English
Related papers

Related papers: Understanding NPM Malicious Package Detection: A B…

200 papers

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

The prevalence of malicious packages in open-source repositories, such as PyPI, poses a critical threat to the software supply chain. While Large Language Models (LLMs) have emerged as a promising tool for automated security tasks, their…

Cryptography and Security · Computer Science 2026-03-03 Ahmed Ryan , Ibrahim Khalil , Abdullah Al Jahid , Md Erfan , Sungbin Park , Akond Ashfaque Ur Rahman , Md Rayhanur Rahman

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing…

Cryptography and Security · Computer Science 2023-10-17 Piergiorgio Ladisa , Serena Elisa Ponta , Nicola Ronzoni , Matias Martinez , Olivier Barais

The npm registry is one of the pillars of the JavaScript and TypeScript ecosystems, hosting over 1.7 million packages ranging from simple utility libraries to complex frameworks and entire applications. Due to the overwhelming popularity of…

Cryptography and Security · Computer Science 2022-03-01 Adriana Sejfia , Max Schäfer

Recent progress in machine learning has generated promising results in behavioral malware detection. Behavioral modeling identifies malicious processes via features derived by their runtime behavior. Behavioral features hold great promise…

Cryptography and Security · Computer Science 2019-11-07 Fabio De Gaspari , Dorjan Hitaj , Giulio Pagnotta , Lorenzo De Carli , Luigi V. Mancini

Open-source ecosystems such as NPM and PyPI are increasingly targeted by supply chain attacks, yet existing detection methods either depend on fragile handcrafted rules or data-driven features that fail to capture evolving attack semantics.…

Software Engineering · Computer Science 2026-01-26 Wenbo Guo , Shiwen Song , Jiaxun Guo , Zhengzi Xu , Chengwei Liu , Haoran Ou , Mengmeng Ge , Yang Liu

With the growing popularity of modularity in software development comes the rise of package managers and language ecosystems. Among them, npm stands out as the most extensive package manager, hosting more than 2 million third-party…

Cryptography and Security · Computer Science 2024-03-14 Cheng Huang , Nannan Wang , Ziyan Wang , Siqi Sun , Lingzi Li , Junren Chen , Qianchong Zhao , Jiaxuan Han , Zhen Yang , Lei Shi

Software supply chain attacks targeting the npm ecosystem have become increasingly sophisticated, leveraging obfuscation and complex logic to evade traditional detection mechanisms. Recently, large language models (LLMs) have attracted…

Cryptography and Security · Computer Science 2026-01-13 Dang-Khoa Nguyen , Gia-Thang Ho , Quang-Minh Pham , Tuyet A. Dang-Thi , Minh-Khanh Vu , Thanh-Cong Nguyen , Phat T. Tran-Truong , Duc-Ly Vu

Open-source software (OSS) supply chain enlarges the attack surface, which makes package registries attractive targets for attacks. Recently, package registries NPM and PyPI have been flooded with malicious packages. The effectiveness of…

Cryptography and Security · Computer Science 2025-05-05 Junan Zhang , Kaifeng Huang , Yiheng Huang , Bihuan Chen , Ruisi Wang , Chong Wang , Xin Peng

The widespread adoption of open-source ecosystems enables developers to integrate third-party packages, but also exposes them to malicious packages crafted to execute harmful behavior via public repositories such as PyPI. Existing datasets…

Cryptography and Security · Computer Science 2025-12-16 Ahmed Ryan , Junaid Mansur Ifti , Md Erfan , Akond Ashfaque Ur Rahman , Md Rayhanur Rahman

Background. In modern software development, the use of external libraries and packages is increasingly prevalent, streamlining the software development process and enabling developers to deploy feature-rich systems with little coding. While…

Software Engineering · Computer Science 2024-12-09 Haya Samaana , Diego Elias Costa , Emad Shihab , Ahmad Abdellatif

Trivial packages, small modules with low functionality, are common in the npm ecosystem and can pose security risks despite their simplicity. This paper refines existing definitions and introduce data-only packages that contain no…

Software Engineering · Computer Science 2025-10-07 Napasorn Tevarut , Brittany Reid , Yutaro Kashiwa , Pattara Leelaprute , Arnon Rungsawang , Bundit Manaskasemsak , Hajimu Iida

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning (ML) models to…

Cryptography and Security · Computer Science 2025-06-18 Xingan Gao , Xiaobing Sun , Sicong Cao , Kaifeng Huang , Di Wu , Xiaolei Liu , Xingwei Lin , Yang Xiang

Analysing malware is important to understand how malicious software works and to develop appropriate detection and prevention methods. Dynamic analysis can overcome evasion techniques commonly used to bypass static analysis and provide…

Cryptography and Security · Computer Science 2023-10-30 Baskoro Adi Pratomo , Toby Jackson , Pete Burnap , Andrew Hood , Eirini Anthi

The Python Package Index (PyPI) has become a target for malicious actors, yet existing detection tools generate false positive rates of 15-30%, incorrectly flagging one-third of legitimate packages as malicious. This problem arises because…

Cryptography and Security · Computer Science 2026-01-28 Wenbo Guo , Chengwei Liu , Ming Kang , Yiran Zhang , Jiahui Wu , Zhengzi Xu , Vinay Sachidananda , Yang Liu

Background: The Node Package Manager (npm) ecosystem plays a vital role in modern software development by providing a vast repository of packages and tools that developers can use to implement their software systems. However, recent…

Software Engineering · Computer Science 2026-01-29 Anthony Peruma , Truman Choy , Gerald Lee , Italo De Oliveira Santos

Existing malicious code detection techniques demand the integration of multiple tools to detect different malware patterns, often suffering from high misclassification rates. Therefore, malicious code detection techniques could be enhanced…

Cryptography and Security · Computer Science 2025-01-07 Nusrat Zahan , Philipp Burckhardt , Mikola Lysenko , Feross Aboukhadijeh , Laurie Williams

The open-source software (OSS) ecosystem suffers from security threats caused by malware.However, OSS malware research has three limitations: a lack of high-quality datasets, a lack of malware diversity, and a lack of attack campaign…

Cryptography and Security · Computer Science 2025-04-18 Xiaoyan Zhou , Ying Zhang , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages…

Software Engineering · Computer Science 2024-04-18 Xiaoyan Zhou , Feiran Liang , Zhaojie Xie , Yang Lan , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

A promising avenue for improving the effectiveness of behavioral-based malware detectors would be to combine fast traditional machine learning detectors with high-accuracy, but time-consuming deep learning models. The main idea would be to…

Cryptography and Security · Computer Science 2020-06-16 Ruimin Sun , Marcus Botacin , Nikolaos Sapountzis , Xiaoyong Yuan , Matt Bishop , Donald E Porter , Xiaolin Li , Andre Gregio , Daniela Oliveira
‹ Prev 1 2 3 10 Next ›