English
Related papers

Related papers: Towards Classifying Benign And Malicious Packages …

200 papers

Background. In modern software development, the use of external libraries and packages is increasingly prevalent, streamlining the software development process and enabling developers to deploy feature-rich systems with little coding. While…

Software Engineering · Computer Science 2024-12-09 Haya Samaana , Diego Elias Costa , Emad Shihab , Ahmad Abdellatif

The npm registry is one of the pillars of the JavaScript and TypeScript ecosystems, hosting over 1.7 million packages ranging from simple utility libraries to complex frameworks and entire applications. Due to the overwhelming popularity of…

Cryptography and Security · Computer Science 2022-03-01 Adriana Sejfia , Max Schäfer

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly…

Cryptography and Security · Computer Science 2026-01-27 Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu , Ngoc-Thanh Nguyen , Kim-Anh Do Thi

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing…

Cryptography and Security · Computer Science 2023-10-17 Piergiorgio Ladisa , Serena Elisa Ponta , Nicola Ronzoni , Matias Martinez , Olivier Barais

Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages…

Software Engineering · Computer Science 2024-04-18 Xiaoyan Zhou , Feiran Liang , Zhaojie Xie , Yang Lan , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

The paper describes how to detect malicious executable files based on static analysis of their binary content. The stages of pre-processing and cleaning data extracted from different areas of executable files are analyzed. Methods of…

Cryptography and Security · Computer Science 2020-07-16 Nikolay Prudkovskiy

Malicious websites are responsible for a majority of the cyber-attacks and scams today. Malicious URLs are delivered to unsuspecting users via email, text messages, pop-ups or advertisements. Clicking on or crawling such URLs can result in…

Cryptography and Security · Computer Science 2019-10-15 Apoorva Joshi , Levi Lloyd , Paul Westin , Srini Seethapathy

Trojanized software packages used in software supply chain attacks constitute an emerging threat. Unfortunately, there is still a lack of scalable approaches that allow automated and timely detection of malicious software packages and thus…

Cryptography and Security · Computer Science 2021-03-22 Marc Ohm , Lukas Kempf , Felix Boes , Michael Meier

The constant growth in the number of malware - software or code fragment potentially harmful for computers and information networks - and the use of sophisticated evasion and obfuscation techniques have seriously hindered classic…

Cryptography and Security · Computer Science 2021-06-11 Nicola Loi , Claudio Borile , Daniele Ucci

The open-source software (OSS) ecosystem suffers from security threats caused by malware.However, OSS malware research has three limitations: a lack of high-quality datasets, a lack of malware diversity, and a lack of attack campaign…

Cryptography and Security · Computer Science 2025-04-18 Xiaoyan Zhou , Ying Zhang , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect…

Cryptography and Security · Computer Science 2022-10-11 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais , Serena Elisa Ponta

Malware represents a significant security concern in today's digital landscape, as it can destroy or disable operating systems, steal sensitive user information, and occupy valuable disk space. However, current malware detection methods,…

Cryptography and Security · Computer Science 2023-12-21 Chenzhong Yin , Hantang Zhang , Mingxi Cheng , Xiongye Xiao , Xinghe Chen , Xin Ren , Paul Bogdan

In detecting malicious websites, a common approach is the use of blacklists which are not exhaustive in themselves and are unable to generalize to new malicious sites. Detecting newly encountered malicious websites automatically will help…

Cryptography and Security · Computer Science 2022-09-21 Adebayo Oshingbesan , Courage Ekoh , Chukwuemeka Okobi , Aime Munezero , Kagame Richard

The prevalence of malicious packages in open-source repositories, such as PyPI, poses a critical threat to the software supply chain. While Large Language Models (LLMs) have emerged as a promising tool for automated security tasks, their…

Cryptography and Security · Computer Science 2026-03-03 Ahmed Ryan , Ibrahim Khalil , Abdullah Al Jahid , Md Erfan , Sungbin Park , Akond Ashfaque Ur Rahman , Md Rayhanur Rahman

Malicious email attachments are a growing delivery vector for malware. While machine learning has been successfully applied to portable executable (PE) malware detection, we ask, can we extend similar approaches to detect malware across…

Cryptography and Security · Computer Science 2018-04-24 Ethan M. Rudd , Richard Harang , Joshua Saxe

Analysing malware is important to understand how malicious software works and to develop appropriate detection and prevention methods. Dynamic analysis can overcome evasion techniques commonly used to bypass static analysis and provide…

Cryptography and Security · Computer Science 2023-10-30 Baskoro Adi Pratomo , Toby Jackson , Pete Burnap , Andrew Hood , Eirini Anthi

The NPM ecosystem has become a primary target for software supply chain attacks, yet existing detection tools are evaluated in isolation on incompatible datasets, making cross-tool comparison unreliable. We conduct a benchmark-driven…

Software Engineering · Computer Science 2026-03-31 Wenbo Guo , Zhongwen Chen , Zhengzi Xu , Chengwei Liu , Ming Kang , Shiwen Song , Chengyue Liu , Yijia Xu , Weisong Sun , Yang Liu

Be it for a malicious or legitimate purpose, packing, a transformation that consists in applying various operations like compression or encryption to a binary file, i.e. for making reverse engineering harder or obfuscating code, is widely…

Cryptography and Security · Computer Science 2023-02-21 Alexandre D'Hondt , Charles-Henry Bertrand Van Ouytsel , Axel Legay

The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. The application of packing to the original executable code renders…

Cryptography and Security · Computer Science 2025-06-24 Daniel Gibert , Nikolaos Totosis , Constantinos Patsakis , Giulio Zizzo , Quan Le
‹ Prev 1 2 3 10 Next ›