Precise and Efficient Third-party Java Libraries Identification Tool for Collaborative Software

Collaborative systems frequently depend on various software components, like third-party libraries (TPLs), to execute their functions and expedite the development of the system. The security of an entire collaboration system can be compromised by a TPL that is vulnerable, particularly in an industrial setting. Unfortunately, current TPL detection tools encounter difficulties in precisely identifying version levels and exhibit inefficiency in detecting TPLs on a large scale.To address these challenges, we recommend JHunter, a precise and efficient tool for detecting TPL version details. Our approach involves introducing a novel concept called the attribute class dependency graph (ACDG) as a feature at the package level for TPLs. We then utilise a graph neural network-based method to compare the similarity of ACDGs and identify a list of candidate TPLs. Later, we use more detailed class-level features, such as Control Flow Graphs (CFGs), and constant features to determine version-specific information. We collected 19,095 different versions of TPLs from Maven to build our feature database. Our analysis demonstrates the effectiveness of JHunter on a real-world dataset, achieving F1 scores of 99.34% and 97.28% at the library and version levels, respectively, surpassing previous state-of-the-art (SOTA) results.