Modx: Binary Level Partial Imported Third-Party Library Detection through Program Modularization and Semantic Matching
Wed 11 May 2022 20:20 - 20:25 at ICSE room 2-even hours - Software Security 5 Chair(s): Nancy Mead
With the rapid growth of software, using third-party libraries (TPLs) has become increasingly popular. The prosperity of the library usage has provided the software engineers with handful of methods to facilitate and boost the program development. Unfortunately, it also poses great challenges as it becomes much more difficult to manage the large volume of libraries. Researches and studies have been proposed to detect and understand the TPLs in the software. However, most existing approaches rely on syntactic features, which are not robust when these features are changed or deliberately hidden by the adversarial parties. Moreover, these approaches typically model each of the imported libraries as a whole, therefore, cannot be applied to scenarios where the host software only partially uses the library code segments.
To detect both fully and partially imported TPLs at the semantic level, we propose ModX, a framework that leverages novel program modularization techniques to decompose the program into finegrained functionality-based modules. By extracting both syntactic and semantic features, it measures the distance between modules to detect similar library module reuse in the program. Experimental results show that ModX outperforms other modularization tools by distinguishing more coherent program modules with 353% higher module quality scores and beats other TPL detection tools with on average 17% better in precision and 8% better in recall.
Tue 10 MayDisplayed time zone: Eastern Time (US & Canada) change
03:00 - 04:00 | Mobile Applications 1Journal-First Papers / Technical Track at ICSE room 1-odd hours Chair(s): Luciano Baresi Politecnico di Milano | ||
03:00 5mTalk | FeatCompare: Feature Comparison for Competing Mobile Apps Leveraging User Reviews Journal-First Papers Maram Assi Queen's University, Safwat Hassan Thompson Rivers University, Yuan Tian Queens University, Kingston, Canada, Ying Zou Queen's University, Kingston, Ontario Link to publication Pre-print Media Attached | ||
03:05 5mTalk | Modx: Binary Level Partial Imported Third-Party Library Detection through Program Modularization and Semantic Matching Technical Track Can Yang Institute of Information Engineering, University of Chinese Academy of Sciences, Zhengzi Xu Nanyang Technological University, Hongxu Chen Huawei Technologies Co., Ltd., Yang Liu Nanyang Technological University, Xiaorui Gong Institute of Information Engineering, Chinese Academy of Science, Baoxu Liu Institute of Information Engineering, Chinese Academy of Sciences Pre-print Media Attached | ||
03:10 5mTalk | Large-scale Security Measurements on the Android Firmware Ecosystem Technical Track Qinsheng Hou Shandong University; Qi An Xin Group Corp., Wenrui Diao Shandong University, Yanhao Wang Qi An Xin Group Corp., Xiaofeng Liu Shandong University, Song Liu Qi An Xin Group Corp., Lingyun Ying Qi An Xin Group Corp., Shanqing Guo Shandong University, Yuanzhi Li Qi An Xin Group Corp., Meining Nie Qi An Xin Group Corp., Haixin Duan Institute for Network Science and Cyberspace, Tsinghua University; Qi An Xin Group Corp. Pre-print Media Attached | ||
03:15 5mTalk | Demystifying Android Non-SDK APIs: Measurement and Understanding Technical Track Shishuai Yang Shandong University, Rui Li Shandong University, Jiongyi Chen National University of Defense Technology, Wenrui Diao Shandong University, Shanqing Guo Shandong University Pre-print Media Attached | ||
Wed 11 MayDisplayed time zone: Eastern Time (US & Canada) change
20:00 - 21:00 | Software Security 5Technical Track / SEIP - Software Engineering in Practice / Journal-First Papers at ICSE room 2-even hours Chair(s): Nancy Mead Carnegie Mellon University | ||
20:00 5mTalk | Deep Learning based Vulnerability Detection: Are We There Yet? Journal-First Papers Saikat Chakraborty Columbia University, Rahul Krishna IBM Research, Yangruibo Ding Columbia University, Baishakhi Ray Columbia University Link to publication DOI Media Attached | ||
20:05 5mTalk | An Empirical Study on Implicit Constraints in Smart Contract Static Analysis SEIP - Software Engineering in Practice Tingting Yin Tsinghua University, China, Chao Zhang Tsinghua University, Yuandong Ni Institute for Network Science and Cyberspace of Tsinghua University, Yixiong Wu Institute for Network Science and Cyberspace of Tsinghua University, Taiyu Wong Department of Computer Science and Technology, Tsinghua University, Xiapu Luo Hong Kong Polytechnic University, Zheming Li Tsinghua University, Yu Guo SECBIT labs Pre-print Media Attached | ||
20:10 5mTalk | RoPGen: Towards Robust Code Authorship Attribution via Automatic Coding Style Transformation Technical Track Zhen Li University of Texas at San Antonio, Guenevere (Qian) Chen University of Texas at San Antonio, Chen Chen University of Central Florida, Yayi Zou Northeastern University, Shouhuai Xu University of Colorado Colorado Springs Pre-print Media Attached | ||
20:15 5mTalk | ReMoS: Reducing Defect Inheritance in Transfer Learning via Relevant Model Slicing Technical Track Ziqi Zhang Peking University, Yuanchun Li Microsoft Research, Jindong Wang Microsoft Research, Bingyan Liu Peking University, Ding Li Peking University, Xiangqun Chen Peking University, Yao Guo Peking University, Yunxin Liu Tsinghua University Pre-print Media Attached | ||
20:20 5mTalk | Modx: Binary Level Partial Imported Third-Party Library Detection through Program Modularization and Semantic Matching Technical Track Can Yang Institute of Information Engineering, University of Chinese Academy of Sciences, Zhengzi Xu Nanyang Technological University, Hongxu Chen Huawei Technologies Co., Ltd., Yang Liu Nanyang Technological University, Xiaorui Gong Institute of Information Engineering, Chinese Academy of Science, Baoxu Liu Institute of Information Engineering, Chinese Academy of Sciences Pre-print Media Attached | ||
20:25 5mTalk | Large-scale Security Measurements on the Android Firmware Ecosystem Technical Track Qinsheng Hou Shandong University; Qi An Xin Group Corp., Wenrui Diao Shandong University, Yanhao Wang Qi An Xin Group Corp., Xiaofeng Liu Shandong University, Song Liu Qi An Xin Group Corp., Lingyun Ying Qi An Xin Group Corp., Shanqing Guo Shandong University, Yuanzhi Li Qi An Xin Group Corp., Meining Nie Qi An Xin Group Corp., Haixin Duan Institute for Network Science and Cyberspace, Tsinghua University; Qi An Xin Group Corp. Pre-print Media Attached | ||