Towards Classifying Benign And Malicious Packages Using Machine Learning
By: Thanh-Cong Nguyen , Ngoc-Thanh Nguyen , Van-Giau Ung and more
Potential Business Impact:
Finds bad computer code before it causes harm.
Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures (CVEs) in open-source packages, there are very few studies on detecting malicious packages. Malicious open-source package detection typically requires static, dynamic analysis, or both. Dynamic analysis is more effective as it can expose a package's behaviors at runtime. However, current dynamic analysis tools (e.g., ossf's package-analysis) lack an automatic method to differentiate malicious packages from benign packages. In this paper, we propose an approach to extract the features from dynamic analysis (e.g., executed commands) and leverage machine learning techniques to automatically classify packages as benign or malicious. Our evaluation of nearly 2000 packages on npm shows that the machine learning classifier achieves an AUC of 0.91 with a false positive rate of nearly 0%.
Similar Papers
Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages
Cryptography and Security
Finds hidden bad code in computer programs safely.
MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem
Cryptography and Security
Finds bad computer code before it causes harm.
Learning to Triage Taint Flows Reported by Dynamic Program Analysis in Node.js Packages
Cryptography and Security
Helps find computer bugs faster and easier.