English
Related papers

Related papers: A Benchmark Comparison of Python Malware Detection…

200 papers

Malicious attacks on open-source software packages are a growing concern. The discovery of the XZ Utils backdoor intensified these concerns because of the potential widespread impact. This study, therefore, explores the challenges of…

Cryptography and Security · Computer Science 2025-07-22 Duc-Ly Vu , Trevor Dunlap , Karla Obermeier-Velazquez , Thanh-Cong Nguyen , Paul Gibert , John Speed Meyers , Santiago Torres-Arias

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing…

Cryptography and Security · Computer Science 2023-10-17 Piergiorgio Ladisa , Serena Elisa Ponta , Nicola Ronzoni , Matias Martinez , Olivier Barais

Background. In modern software development, the use of external libraries and packages is increasingly prevalent, streamlining the software development process and enabling developers to deploy feature-rich systems with little coding. While…

Software Engineering · Computer Science 2024-12-09 Haya Samaana , Diego Elias Costa , Emad Shihab , Ahmad Abdellatif

The rise of supply chain attacks via malicious Python packages demands robust detection solutions. Current approaches, however, overlook two critical challenges: robustness against adversarial source code transformations and adaptability to…

Cryptography and Security · Computer Science 2025-12-05 Biagio Montaruli , Luca Compagna , Serena Elisa Ponta , Davide Balzarotti

With the continuous rise of malicious campaigns and the exploitation of new attack vectors, it is necessary to assess the efficacy of the defensive mechanisms used to detect them. To this end, the contribution of our work is twofold. First,…

Cryptography and Security · Computer Science 2021-05-04 Vasilios Koutsokostas , Constantinos Patsakis

The Python Package Index (PyPI) has become a target for malicious actors, yet existing detection tools generate false positive rates of 15-30%, incorrectly flagging one-third of legitimate packages as malicious. This problem arises because…

Cryptography and Security · Computer Science 2026-01-28 Wenbo Guo , Chengwei Liu , Ming Kang , Yiran Zhang , Jiahui Wu , Zhengzi Xu , Vinay Sachidananda , Yang Liu

PyPI provides a convenient and accessible package management platform to developers, enabling them to quickly implement specific functions and improve work efficiency. However, the rapid development of the PyPI ecosystem has led to a severe…

Software Engineering · Computer Science 2023-09-21 Wenbo Guo , Zhengzi Xu , Chengwei Liu , Cheng Huang , Yong Fang , Yang Liu

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at…

Cryptography and Security · Computer Science 2026-01-01 Biagio Montaruli , Serena Elisa Ponta , Luca Compagna , Davide Balzarotti

Malicious software packages in open-source ecosystems, such as PyPI, pose growing security risks. Unlike traditional vulnerabilities, these packages are intentionally designed to deceive users, making detection challenging due to evolving…

Software Engineering · Computer Science 2025-04-21 Motunrayo Ibiyo , Thinakone Louangdy , Phuong T. Nguyen , Claudio Di Sipio , Davide Di Ruscio

The NPM ecosystem has become a primary target for software supply chain attacks, yet existing detection tools are evaluated in isolation on incompatible datasets, making cross-tool comparison unreliable. We conduct a benchmark-driven…

Software Engineering · Computer Science 2026-03-31 Wenbo Guo , Zhongwen Chen , Zhengzi Xu , Chengwei Liu , Ming Kang , Shiwen Song , Chengyue Liu , Yijia Xu , Weisong Sun , Yang Liu

Industry practitioners care about small improvements in malware detection accuracy because their models are deployed to hundreds of millions of machines, meaning a 0.1\% change can cause an overwhelming number of false positives. However,…

Machine Learning · Computer Science 2023-12-27 Tirth Patel , Fred Lu , Edward Raff , Charles Nicholas , Cynthia Matuszek , James Holt

Enterprise networks are in constant danger of being breached by cyber-attackers, but making the decision about what security tools to deploy to mitigate this risk requires carefully designed evaluation of security products. One of the most…

Cryptography and Security · Computer Science 2016-08-03 Konstantin Berlin , Joshua Saxe

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern,…

Software Engineering · Computer Science 2025-09-05 Haowei Quan , Junjie Wang , Xinzhe Li , Terry Yue Zhuo , Xiao Chen , Xiaoning Du

Software engineers regularly use JavaScript and Python for both front-end and back-end automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate automation tasks further. Some of these frameworks are Node…

Cryptography and Security · Computer Science 2021-08-24 Berkay Kaplan , Jingyu Qian

Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring makes metadata inspection and static code analysis…

Cryptography and Security · Computer Science 2025-03-04 Sk Tanzir Mehedi , Chadni Islam , Gowri Ramachandran , Raja Jurdak

A package's source code repository records the development history of the package, providing indispensable information for the use and risk monitoring of the package. However, a package release often misses its source code repository due to…

Software Engineering · Computer Science 2024-04-26 Kai Gao , Weiwei Xu , Wenhao Yang , Minghui Zhou

We present and evaluate a large-scale malware detection system integrating machine learning with expert reviewers, treating reviewers as a limited labeling resource. We demonstrate that even in small numbers, reviewers can vastly improve…

The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to…

Cryptography and Security · Computer Science 2023-10-09 Piergiorgio Ladisa , Merve Sahin , Serena Elisa Ponta , Marco Rosa , Matias Martinez , Olivier Barais

Where can we find malware source code? This question is motivated by a real need: there is a dearth of malware source code, which impedes various types of security research. Our work is driven by the following insight: public archives, like…

Cryptography and Security · Computer Science 2020-06-01 Md Omar Faruk Rokon , Risul Islam , Ahmad Darki , Vagelis E. Papalexakis , Michalis Faloutsos

This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in…

Software Engineering · Computer Science 2019-03-12 Jukka Ruohonen
‹ Prev 1 2 3 10 Next ›