iDev: Enhancing Social Coding Security by Cross-platform ... · A = S m i=1 A i, and the number of...

iDev: Enhancing Social Coding Security by Cross-platform User IdentificationBetween GitHub and Stack Overflow

Yujie Fan1,2 , Yiming Zhang1,2 , Shifu Hou1,2 , Lingwei Chen2 , Yanfang Ye1,2∗Chuan Shi3 , Liang Zhao4 and Shouhuai Xu5

1Department of CDS, Case Western Reserve University, OH, USA2Department of CSEE, West Virginia University, WV, USA

3School of CS, Beijing University of Posts and Telecommunications, Beijing, China4Department of IST, George Mason University, VA, USA

5Department of CS, University of Texas at San Antonio, TX, USA

AbstractAs modern social coding platforms such as GitHuband Stack Overflow become increasingly popular,their potential security risks increase as well (e.g.,risky or malicious codes could be easily embed-ded and distributed). To enhance the social cod-ing security, in this paper, we propose to automatecross-platform user identification between GitHuband Stack Overflow to combat the attackers whoattempt to poison the modern software program-ming ecosystem. To solve this problem, an im-portant insight brought by this work is to lever-age social coding properties in addition to user at-tributes for cross-platform user identification. Todepict users in GitHub and Stack Overflow (at-tached with attributed information), projects, ques-tions and answers as well as the rich semantic rela-tions among them, we first introduce an attributedheterogeneous information network (AHIN) formodeling. Then, we propose a novel AHIN rep-resentation learning model AHIN2Vec to efficientlylearn node (i.e., user) representations in AHIN forcross-platform user identification. Comprehensiveexperiments on the data collections from GitHuband Stack Overflow are conducted to validate theeffectiveness of our developed system iDev inte-grating our proposed method in cross-platform useridentification by comparisons with other baselines.

1 IntroductionAs computing devices and the Internet become increasinglyubiquitous, software has played a vital role in people’s ev-eryday lives. Recently, there has been an exponential growthin the number of software whose market has grown into amulti-billion dollars industry [Statista, 2018]. Unlike con-ventional software development ecosystem where developerssignificantly rely on code handbooks to create software fromscratch, more and more software products are now createdwith the support from a highly interoperable and collaborative

∗Corresponding author: [email protected]

social coding platforms consisting of social coding reposito-ries (e.g., GitHub - the largest source code repository hostingmore than 100 million software projects maintained by over31 million registered developers [GitHub, 2019]) and on-line programming discussion platforms (e.g., Stack Overflow- the largest online programming discussion platform withabout 50 million visits each month [StackOverflow, 2018]).Within this software programming ecosystem, developers canreuse code snippets and libraries or adapt existing ready-to-use projects to expedite software development. However, thepopularity and openness of such social coding environmentnot only attract developers to contribute legitimate codes butalso attackers to disseminate malicious codes through ready-to-use applications [Ye et al., 2018]. For example, accordingto a recent study [Chen et al., 2016], 117 potentially harmfullibraries on Android scattered in GitHub were found to infect98,308 Google Play apps, which contain risky behaviors suchas stealthily recording audio and video. To maintain a safeand productive ecosystem against malicious attacks, GitHubprovides a security bug bounty site for code vulnerability re-porting [Ducklin, 2017]. Nevertheless, such security policy islimited and there still lacks a principled approach toward ad-dressing those security-related concerns. For example, from asocial engineering perspective, humans are generally thoughtto be the weakest link in the security chain - attackers couldutilize the interplay between GitHub and Stack Overflow topoison the overall ecosystem of software development.

Figure 1: Interplay between GitHub and Stack Overflow.

Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence (IJCAI-19)

2272

Figure 2: System overview of iDev for cross-platform user identification between GitHub and Stack Overflow.

Recent studies [Vasilescu et al., 2013; Silvestri et al., 2015;Baltes et al., 2017] have shown that the interplay between thedevelopment process in GitHub and Stack Overflow activitiesis more active than we had thought. That is, GitHub com-mitters often ask/answer questions on Stack Overflow; mean-while, they can also engage in Stack Overflow to providetheir knowledge and codes to others. This observation hasthe subtle implication from a security point of view: attack-ers might deliberately post questions/answers on Stack Over-flow to lure innocent users to download and embed maliciouscodes hosted in GitHub. As shown in Figure 1: user “S***n”provides a risky RootShell library in GitHub which offers aroot access to Android devices (Figure 1.(a)); to promote thiscode, the user with username “P***p” posts an answer threadin Stack Overflow, including the link directing into the Root-Shell library hosted in GitHub, to answer a question related tosystem file copy (Figure 1.(b)). In such case, the questioner orother less experienced users may be directed into using the al-leged solution without maintaining a healthy skepticism; oncethey reuse this library to generate the production software, thevictim devices might be compromised (e.g., system opera-tions being disrupted, or sensitive information being leaked).This finding implies the importance of cross-platform useridentification to detect attackers who attempt to poison themodern software programming ecosystem. Given the largenumber of user accounts in the growing GitHub and StackOverflow, it is simply impossible to manually link suspiciousaccounts for cross-platform user identification. Though someusers in Stack Overflow do provide their GitHub links, thisportion is very small (i.e., about 0.44% based on our data col-lections described in Section 3.1). To automate the process,unfortunately, there have been few works with the exceptionof [Silvestri et al., 2015] which merely used user attributes(e.g., user profiles) for identification. Therefore, to combatthe attacks in modern software programming ecosystem andto enhance its security, it is highly desirable to develop novelmethodologies that can automate cross-platform user identi-fication between GitHub and Stack Overflow.

To address the above challenges, an important insightbrought by this work is to leverage social coding propertiesin addition to user attributes for cross-platform user identifi-cation. As social coding platforms, both GitHub and StackOverflow are characterized by user activities and communi-cations, i.e., a rich source of heterogeneous information areavailable including users, projects, questions, answers, and

their semantic relations. To utilize such social coding prop-erties and user attributes, in this paper, we first introducean attributed heterogeneous information network (AHIN) [Liet al., 2017] for modeling. Then, we propose AHIN2Vecto efficiently learn node (i.e., user) representations in AHINfor cross-platform user identification. We develop a systemcalled iDev (shown in Figure 2) which integrates our pro-posed method for cross-platform user identification betweenGitHub and Stack Overflow. iDev has the following merits:• It introduces AHIN as an abstract representation of

GitHub and Stack Overflow data for the first time.• It presents a novel yet elegant AHIN embedding model

(i.e., AHIN2Vec) to efficiently learn low-dimensionalrepresentations for nodes (i.e., users) in AHIN.• Comprehensive experimental studies demonstrate the

performance of iDev in cross-platform user identifica-tion for enhancing social coding security.

2 Proposed MethodIn this section, we introduce the proposed method integratedin iDev for cross-platform user identification in detail.

2.1 Feature ExtractionUser Attributed Features. To fingerprint a user, we con-sider both his/her profile information and posted text content.In GitHub and Stack Overflow, user profile plays an importantrole in resolving his/her identity. Thus, we extract three kindsof features from user profile to depict each user: username,location and contact information (e.g., email address, twit-ter account). Note that, for username, we first apply standardstring matching techniques to measure the similarity of twousernames; if their similarity is greater than a user-specificthreshold, we regard these two usernames as the same (e.g.,“D**Tomas” and “D**T0mas”). Then, we apply one-hot en-coding to convert the extracted features to a binary featurevector. To obtain better user representations, for GitHub user,we further consider the description of each project he/shecreates; for Stack Overflow user, we consider his/her postedquestions and answers. To deal with such text content, wepropose to exploit doc2vec [Le and Mikolov, 2014] to con-vert each text of variant size into a fixed-length feature vector(i.e., we empirically set it as 100). Accordingly, we concate-nate these two feature vectors to form an attributed featurevector for each user.


2273

Social Coding Properties. To comprehensively depictusers in GitHub and Stack Overflow, we not only utilize theabove attributed features, but consider the rich social cod-ing properties among them including: (1) GitHub relations:i) R1: the user-create-project relation describes whether aGitHub user creates a project; ii) R2: user-star-project re-lation means a user stars a project, denoting his/her interestto keep track of the project; iii) R3: user-fork-project rela-tion denotes a user either proposes changes to someone else’sproject or uses someone else’s project as a starting point forhis/her own idea; iv) R4: the user-contribute-project relationdescribes if a user contributes to a project. (2) Stack Overflowrelations: the user-post-question relation (R5) and the user-supply-answer relation (R6) denote if a user posts a questionor supplies an answer respectively; to denote the Q&A rela-tionship, we build the answer-echo-question relation (R7) toindicate if an answer responds (i.e., echoes) to a particularquestion. (3) Cross-platform relations: a question or answerthread may have a link directing into a GitHub project, we ac-cordingly extract the question-link-project relation (R8) andthe answer-link-project relation (R9) for representations.

2.2 AHIN ConstructionThough heterogeneous information network (HIN) [Sun etal., 2011] has shown the success of modeling different typesof entities and relations, it has limited capability of modelingadditional attributes attached to entities. To solve this prob-lem, we present attributed HIN (AHIN) for modeling.

Definition 1 Attributed Heterogeneous Information Net-work (AHIN) [Li et al., 2017]. Let T = {T1, ..., Tm} be a setof m entity types. For each entity type Ti, let Xi be the set ofentities of type Ti and Ai be the set of attributes defined forentities of type Ti. An entity xj of type Ti is associated withan attribute vector fj = (fj1, fj2, ..., fj|Ai|). An AHIN is de-fined by a graph G = (V, E ,A) with an entity type mappingφ: V → T and a relation type mapping ψ: E → R, whereV =

⋃mi=1 Xi denotes the entity set and E is the relation set,

T denotes the entity type set and R is the relation type set,A =

⋃mi=1Ai, and the number of entity types |T | > 1 or the

number of relation types |R| > 1. The network schema foran AHIN G, denoted by TG = (T ,R), is a graph with nodesas entity types from T and edges as relation types fromR.

For our case, we have five types of entities and nine typesof relations among them while nodes with entity type ofuser are further attached with an extracted feature vector rep-resenting its associated attributes. Based on the definitionabove, the network schema for AHIN in our application isshown in Figure 3.(a). To formulate the higher-order rela-tionships among entities, the concept of meta-path [Sun etal., 2011] has been proposed: a meta-path P is a path de-fined on the network schema TG = (A,R), and is denoted in

the form of A1R1−−→ A2

R2−−→ ...RL−−→ AL+1, which defines

a composite relation R = R1 · R2 · . . . · RL between typesA1 and AL+1, where · denotes relation composition opera-tor, and L is the length of P . In our application, we designten meaningful meta-paths (i.e., PID1-PID10 shown in Fig-ure 3.(b)) to jointly characterize the relatedness between twousers in GitHub and Stack Overflow from different views.

Figure 3: Network schema and meta-paths for AHIN.

PID5 is one of the examples: user(S)supply−−−−→ answer

link−−−→project

create−1

−−−−−−→ user(G) which denotes that a user inStack Overflow is connected with a user in GitHub if theStack Overflow user(S) supplies an answer including a linkdirecting into a project created by the Github user(G).

2.3 AHIN2VecGiven an AHIN G = (V, E ,A), the AHIN representa-tion learning [Dong et al., 2017] task is to learn a func-tion f : V → RD that maps each node v ∈ V to a vec-tor in a D-dimensional space RD, D � |V| that are ca-pable of preserving both structural and semantic relationsamong them. Although many network embedding methods[Perozzi et al., 2014; Tang et al., 2015; Dong et al., 2017;Fu et al., 2017] have been proposed recently, few of them dealwith node embeddings in AHIN. Here, we propose a novelAHIN embedding model AHIN2Vec to learn node representa-tions: we first map the constructed AHIN to a multi-view net-work consisting of a set of single-view attributed graphs; wethen efficiently fuse such single-view graphs into an unifiedattributed graph via subspace analysis on Grassmann mani-folds; afterwards, we propose a graph auto-encoder model tolearn user embeddings for cross-platform user identification.

Multi-view network built from AHIN. We first de-fine a multi-view network [Shi et al., 2018] as GM =(V, {E i}Mi=1,A) consisting of a set V of nodes and M views,where E i consists of all edges in view i ∈ {1, ...,M}. If amulti-view network is weighted, then there exists a weightmapping w : {E i}Mi=1 → R such that wi

vv′ := w(eivv′) is theweight of the edge eivv′ ∈ E i, which joints nodes v ∈ V andv′ ∈ V in view i ∈ {1, ...,M}. Based on this definition, wethen map the constructed AHIN to a multi-view network con-sisting of a set of single-view attributed graphs encoding therelatedness over users depicted by different meta-paths. Morespecifically, given an AHIN G = (V, E ,A) and M meta-paths, a multi-view network with M single-view attributedgraphs Gi = (V, E i,A) is built where the i-th view graph isgenerated based on meta-path Pi (i = {1, ...,M}). Thesesingle-view attributed graphs depict different kinds of inter-actions among users, which can reflect different-views of userrepresentations. In our case, each node in Gi denotes a user


2274

in GitHub or Stack Overflow and an edge between two usersdenotes if they can be connected under meta-path PIDi. Theuser feature matrix X in Gi can be represented as:

X = u1 ⊕ u2 ⊕ ... ⊕ uN , (1)

where N is the number of users in GitHub and Stack Over-flow, ⊕ is the concatenation operator, ui ∈ Rf is the f -dimensional attributed feature vector for the i-th user.Fusing multiple single-view attributed graphs. Given amulti-view network with M single-view attributed graph Gi(i = {1, ...,M}), we aim to effectively fuse them into anunified graph via a two-phase procedure: representing eachsingle-view graph in an individual subspace and then com-bining the multiple subspaces to generate an unified space.

Let Ai and Di be the adjacency matrix and degree matrixof i-th view graph respectively, inspired by the spectral clus-tering [Ng et al., 2002], we map i-th view graph into a sub-space via solving the following trace minimization problem:

minUi∈RN×k

tr(UTi LiUi), s.t. UT

i Ui = I. (2)

where Li = D− 1

2i (Di − Ai)D

− 12

i is the normalized graphLaplacian; Ui contains the first k eigenvectors (correspond-ing to the k smallest eigenvalues) of Li. This optimiza-tion problem can be solved by the Rayleigh-Ritz theorem[Von Luxburg, 2007]. By adopting the above spectral em-bedding, we can define a meaningful subspace representationfor each single-view graph. Then, to effectively make a com-bination of the learned multiple subspaces, following [Donget al., 2014], we propose to find a representative subspace thatis close to all the individual subspaces and its representationU preserves the information about node connectivity in eachsingle-view graph. Based on Grassmann manifold theory, theprojection distance between two subspaces can be defined asa set of principal angles {θi}ki=1 between these subspaces:

d2proj(U1,U2) =k∑

i=1

sin2 θi = k− tr(U1UT1 U2U

T2 ). (3)

Accordingly, the projection distance between the target rep-resentative subspace U and the M individual subspaces{Ui}Mi=1 is calculated as:

d2proj(U, {Ui}Mi=1) = kM −M∑i=1

tr(UUTUiUTi ). (4)

Minimization of Eq. (4) enforces the representative subspaceto be close to all the individual subspaces. Further, to preservethe node connectivity in each single-view graph, we minimizethe Laplacian quadratic form in Eq. (2). Finally, we solve thefollowing optimization problem to fuse multiple subspaces:

minU∈RN×k

M∑i=1

tr(UTLiU) + α[kM −M∑i=1

tr(UUTUiUTi )],

(5)subject to UTU = I, where α is a regularization parameterthat balances the trade-off between the two terms. By ignor-ing constant terms and rearranging the trace form, we have:

minU∈RN×k

tr[UT (M∑i=1

Li − αM∑i=1

UiUTi )U]. (6)

As stated before, this trace minimization problem can besolved by Rayleigh-Ritz theorem with a modified Laplacian:

Lmod =M∑i=1

Li − αM∑i=1

UiUTi . (7)

Graph auto-encoder. In order to learn robust node embed-dings for the fused attributed graph, we propose to exploitthe graph auto-encoder model [Kipf and Welling, 2016b]which consists of an encoder aiming at encoding graph datato a compact representation, and a decoder to reconstruct thetopological graph information from such representation.

Encoder: Since graph convolutional network (GCN) hasshown its power to capture the graph topological structureand the node attributed features [Kipf and Welling, 2016a],we employ GCN as an encoder to learn a latent representa-tion. Let A ∈ RN×N be the adjacency matrix generatedfrom Lmod and X is the user feature matrix. Following theidea of GCN, the convolutional layer:

Zl+1 = σ (AZl Wl), (8)

where A is a symmetric normalization of A with self-loop,i.e. A = D−

12 AD−

12 with A = A+I. Here I is the identity

matrix and D is the diagonal node degree matrix of A. TheZl and Wl denote the l-th hidden layer and the layer-specificparameters, Z0 = X and σ denotes an activation function,such as the ReLU(·) = max(0, ·). In this paper, we employ atwo-layer GCN as encoder:

Z = q(Z|X,A) = AReLU (AXW0)W1. (9)

Decoder: The decoder model is used to reconstruct graphtopological structure A. More specifically, we train a decoderto predict whether there is a link between two nodes based onthe graph embedding learned from encoder:

p(A|Z) =N∏i=1

N∏i=1

p(Aij |zi, zj), (10)

p(Aij = 1|zi, zj) = σ(zTi zj), (11)where σ(x) = 1/(1 + ex) is a sigmoid function.

Optimization: Based on the description above, we mini-mize the reconstruction error as following:

L = Eq(Z|X,A)[log p(A|Z)]. (12)

We then perform stochastic gradient descent for training.Algorithm 1 illustrates our proposed AHIN representation

learning model AHIN2Vec. After employing AHIN2Vec, weapply average pooling on each pair of GitHub and StackOverflow user embeddings, which are then fed to the clas-sifier (i.e., we employ support vector machine (SVM) in ourapplication) for cross-platform user identification.

3 Experimental Results and AnalysisIn this section, we fully evaluate the performance of our de-veloped system iDev by comparisons with other baselines.


2275

Algorithm 1: AHIN2Vec.

Input: G = (V, E ,A): AHIN, {Pi}Mi=1: meta-paths,α: regularization parameter; T : the number ofiterations.

Output: Z: node representations for AHIN.

for i = 1→M doGenerate single-view graph Gi based on Pi;Learn the subspace representation Ui for Gi viasolving Eq. (2);

endCompute the merged Laplacian Lmod using Eq. (7);for i = 1→ T do

Generate latent representations Z through Eq. (9);Update the graph auto-encoder with its stochasticgradient by Eq.(12);

endReturn Z;

3.1 Data CollectionWe collect the data from GitHub and Stack Overflow. ForStack Overflow, we collect its public data dump [StackEx-change, 2019] including 9,737,249 users; for those StackOverflow users who provide the GitHub links in their pro-files (i.e., 42,840 users), we develop a set of crawling toolsto further obtain the related information in GitHub. We ob-tain the ground-truth under a pseudo setting: we first ran-domly subsample 10% Stack Overflow users who providesGitHub links (i.e., 4,284 users) and regard these 4,284 userpairs as positive examples, then randomly match each StackOverflow user to a GitHub user to generate 4,284 negativeexamples. In this pseudo setting, the contact information at-tached to each user is set as null. Based on the extracted fea-tures and designed network schema, the constructed AHINhas 25,875 nodes (i.e., 4,284 nodes with type of GitHub user,4,864 nodes with type of project, 4,284 nodes with type ofStack Overflow user, 2,184 nodes with type of question, and10,259 with type of answer) and 75,824 edges including re-lations of R1-R9. In the following experiments, we use accu-racy (i.e., ACC) and F1 measure for evaluations.

3.2 Baseline MethodsWe validate the performance of our proposed method forcross-platform user identification in GitHub and Stack Over-flow by comparisons with different groups of baseline meth-ods. First, we evaluate different types of features:• User Attributes. This category only considers the ex-

tracted user attributed features described in Section 2.1,denoted as f-1;• Different AHIN-based Features. This type of features

augment user attributes with the AHIN-based relationsin three different ways: (1) f-2 concatenates user at-tributes and relations represented by the best performedsingle-view graph; (2) f-3 concatenates user attributesand relations represented by simply merging the edgesof ten different single-view graphs; and (3) f-4 concate-nates user attributes and relations which are formulated

by employing our proposed fusion method to merge dif-ferent single-view graphs into an unified one.

Second, we evaluate our proposed AHIN embedding methodAHIN2Vec by comparisons with following baselines.

• DeepWalk [Perozzi et al., 2014] learns node vectorsby capturing node pairs within w-hop neighborhood viauniform random walks in the network.

• LINE [Tang et al., 2015] learns embeddings by preserv-ing first and second order proximities between nodes.

• metapath2vec [Dong et al., 2017] embeds the semanticinformation based on a single meta-path.

• HIN2Vec [Fu et al., 2017] learns embeddings to capturerich relation semantics in HIN via a neural network.

For DeepWalk and LINE, we ignore the heterogeneousproperty and directly feed the network for embedding. Notethat, since all baselines are incapable of dealing with at-tributed features attached to the nodes (i.e., users), here wesimply concatenate the node embedding learned by eachmethod with the user attributed feature vector to represent auser. In our method, we train graph auto-encoder as suggestedin [Kipf and Welling, 2016b]. To facilitate the comparisons,we use the experimental procedure as in [Perozzi et al., 2014;Tang et al., 2015; Dong et al., 2017]: we set vector dimensiond = 200 and randomly select a portion of data (ranging from10% to 90%) for training and the remaining one for testing.

3.3 Comparisons and AnalysisBased on our data collection, we show the comparison re-sults for all the baseline methods introduced above for cross-platform user identification. We first evaluate the perfor-mance of different types of features using ten-fold cross vali-dations. From Table 1, we can observe that different featuresshow different performances: (1) feature engineering (f-2, f-3and f-4) helps the performance of machine learning since therich semantics encoded in AHIN-based relations can bringmore information; (2) two augmented features formulatedfrom the merged graphs (f-3 and f-4) outperform f-2 usinguser relations extracted from a single-view graph; further, theproposed method to fuse different single-views (f-4) indeedperforms better than the simple graph merging (f-3); (3) ourproposed method achieves the best result. The reason behindthis is that iDev leverages user attributes and AHIN-basedrelations in an expressive and comprehensive way, which ismore informative than the simple augmented features.

Metric Attrs Attrs+Relations iDevf-1 f-2 f-3 f-4

ACC 0.868 0.902 0.916 0.921 0.936F1 0.863 0.898 0.915 0.917 0.934

Table 1: Comparisons of different types of features

We also show the comparisons in Table 2 for different net-work embedding models. From the results, we can see thatour proposed AHIN2Vec outperforms all baselines in terms ofACC and F1. That is to say, AHIN2Vec learns significantly


2276

better node (i.e., user) representations in AHIN than cur-rent state-of-the-art methods. The success of AHIN2Vec liesin: (1) the proper consideration and accommodation of theheterogeneous property of AHIN (i.e., the multiple types ofnodes and relations), (2) the advantage of graph auto-encoderto incorporate both graph structure and node attributes forrepresentation learning.

Metric Method 10% 30% 50% 70% 90%

ACC

Deepwalk 0.812 0.854 0.873 0.892 0.906Line 0.823 0.864 0.874 0.892 0.909

metapath2vec 0.849 0.870 0.891 0.913 0.929Hin2vec 0.855 0.875 0.897 0.915 0.926

AHIN2Vec 0.866 0.886 0.911 0.919 0.939

F1

Deepwalk 0.809 0.850 0.869 0.889 0.904Line 0.821 0.860 0.871 0.889 0.906

metapath2vec 0.846 0.867 0.888 0.911 0.927Hin2vec 0.851 0.871 0.894 0.912 0.924

AHIN2Vec 0.862 0.882 0.908 0.916 0.938

Table 2: Comparisons of different embedding methods

3.4 Parameter Sensitivity and ScalabilityIn this set, we first conduct parameter sensitivity analysis ofhow different choices of dimension d will affect the perfor-mance of iDev in cross-platform user identification by ten-fold cross validations. As shown in Figure 4.(a), iDev is notstrictly sensitive to dimension d and is able to reach high per-formance under a cost-effective parameter choice. For scala-bility, we further evaluate the running time of iDev with dif-ferent sizes of the dataset. Figure 4.(b) shows that the runningtime is quadratic to the number of sampled users. When deal-ing with more data, parallel algorithms can be developed.

Figure 4: Parameter sensitivity and scalability

3.5 Case StudiesTo better understand and gain deeper insights into thesecurity-related risks of modern social coding ecosystem, wefurther apply our developed system iDev for cross-platformuser identification in the wild. For the identified user pairs,we sample 565 pairs and validate them using conclusive evi-dences. Among these 565 pairs, 502 pairs (88.85%) are withhigh confidence that they are the same individuals and 15pairs are uncertain (2.65%). For example, one of our identi-fied user pairs “a***2” in GitHub and “a***r” in Stack Over-flow have different usernames, locations and contact infor-mation; meanwhile the user profile in Stack Overflow doesn’tprovide GitHub link. However, “a***r” in Stack Overflowposts a question linking into a GitHub project which offers

OTA updater for unofficial ROMs created by “a***2”. Afterfurther investigation, we find that these two users are the sameone in developing this GitHub project. The studies based onthe identified user pairs could help understand and thus pre-vent the dissemination of risky or malicious codes cross dif-ferent social coding platforms.

4 Related WorkThere have been many works on enhancing code securitysuch as malicious code detection [Ye et al., 2007; Ye et al.,2011; Hou et al., 2017; Ye et al., 2017; Chen et al., 2017;Fan et al., 2018; Ye et al., 2018]. With the popularity of so-cial coding platforms, there have been several studies on theinterplay between GitHub and Stack Overflow [Vasilescu etal., 2013; Silvestri et al., 2015; Baltes et al., 2017]. Thoughthe results are promising, most of them fail to consider thesocial coding properties in solving their problems. Differ-ent from the existing works, in this paper, to conduct cross-platform user identification, we propose to utilize not onlyuser attributes, but also various kinds of relationships amongusers, projects, questions and answers.

HIN has shown the success of modeling different types ofentities and relations [Sun et al., 2011], but it has limited ca-pability of modeling additional attributes attached to entities.To tackle this challenge, AHIN is proposed for representation[Li et al., 2017]. To better address representation learning forHIN, many efficient network embedding methods have beenproposed such as metapath2vec [Dong et al., 2017], HIN2vec[Fu et al., 2017]. However, these models are unable to dealwith the attributed information associated with the entity. Toaddress this issue, we propose AHIN2Vec to learn the desir-able node representations in AHIN.

5 ConclusionWe develop a system named iDev to automate cross-platformuser identification between GitHub and Stack Overflow. IniDev, to depict a rich source of heterogeneous informationand user attributes, we present a structural AHIN for repre-sentation and use a meta-path based approach to character-ize the semantic relatedness over users. To efficiently learnnode representations in AHIN, we propose a novel AHIN em-bedding model AHIN2Vec which first maps the constructedAHIN to a multi-view network, then applies subspace anal-ysis to obtain an unified attributed graph and later exploitsgraph auto-encoder to learn the node embeddings. After that,we apply average pooling on each pair of GitHub and StackOverflow user embeddings which are then fed to the classifierfor cross-platform user identification. The promising experi-mental results on the collected datasets demonstrate that iDevoutperforms other baseline methods.

AcknowledgmentsY. Fan, Y. Zhang, S. Hou, L. Chen and Y. Ye’s workis partially supported by the NSF under grants CNS-1618629, CNS-1845138 and OAC-1839909; the DoJ/NIJunder grant NIJ 2018-75-CX-0032; the WV HEPC Grant(HEPC.dsr.18.5); and WVU RSA (R-844). Y. Ye and S. Xu’swork is partially supported by the NSF CNS-1814825.


2277

References[Baltes et al., 2017] Sebastian Baltes, Richard Kiefer, and

Stephan Diehl. Attribution required: Stack overflow codesnippets in github projects. In ICSE, pages 161–163, 2017.

[Chen et al., 2016] Kai Chen, Xueqiang Wang, Yi Chen,Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Bin Ma, Ao-hui Wang, Yingjun Zhang, and Wei Zou. Following devil’sfootprints: Cross-platform analysis of potentially harm-ful libraries on android and ios. In S&P, pages 357–376.IEEE, 2016.

[Chen et al., 2017] Lingwei Chen, Shifu Hou, and YanfangYe. Securedroid: Enhancing security of machine learning-based detection against adversarial android malware at-tacks. In ACSAC, pages 362–372. ACM, 2017.

[Dong et al., 2014] Xiaowen Dong, Pascal Frossard, PierreVandergheynst, and Nikolai Nefedov. Clustering on multi-layer graphs via subspace analysis on grassmann mani-folds. IEEE Trans. Signal Process, 62(4):905–918, 2014.

[Dong et al., 2017] Yuxiao Dong, Nitesh V Chawla, andAnanthram Swami. metapath2vec: Scalable representa-tion learning for heterogeneous networks. In KDD, pages135–144, 2017.

[Ducklin, 2017] Paul Ducklin. Github starts scanningmillions of projects for insecure components. https://nakedsecurity.sophos.com/2017/11/21/github-starts-scanning-millions-of-projects-for-insecure-components/,2017. Accessed February 11, 2019.

[Fan et al., 2018] Yujie Fan, Shifu Hou, Yiming Zhang, Yan-fang Ye, and Melih Abdulhayoglu. Gotcha-sly malware!:Scorpion a metagraph2vec based malware detection sys-tem. In KDD, pages 253–262. ACM, 2018.

[Fu et al., 2017] Tao-yang Fu, Wang-Chien Lee, and ZhenLei. Hin2vec: Explore meta-paths in heterogeneous in-formation networks for representation learning. In CIKM,pages 1797–1806. ACM, 2017.

[GitHub, 2019] GitHub. Github: Built for developers. https://github.com/about, 2019. Accessed February 11, 2019.

[Hou et al., 2017] Shifu Hou, Yanfang Ye, Yangqiu Song,and Melih Abdulhayoglu. Hindroid: An intelligent an-droid malware detection system based on structured het-erogeneous information network. In KDD, pages 1507–1515. ACM, 2017.

[Kipf and Welling, 2016a] Thomas N Kipf and MaxWelling. Semi-supervised classification with graphconvolutional networks. arXiv:1609.02907, 2016.

[Kipf and Welling, 2016b] Thomas N Kipf and MaxWelling. Variational graph auto-encoders. arXiv preprintarXiv:1611.07308, 2016.

[Le and Mikolov, 2014] Quoc Le and Tomas Mikolov. Dis-tributed representations of sentences and documents. InICML, pages 1188–1196, 2014.

[Li et al., 2017] Xiang Li, Yao Wu, Martin Ester, Ben Kao,Xin Wang, and Yudian Zheng. Semi-supervised cluster-ing in attributed heterogeneous information networks. InWWW, pages 1621–1629, 2017.

[Ng et al., 2002] Andrew Y Ng, Michael I Jordan, and YairWeiss. On spectral clustering: Analysis and an algorithm.In NIPS, pages 849–856, 2002.

[Perozzi et al., 2014] Bryan Perozzi, Rami Al-Rfou, andSteven Skiena. Deepwalk: Online learning of social rep-resentations. In KDD, pages 701–710. ACM, 2014.

[Shi et al., 2018] Yu Shi, Fangqiu Han, Xinwei He, XinranHe, Carl Yang, Jie Luo, and Jiawei Han. mvn2vec: Preser-vation and collaboration in multi-view network embed-ding. arXiv:1801.06597, 2018.

[Silvestri et al., 2015] Giuseppe Silvestri, Jie Yang, Alessan-dro Bozzon, and Andrea Tagarelli. Linking accountsacross social networks: the case of stackoverflow, githuband twitter. In KDWeb, pages 41–52, 2015.

[StackExchange, 2019] StackExchange. Stackexchange datadump. https://archive.org/details/stackexchange, 2019.Accessed January 5, 2019.

[StackOverflow, 2018] StackOverflow. Developer surveyresults 2018. https://insights.stackoverflow.com/survey/2018/, 2018. Accessed February 11, 2019.

[Statista, 2018] Statista. Statistics and market data on soft-ware. https://www.statista.com/markets/418/topic/484/software/, 2018. Accessed February 11, 2019.

[Sun et al., 2011] Yizhou Sun, Jiawei Han, Xifeng Yan,Philip S Yu, and Tianyi Wu. Pathsim: Meta path-basedtop-k similarity search in heterogeneous information net-works. VLDB Endowment, 4(11):992–1003, 2011.

[Tang et al., 2015] Jian Tang, Meng Qu, Mingzhe Wang,Ming Zhang, Jun Yan, and Qiaozhu Mei. Line: Large-scale information network embedding. In WWW, pages1067–1077, 2015.

[Vasilescu et al., 2013] Bogdan Vasilescu, Vladimir Filkov,and Alexander Serebrenik. Stackoverflow and github:Associations between software development and crowd-sourced knowledge. In ICSC, pages 188–195. IEEE, 2013.

[Von Luxburg, 2007] Ulrike Von Luxburg. A tutorial onspectral clustering. Statistics and computing, 17(4):395–416, 2007.

[Ye et al., 2007] Yanfang Ye, Dingding Wang, Tao Li, andDongyi Ye. Imds: Intelligent malware detection system.In KDD, pages 1043–1047. ACM, 2007.

[Ye et al., 2011] Yanfang Ye, Tao Li, Shenghuo Zhu, Wei-wei Zhuang, Egemen Tas, Umesh Gupta, and Melih Ab-dulhayoglu. Combining file content and file relations forcloud based malware detection. In KDD, pages 222–230.ACM, 2011.

[Ye et al., 2017] Yanfang Ye, Tao Li, Donald Adjeroh, andS Sitharama Iyengar. A survey on malware detection usingdata mining techniques. ACM CSUR, 50(3):41, 2017.

[Ye et al., 2018] Yanfang Ye, Shifu Hou, Lingwei Chen, XinLi, Liang Zhao, Shouhuai Xu, Jiabin Wang, and Qi Xiong.Icsd: An automatic system for insecure code snippet de-tection in stack overflow over heterogeneous informationnetwork. In ACSAC, pages 542–552. ACM, 2018.


2278

iDev: Enhancing Social Coding Security by Cross-platform ... · A = S m i=1 A i, and the number of...

Documents

Transcript of iDev: Enhancing Social Coding Security by Cross-platform ... · A = S m i=1 A i, and the number of...