LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

  title={LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries},
  author={Wei Tang and Yanlin Wang and Hongyu Zhang and Shi Han and Ping Luo and Dongmei Zhang},
  journal={2022 IEEE/ACM 19th International Conference on Mining Software Repositories (MSR)},
  • Wei Tang, Yanlin Wang, Dongmei Zhang
  • Published 21 April 2022
  • Computer Science
  • 2022 IEEE/ACM 19th International Conference on Mining Software Repositories (MSR)
Third-party libraries (TPLs) are reused frequently in software applications for reducing development cost. However, they could introduce security risks as well. Many TPL detection methods have been proposed to detect TPL reuse in Android bytecode or in source code. This paper focuses on detecting TPL reuse in binary code, which is a more challenging task. For a detection target in binary form, libraries may be compiled and linked to separate dynamic-link files or built into a fused binary that… 

Figures and Tables from this paper



Detecting third-party libraries in Android applications with high precision and recall

  • Yuan ZhangJiarun Dai Hao Chen
  • Computer Science
    2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER)
  • 2018
LibPecker is proposed, an obfuscation-resilient, highly precise and reliable library detector for Android applications that significantly outperforms the state-of-the-art tools in both recall and precision.

LibID: reliable identification of obfuscated third-party Android libraries

This work presents LibID, a library detection tool that is more resilient to code shrinking and package modification than state-of-the-art tools and demonstrates the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of 3,958 most popular apps on the Google Play Store.

ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications

A system, named ATVHunter, which can pinpoint the precise vulnerable in-app TPL versions and provide detailed information about the vulnerabilities and TPLs is proposed and Experimental results show AtVHunter outperforms state-of-the-art TPL detection tools.

BinGo: cross-architecture cross-OS binary search

The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner, and is proposed to dramatically reduce the irrelevant target functions.

Automated Third-Party Library Detection for Android Applications: Are We There Yet?

  • Xian ZhanLingling Fan Yang Liu
  • Computer Science
    2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2020
A comprehensive empirical study evaluating and comparing all publicly available TPL detection tools based on four criteria: effectiveness, efficiency, code obfuscation-resilience capability, and ease of use, which shows that LibScout outperforms others regarding effectiveness, LibRadar takes less time than others and is also regarded as the most easy-to-use one, and LibPecker performs the best in defending against code obfuscations techniques.

Accurate and Scalable Cross-Architecture Cross-OS Binary Code Search with Emulation

This study empirically compares the tool, BinGo-E, with the pervious tool BinGo and the available state-of-the-art tools of binary code search in terms of search accuracy and performance, and proposes to incorporate features from different categories (e.g., structural features and high-level semantic features) for accuracy improvement and emulation for efficiency improvement.

LibD: Scalable and Precise Third-Party Library Detection in Android Markets

  • Menghao LiWei Wang Wei Huo
  • Computer Science
    2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)
  • 2017
Results show that compared to existing tools, LibD can better handle multi-package third-party libraries in the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability.

WuKong: a scalable and accurate two-phase approach to Android app clone detection

WuKong is proposed, a two-phase detection approach that includes a coarse-grained detection phase to identify suspicious apps by comparing light-weight static semantic features, and a fine- grained phase to compare more detailed features for only those apps found in the first phase.

Finding software license violations through binary code clone detection

The Binary Analysis Tool (BAT) is developed, a system for code clone detection in binaries that attempts to detect cloning of code from repositories of packages in source and binary form.

discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code

A new approach to efficiently search for similar functions in binary code, called discovRE, that supports four instruction set architectures (x86, x64, ARM, MIPS) and is four orders of magnitude faster than the state-of-the-art academic approach for cross-architecture bug search in binaries.