout 40 0
each input. It normalizes the output by splitting the total of
RNN_5 RNN 30 1230
these exponentials. The key goal of the training process is to
dropout_5 Dropout 30 0
learn more about the essence of the data to allow correct pre-
RNN_6 RNN 20 620
dictions of the unknown data. The ReLU activation method
dropout_6 Dropout 20 0
is used in input and hidden layers for a better understanding
RNN_7 RNN 10 210
of the RNN model. Mathematically, it is defined as the posi-
dropout_7 Dropout 10 0
tive part of its argument, as shown in Eq. 4.
dense_8 RNN 3 33
Total parameters 17,873 f (x) = x+ = max(0, x) (5)
Trainable parameters 17,873
Non-trainable parameters 0 where x represents the input to the corresponding neurons,
this is also known as a ramp function whose graph behaves
like a ramp based on unary real numbers. Model overfit-
ting [40] happens when the model acquires information and
demonstrate the effectiveness of a deep learning algorithm, acoustics in data that influence the performance of the deep
such as an epoch graph for loss, accuracy and error estima- learning model. For detecting overfitting in the experiment,
tion, etc. It delivers fast and efficient performance, often we employed validation metrics like validation loss and vali-
offering new value-added features with quick updates as sup- dation accuracy on train and test results. After many epochs,
ported by Google. It can be implemented on a wide scale, validation steps usually stop improving and further develop
starting from cellular devices to complex installations. We the training measurements to achieve the best match. We
configured a Recurrent Neural Network (RNN) model with have used three methods to handle the overfitting problem.
seven RNN layers, seven dropout layers, and one dense layer, First, we select the correct number of networks and hid-
as shown in Table 1. The first RNN layer is used as input den layers to optimize learning capacity. Secondly, we used
and the last dense layer as the output layer. The intermedi- regularization, such as applying a cost to the loss function
ate RNN layers are used as hidden layers to train and pro- for greater weights. After this, to eliminate some features
cess the parameters in-depth analysis. The shape shows the and prevent overfitting of the deep learning model, dropout
number of neurons in each layer. The Rectifier Linear Unit layers are implemented.
(ReLU) [38] activation function is used in input and hidden
layers. The number of layers, neurons, and dropout layers
assists us to fine-tune the deep learning model and to tackle
the overfitting problem. The parameters of a deep learning 3 Experiments and discussions
model are usually the connections’ weights. In this scenario,
during the training stage, these parameters are learned. Thus, 3.1 Dataset preparation
such parameters are tuned by the model itself. When making
predictions, they’re needed by the model. There is a total The dataset is prepared from five cloned applications such
of 17,873 numbers of parameters trained for the designed as ES file downloader, hangman, hangman 2, one cleaner,
approach. VPN master, collected from different android markets. The
We used the fit function with a number of the epoch, five different android stores, such as Apk Pure, Google play
x_train, y_train, validation split to train the designed RNN store, app brain, Aptoide, and Mobile1 Market, are analyzed
model. The training and testing ratio is 80%, 20%. The num- for cloned applications to prepare the dataset. The variable
ber of epoch shows the accuracy and loss of the train and number of source files are collected from each application
test data points. The more number of epochs give better such that, ES file has 400, and the VPN master has 300
training to the deep learning model. Softmax is used in the files, respectively. Similarly, the hangman and hangman 2

13

Fig. 5  Number of component-based CFG features to train the model
have 46 and 84 files, respectively. The last is one cleaner
application that has 137 source files. After a thorough analy-
sis, we collected 250, 43, 57, 65, and 190 clone files from
five applications. These cloned files are further divided into
different components such as GUI, View model, and room
database, etc. according to android architecture. The CFG
hierarchical features are generated from these components
for a detailed analysis of subcloned files. Figure 5 shows
the percentage ratios of component-based CFG features for
training the RNN model. The Clone_Sets show the cloned
components in each application, and the curve shows the
percentage contribution of each component. The difference
in percentage denotes that some component has more source
codes than others. Therefore, it generates more number of
features to train the model as compared to other compo-
nents. For instance, Clone_set3 and Clone_Set1 are major
components from both cloned applications, which contribute
73.08%, 43.73% features against other components. Thus,
these components can affect the classification more as com-
pared to the others. By doing this, we can analyze the impact
of each component on the proposed approach.
3.2 Experimental results
Figures 6 and 7 compare the normalized values of differ-
ent clone sets selected from two android applications. Each
boxplot shows the upper quartile and lowers quartile values
of clone sets along with the minimum and maximum nor-
malized values. In Fig. 6, the median values of all clones are
between 0.80 to 0.81, whereas the lower quartile values are
between 0.15 to 0.17. The upper quartile values of the first
two clones are equal to 1.3, and the upper quartile value of
the third clone is 1.5, respectively. The comparison of box-
plots shows that the first clone and second clone are very
similar to each other. In other words, the Clone_set1 and
Clone_set2 have similar Java files without any difference.
Therefore, the normalized values of both clone sets are the
13
International Journal of Machine Learning and Cybernetics
same. The third clone upper quartile is slightly higher than
the first two clones, which shows a minor difference between
the Java files of the third clone and the first two clone sets.
Thus, by training the normalized values of the original
android application, it is possible to effectively predict the
possible clone applications on different android markets. It
should be noted that some android application scammers add
noisy data to original files in order to bypass the clone detec-
tion systems. For instance, In Fig. 7, the median is between
0.60 to 0.75 in clone sets. However, there is a 3–6% differ-
ence between the upper and lower quartile values of each
clone. In this paper, the CFG path of each Java file is meas-
ured using static analysis to extract cloned information by
avoiding the selection of noisy data
The component-based CFG features are then given to the
designed deep learning model. Figure 8 shows the visualiza-
tion of training and testing accuracy for two cloned appli-
cations. The performance is visualized dynamically on 50
epochs. Blue and orange color presents the train and test
curves. The epoch is plotted horizontally while accuracy is
shown vertically for each data point. In ES file downloader,
the train and test curves started from 70%, 83%, respectively.
Both curves go up to 94% and then parallel to the horizontal
line with more or fewer changes. It can be seen that; the test
curve goes down at the 10th epoch, but soon it performs bet-
ter against the training curve. The more number epochs help
to train the designed deep learning model effectively. But,
after reaching certain data points, the model behaves more
or less constant. The overall classification accuracy of the ES
file downloader is 94.6%. In VPN Master, the train and test
curves started from 65% and 78%, respectively. Both curves
go smoothly up to 95% of accuracy and then bent towards
the horizontal line at the 8th epoch. The test curve is slightly
upper than the training curve, but at the 30th epoch, it goes
down up to 94.8%. Both curves constantly behave with more
or fewer changes at each epoch. The overall classification
accuracy for VPN master is 96.8%. This visualization of
International Journal of Machine Learning and Cybernetics

Fig. 6  Visualization of three clone sets selected from “ES File Downloader” android application

Fig. 7  Visualization of three clone sets selected from “VPN Master” android application

training and testing curves at each epoch provides a detailed
analysis and effectiveness of the proposed approach.
Figure 9 shows the output of loss for training and test-
ing data points against each epoch. Again, the blue and
orange curves represent the train and testing loss data points
retrieved from the designed experiment. In ES file down-
loader, the train curves perform between 60–10%, while
the test curve performs between 55–20%, respectively. The
test curve moves upper than the training curve after the 5th
epoch. The cumulative loss of train and test data points is

13
 International Journal of Machine Learning and Cybernetics

Fig. 8  Visualization of accuracy for training and testing data points on different epochs

Fig. 9  Visualization of loss for training and testing data points on different epochs

10% approximately. In VPN master, the train and test curves
behave between 80–10% and 55–8%, respectively. The
cumulative loss for VPN master is 8%, which is less than
the ES file downloader. These visualization values validate
the performance of the proposed approach. The dynamic
flow of each train and test curves for accuracy and loss data
points accurately show the output for clone classification.
For a detailed analysis of the proposed approach, the con-
fusion matrices are extracted for each clone application, as
shown in Fig. 10. The Clone-Set denotes the cloned com-
ponents captured from android applications. The vertical
values show the true labels, and horizontal values denote
the predicted labels. The diagonal line shows the classifica-
tion for each Clone_Set, and the remaining entries show-
ing miss classification. For instance, in ES File downloader,
Clone_Set1, Clone_Set2 and Clone_Set3 classified 100%,
97%, 88%, respectively. Similarly, in VPN master, the clas-
sification performance of Clone_Set1, Clone_Set2 and

13
International Journal of Machine Learning and Cybernetics

Fig. 10  Confusion matrices for two cloned applications

Table 2  Comparison of the Method Dataset Precision (%) Recall (%) F-Measure (%) CA (%)
proposed approach with state of
the art methods Multi-layer perceptron ES file downloader 92.1 92.1 91.9 92.1
File downloader 95.4 95.5 95.4 95.4
Hangman 93.2 93.4 93.2 93.2
hangman 2 95.2 95.4 95 95
VPN master 92.8 93 93 93
Random forest ES file downloader 91.6 90.7 90.5 90.6
File downloader 93.2 93.2 93.1 93.1
Hangman 92 92.2 92.2 92
hangman 2 93.8 93.6 94 93.8
VPN master 90.6 90.8 91.2 90.6
Convolution neural network ES file downloader 90.4 88.6 87.1 88.5
File downloader 91.9 91.6 91.3 91.6
Hangman 90.2 89.6 89 89.8
hangman 2 91.4 92 92.4 92
VPN master 88.8 89.2 89.2 89.2
Our proposed method ES file downloader 94.2 94.1 94.6 94.6
VPN master 96.4 96.2 96.8 96.8
File downloader 96.8 97.2 97.4 97.2
Hangman 95.4 94.8 95 95.2
hangman 2 97.2 96.6 97.2 97.4

Clone_Set3 are 100%, 91%, 94, respectively. The Clone_
Set1 has more classification rates as compared to other com-
ponents as it has more number of features extracted weighted
CFGs.
The proposed approach is compared with the state of the
art methods, such as Multi-Layer Perceptron (MLP), Ran-
dom Forest (RF), Convolution Neural Network (CNN), as
shown in Table 2. Each method is analyzed using five cloned
applications with four different performance measures, such
as precision, recall, f-measure, and classification accuracy.
It can be seen that the proposed approach outperformed for
all classification measures with an average of 96.24%. The
next better approach is MLP, which gives good classifica-
tion results as compared to RF and CNN. CNN provides

13

Table 3  Comparison of classification performance among our
approach and previously published works
Published work Year Method Classification
accuracy (%)
Son et al. [41] 2013 Parse Tree Kernel 90.00
Zheng et al. [34] 2017 Weighted AST 87.89
Guo et al. [42] 2018 Abstract Structured Dia- 84.80
gram
Wang et al. [43] 2019 Graph embedding 89.60
Wang et al. [44] 2020 Abstract Syntax Tree 95.00
Our approach - Component-based CFG 96.24
the lowest classification measures because this model is
originally developed for image-based classification, while
the proposed research mainly targets the source codes data
in textual form. For a comprehensive analysis, we prepared a
comparison with already published works using the abstract
syntax structured features, as shown in Table 3. Son et al.
[41] designed a parse tree kernel approach to classify Java
source codes. They used a single type of programming code
and got an accuracy of 90%. Next, Fu et al. [34] used a
weighted AST method to estimate the importance of each
hierarchical feature. Then, these weighted values are used to
detect source code plagiarism. They got 87.89% classifica-
tion accuracy in Java files. Our approach outperforms with
a classification accuracy of 96.24%, which can describe that
this approach is more accurate and effective
4 Conclusion
Enforcement of software piracy is one of the biggest chal-
lenges in the Android community, which impacts android
developers in terms of revenue. Using API access services,
cloud-hosted android apps can be used to assess clones.
Clone detection device automation is done by choosing
multiple components for Android source files. Components
are further used by means of CFG analysis and function
weighting. Training and testing of cloned applications are
conducted using the RNN deep learning model. The pro-
posed method is investigated with five different android
application which is cloned in various android stores.
Empirical findings have shown that the proposed model
could effectively predict cloned applications selected from
different android stores with an average accuracy of more
than 96%. The findings indicate that most of the cloned
applications with only a limited overhead of accuracy and
loss are successfully detected by the proposed methods.
Thus, semantic-based graph features effectively contribute
to clone detection. Automatic login is a feature commonly
used in android applications that allow users to share infor-
mation from social media applications (Facebook, Google,
13
International Journal of Machine Learning and Cybernetics
Twitter, etc.) for sign-up purposes. Conversely, an android
scammer can use a clone application to recognize the thefts
of android users. In the future, we are planning to extend our
clone detection techniques to identify user-credential cloning
attacks in android applications.
References
1. Wang D et al (2018) From IoT to 5G I-IoT: the next generation
IoT-based intelligent algorithms and 5G technologies. IEEE Com-
mun Mag 56(10):114–120
2. Al-Turjman F (2019) 5G-enabled devices and smart-spaces in
social-IoT: an overview. Fut Gen Comput Syst 92:732–744
3. Al-Turjman F (2019) 5G-enabled devices and smart-spaces in
social-IoT: an overview. Fut Gen Comput Syst 92:732–744
4. Ul Ain Q et al (2019) A model-driven approach for token based
code clone detection techniques-an introduction to UMLCCD.
In: Proceedings of the 2019 8th International Conference on Edu-
cational and Information Technology
5. Roy CK, Cordy JR (2007) A survey on software clone detection
research. Queen’s School Comput TR 541(115):64–68
6. Basit HA, Jarzabek S. Efficient token based clone detection with
flexible tokenization. in Proceedings of the the 6th joint meeting
of the European software engineering conference and the ACM
SIGSOFT symposium on The foundations of software engineering.
2007
7. Yu H et al (Neural detection of semantic code clones via tree-
based convolution. in 2019) IEEE/ACM 27th International Con-
ference on Program Comprehension (ICPC). 2019. IEEE
8. Ullah F, Al-Turjman F, Nayyar A (2020) IoT-based green city
architecture using secured and sustainable android services. Envi-
ron Technol Innovat 20:101091
9. Gautam P, Saini H (2017) Non-trivial software clone detection
using program dependency graph. IJOSSP 8(2):1–24
10. Patil SS et al (2017) Code clone detection using hybrid approach.
In: International Journal of Innovative Research and Creative
Technology. IJIRCT​
11. Zarpelao BB et al (2017) A survey of intrusion detection in
Internet of Things. Journal of Network Computer Applications
84:25–37
12. Chahid Y, Benabdellah M, Azizi A. Internet of things security.
in (2017) International Conference on Wireless Technologies,
Embedded and Intelligent Systems (WITS). 2017. IEEE
13. Zarpelao BB et al (2017) A survey of intrusion detection in Inter-
net of Things. J Netw Comput Appl 84:25–37
14. Su X, Chuah M, Tan G. Smartphone dual defense protection
framework: Detecting malicious applications in android markets.
in (2012) 8th International Conference on Mobile Ad-hoc and
Sensor Networks (MSN). 2012. IEEE
15. Zhou Y et al. Hey, you, get off of my market: detecting malicious
apps in official and alternative android markets. in NDSS. 2012
16. Baker BS (1997) Parameterized duplication in strings: Algorithms
and an application to software maintenance. SIAM J Comput
26(5):1343–1362
17. Ducasse S, Nierstrasz O, Rieger M (2006) On the effectiveness
of clone detection by string matching. Journal of Software Main-
tenance Evolution: Research Practice 18(1):37–58
18. Smith R, Horwitz S. Detecting and measuring similarity in code
clones. in Proceedings of the International workshop on Software
Clones (IWSC). 2009
19. Van Rysselberghe F, Demeyer S. Evaluating clone detection tech-
niques. in Proceedings of the international workshop on evolution
of large scale industrial software applications. 2003
International Journal of Machine Learning and Cybernetics
20. Jan B et al (2019) Deep learning in big data analytics: a compara-
tive study. Comput Electr Eng 75:275–287
21. Rattan D, Bhatia R, Singh M (2013) Software clone detection: A
systematic review. Inf Softw Technol 55(7):1165–1199
22. Bowyer KW, Hall LO. Experience using” MOSS” to detect cheat-
ing on programming assignments. in FIE’99 Frontiers in Educa-
tion. 29th Annual Frontiers in Education Conference. Designing
the Future of Science and Engineering Education. Conference
Proceedings (IEEE Cat. No. 99CH37011 (1999) IEEE
23. Burd E, Bailey J. Evaluating clone detection tools for use during
preventative maintenance. in Proceedings. Second IEEE Inter-
national Workshop on Source Code Analysis and Manipulation
(2002) IEEE
24. Deokate B, Hanchate DB (2016) Software source code plagiarism
detection: a survey. Journal of Multidisciplinary Engineering Sci-
ence Technology 3(1):3747–3750
25. Li L et al (Cclearner: A deep learning-based clone detection
approach. in 2017) IEEE International Conference on Software
Maintenance and Evolution (ICSME). 2017. IEEE
26. Lazar F-M, Banias O. Clone detection algorithm based on the
abstract syntax tree approach. in (2014) IEEE 9th IEEE Inter-
national Symposium on Applied Computational Intelligence and
Informatics (SACI). 2014. IEEE
27. Rahman W et al (2020) Clone Detection on Large Scala Code-
bases. in 2020 IEEE 14th International Workshop on Software
Clones (IWSC). IEEE
28. Sun X et al (2014) Detecting code reuse in android applications
using component-based control flow graph. in IFIP international
information security conference. Springer
29. White M et al (Deep learning code fragments for code clone
detection. in 2016) 31st IEEE/ACM International Conference on
Automated Software Engineering (ASE). 2016. IEEE
30. Falcón R et al., Rough clustering with partial supervision, in
Rough Set Theory: A True Landmark in Data Analysis. 2009,
Springer. p. 137–161
31. Wijesiriwardana C, Wimalaratne P. Component-based experimen-
tal testbed to faciltiate code clone detection research. in (2017)
8th IEEE International Conference on Software Engineering and
Service Science (ICSESS). 2017. IEEE
32. Gabel M, Jiang L, Su Z. Scalable detection of semantic clones.
in Proceedings of the 30th international conference on Software
engineering. 2008
33. Svacina J, Simmons J, Cerny T. Semantic code clone detection for
enterprise applications. in Proceedings of the 35th Annual ACM
Symposium on Applied Computing. 2020
34. Fu D et al., Wastk: A weighted abstract syntax tree kernel method
for source code plagiarism detection. Scientific Programming,
2017. 2017
35. Abadi M et al. Tensorflow: A system for large-scale machine
learning. in 12th {USENIX} Symposium on Operating Systems
Design and Implementation ({OSDI} 16). 2016
36. Baylor D et al (2017) Tfx: A tensorflow-based production-scale
machine learning platform. in Proceedings of the 23rd ACM
SIGKDD International Conference on Knowledge Discovery and
Data Mining. ACM
37. Gulli A, Pal S, Deep Learning with Keras (2017) Packt Publishing
Ltd
38. Agostinelli F et al., Learning activation functions to improve deep
neural networks. arXiv preprint arXiv:1412.6830, 2014
39. Sharma S, Activation functions in neural networks. Towards Data
Science, 2017. 6
40. Rice L, Wong E, Kolter JZ, overfitting in adversarially robust deep
learning. arXiv preprint arXiv:2002.11569, 2020
41. Son J-W et al (2013) An application for plagiarized source code
detection based on a parse tree kernel. Eng Appl Artif Intell
26(8):1911–1918
42. Guo S, Liu J. An Approach to Source Code Plagiarism Detection
Based on Abstract Implementation Structure Diagram. in MATEC
Web of Conferences (2018) EDP Sciences
43. Wang C et al. Go-clone: graph-embedding based clone detector
for Golang. in Proceedings of the 28th ACM SIGSOFT Interna-
tional Symposium on Software Testing and Analysis. 2019
44. Wang W et al (Detecting Code Clones with Graph Neural Network
and Flow-Augmented Abstract Syntax Tree. in 2020) IEEE 27th
International Conference on Software Analysis, Evolution and
Reengineering (SANER). 2020. IEEE
Publisher’s Note Springer Nature remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.
13