Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages
By: Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu and more
Potential Business Impact:
Finds hidden bad code in computer programs safely.
The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated malware. Such situations lead to an unreasonably high rate of false positives. This paper highlights that dynamic analysis, rather than static analysis, provides greater insight but is also more resource-intensive for understanding software behaviour during execution. In this study, we enhance a dynamic analysis tool, package-analysis, to capture key runtime behaviours, including commands executed, files accessed, and network communications. This modification enables the use of container sandboxing technologies, such as gVisor, to analyse potentially malicious packages without significantly compromising the host system.
Similar Papers
Towards Classifying Benign And Malicious Packages Using Machine Learning
Cryptography and Security
Finds bad computer code before it causes harm.
AutoMalDesc: Large-Scale Script Analysis for Cyber Threat Research
Cryptography and Security
Explains computer threats automatically, saving time.
SaMOSA: Sandbox for Malware Orchestration and Side-Channel Analysis
Cryptography and Security
Finds computer viruses in machines that control things.