English
Related papers

Related papers: DONAPI: Malicious NPM Packages Detector using Beha…

200 papers

Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial…

Software Engineering · Computer Science 2026-01-27 Muhammad Umar Zeshan , Motunrayo Ibiyo , Claudio Di Sipio , Phuong T. Nguyen , Davide Di Ruscio

Securing software supply chains is a growing challenge due to the inadequacy of existing datasets in capturing the complexity of next-gen attacks, such as multiphase malware execution, remote access activation, and dynamic payload…

Cryptography and Security · Computer Science 2026-02-12 Sk Tanzir Mehedi , Raja Jurdak , Chadni Islam , Gowri Ramachandran

Background: The Node Package Manager (npm) ecosystem plays a vital role in modern software development by providing a vast repository of packages and tools that developers can use to implement their software systems. However, recent…

Software Engineering · Computer Science 2026-01-29 Anthony Peruma , Truman Choy , Gerald Lee , Italo De Oliveira Santos

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

As computing systems become increasingly advanced and as users increasingly engage themselves in technology, security has never been a greater concern. In malware detection, static analysis, the method of analyzing potentially malicious…

Cryptography and Security · Computer Science 2018-05-22 Chan Woo Kim

Malware attacks pose a significant threat in today's interconnected digital landscape, causing billions of dollars in damages. Detecting and identifying families as early as possible provides an edge in protecting against such malware. We…

Cryptography and Security · Computer Science 2025-02-19 Christofer Fellicious , Manuel Bischof , Kevin Mayer , Dorian Eikenberg , Stefan Hausotte , Hans P. Reiser , Michael Granitzer

The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages.…

Cryptography and Security · Computer Science 2019-06-10 Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , Michael Pradel

Software developers typically rely upon a large network of dependencies to build their applications. For instance, the NPM package repository contains over 3 million packages and serves tens of billions of downloads weekly. Understanding…

Software Engineering · Computer Science 2023-08-25 Donald Pinckney , Federico Cassano , Arjun Guha , Jonathan Bell

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning (ML) models to…

Cryptography and Security · Computer Science 2025-06-18 Xingan Gao , Xiaobing Sun , Sicong Cao , Kaifeng Huang , Di Wu , Xiaolei Liu , Xingwei Lin , Yang Xiang

The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation.…

Cryptography and Security · Computer Science 2026-04-30 Sk Tanzir Mehedi , Raja Jurdak , Chadni Islam , Abu Bakar Siddique Mahi , Gowri Ramachandran

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly…

Cryptography and Security · Computer Science 2026-01-27 Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu , Ngoc-Thanh Nguyen , Kim-Anh Do Thi

Language-based ecosystems (LBE), i.e., software ecosystems based on a single programming language, are very common. Examples include the npm ecosystem for JavaScript, and PyPI for Python. These environments encourage code reuse between…

Cryptography and Security · Computer Science 2021-12-01 Ruturaj K. Vaidya , Lorenzo De Carli , Drew Davidson , Vaibhav Rastogi

In response to the volume and sophistication of malicious software or malware, security investigators rely on dynamic analysis for malware detection to thwart obfuscation and packing issues. Dynamic analysis is the process of executing…

Cryptography and Security · Computer Science 2019-01-16 ElMouatez Billah Karbab , Mourad Debbabi

Open-source software serves as a foundation for the internet and the cyber supply chain, but its exploitation is becoming increasingly prevalent. While advances in vulnerability detection for OSS have been significant, prior research has…

Cryptography and Security · Computer Science 2024-12-02 Zhuoran Tan , Christos Anagnosstopoulos , Jeremy Singer

Software engineers regularly use JavaScript and Python for both front-end and back-end automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate automation tasks further. Some of these frameworks are Node…

Cryptography and Security · Computer Science 2021-08-24 Berkay Kaplan , Jingyu Qian

The rise of supply chain attacks via malicious Python packages demands robust detection solutions. Current approaches, however, overlook two critical challenges: robustness against adversarial source code transformations and adaptability to…

Cryptography and Security · Computer Science 2025-12-05 Biagio Montaruli , Luca Compagna , Serena Elisa Ponta , Davide Balzarotti

The npm (Node Package Manager) ecosystem is the most important package manager for JavaScript development with millions of users. Consequently, a plethora of earlier work investigated how vulnerability reporting, patch propagation, and in…

Cryptography and Security · Computer Science 2025-06-10 Rajdeep Ghosh , Shiladitya De , Mainack Mondal

Malicious software packages in open-source ecosystems, such as PyPI, pose growing security risks. Unlike traditional vulnerabilities, these packages are intentionally designed to deceive users, making detection challenging due to evolving…

Software Engineering · Computer Science 2025-04-21 Motunrayo Ibiyo , Thinakone Louangdy , Phuong T. Nguyen , Claudio Di Sipio , Davide Di Ruscio

Modern software package registries like PyPI have become critical infrastructure for software development, but are increasingly exploited by threat actors distributing malicious packages with sophisticated multi-stage attack chains. While…

Cryptography and Security · Computer Science 2026-01-13 Takaaki Toda , Tatsuya Mori

In this paper, we propose a framework for early-stage malware detection and mitigation by leveraging natural language processing (NLP) techniques and machine learning algorithms. Our primary contribution is presenting an approach for…

Cryptography and Security · Computer Science 2023-06-13 Zahra Jamadi , Amir G. Aghdam