Logo des Repositoriums
 

Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors

dc.contributor.authorOhm, Marc
dc.contributor.authorKempf, Lukas
dc.contributor.authorBoes, Felix
dc.contributor.authorMeier, Michael
dc.contributor.editorChristian Wressnegger, Delphine Reinhardt
dc.date.accessioned2023-01-24T11:17:51Z
dc.date.available2023-01-24T11:17:51Z
dc.date.issued2022
dc.description.abstractTrojanized software packages used in software supply chain attacks constitute an emerging threat. Unfortunately, there is still a lack of scalable approaches that allow automated and timely detection of malicious software packages and thus most detections are based on manual labor and expertise. However, it has been observed that most attack campaigns comprise multiple packages that share the same or similar malicious code. We leverage that fact to automatically reproduce manually identified clusters of known malicious packages that have been used in real world attacks, thus, reducing the need for expert knowledge and manual inspection. Our approach, AST Clustering using MCL to mimic Expertise (ACME), yields promising results with a F1 score of 0.99. Signatures are automatically generated based on characteristic code fragments from clusters and are subsequently used to scan the whole npm registry for unreported malicious packages. We are able to identify and report six malicious packages that have been removed from npm consequentially. Therefore, our approach can support the detection by reducing manual labor and hence may be employed by maintainers of package repositories to detect possible software supply chain attacks through trojanized software packages.en
dc.identifier.doi10.18420/sicherheit2022_02
dc.identifier.isbn978-3-88579-717-3
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/40141
dc.language.isoen
dc.publisherGesellschaft für Informatik, Bonn
dc.relation.ispartofGI SICHERHEIT 2022
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-323
dc.subjectSoftware Supply Chain
dc.subjectMalware
dc.subjectAbstract Syntax Tree
dc.subjectMarkov Cluster Algorithm
dc.titleTowards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actorsen
gi.citation.endPage47
gi.citation.startPage35
gi.conference.date5.-8. April 2022
gi.conference.locationKarlsruhe
gi.conference.sessiontitleSession 1

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
B1-2.pdf
Größe:
287.54 KB
Format:
Adobe Portable Document Format