LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

TL;DR

LibDB is a novel framework that accurately and efficiently detects third-party library reuse in binary files, including stripped and fused binaries, using feature embedding and graph-based comparison.

Contribution

It introduces a new binary TPL detection framework that combines function content embedding and call graph comparison, supporting version identification, outperforming existing tools.

Findings

LibDB achieves higher accuracy than state-of-the-art tools.

LibDB is more efficient in processing binary files.

Supports version identification of third-party libraries.

Abstract

Third-party libraries (TPLs) are reused frequently in software applications for reducing development cost. However, they could introduce security risks as well. Many TPL detection methods have been proposed to detect TPL reuse in Android bytecode or in source code. This paper focuses on detecting TPL reuse in binary code, which is a more challenging task. For a detection target in binary form, libraries may be compiled and linked to separate dynamic-link files or built into a fused binary that contains multiple libraries and project-specific code. This could result in fewer available code features and lower the effectiveness of feature engineering. In this paper, we propose a binary TPL reuse detection framework, LibDB, which can effectively and efficiently detect imported TPLs even in stripped and fused binaries. In addition to the basic and coarse-grained features (string literals and exported function names), LibDB utilizes function contents as a new type of feature. It embeds all functions in a binary file to low-dimensional representations with a trained neural network. It further adopts a function call graph-based comparison method to improve the accuracy of the detection. LibDB is able to support version identification of TPLs contained in the detection target, which is not considered by existing detection methods. To evaluate the performance of LibDB, we construct three datasets for binary-based TPL reuse detection. Our experimental results show that LibDB is more accurate and efficient than state-of-the-art tools on the binary TPL detection task and the version identification task. Our datasets and source code used in this work are anonymously available at https://github.com/DeepSoftwareAnalytics/LibDB.