Modx: Binary Level Partial Imported Third-Party Library Detection through Program Modularization and Semantic Matching

TL;DR

ModX is a novel framework that detects fully and partially imported third-party libraries at the semantic level by decomposing programs into modules and measuring their similarity, outperforming existing tools.

Contribution

It introduces a program modularization approach combined with semantic matching to improve detection of partial and fully imported third-party libraries.

Findings

ModX achieves 353% higher module quality scores than other tools.

ModX improves detection precision by 17% and recall by 8% over existing methods.

It effectively detects partially imported libraries at the semantic level.

Abstract

With the rapid growth of software, using third-party libraries (TPLs) has become increasingly popular. The prosperity of the library usage has provided the software engineers with handful of methods to facilitate and boost the program development. Unfortunately, it also poses great challenges as it becomes much more difficult to manage the large volume of libraries. Researches and studies have been proposed to detect and understand the TPLs in the software. However, most existing approaches rely on syntactic features, which are not robust when these features are changed or deliberately hidden by the adversarial parties. Moreover, these approaches typically model each of the imported libraries as a whole, therefore, cannot be applied to scenarios where the host software only partially uses the library code segments. To detect both fully and partially imported TPLs at the semantic level, we propose ModX, a framework that leverages novel program modularization techniques to decompose the program into finegrained functionality-based modules. By extracting both syntactic and semantic features, it measures the distance between modules to detect similar library module reuse in the program. Experimental results show that ModX outperforms other modularization tools by distinguishing more coherent program modules with 353% higher module quality scores and beats other TPL detection tools with on average 17% better in precision and 8% better in recall.