Logo des Repositoriums
 

Using Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packages

dc.contributor.authorOhm, Marc
dc.contributor.authorGötz, Anja
dc.contributor.editorKlein, Maike
dc.contributor.editorKrupka, Daniel
dc.contributor.editorWinter, Cornelia
dc.contributor.editorGergeleit, Martin
dc.contributor.editorMartin, Ludger
dc.date.accessioned2024-10-21T18:24:26Z
dc.date.available2024-10-21T18:24:26Z
dc.date.issued2024
dc.description.abstractThe proliferation of open source software reuse has led to a significant increase in software supply chain attacks, making it increasingly challenging to identify malicious packages amidst the sheer volume of available packages. Traditional static analysis methods often fall short in detecting these threats due to the complexity and diversity of code semantics. This paper addresses these challenges by leveraging the remarkable success of transformer models in understanding code semantics. We propose a novel approach that utilizes pre-trained transformer models to embed source code, followed by training classifiers on these embeddings. This methodology enables a more nuanced understanding of code semantics, significantly improving the detection of malicious packages. Through extensive experiments, our approach achieves F1-scores as high as 0.98 and an alert rate of 0.09%, demonstrating its effectiveness in detecting malicious code within open source software supply chains.en
dc.identifier.doi10.18420/inf2024_40
dc.identifier.eissn2944-7682
dc.identifier.isbn978-3-88579-746-3
dc.identifier.issn2944-7682
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/45200
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofINFORMATIK 2024
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-352
dc.subjectTransformers
dc.subjectMalicious Packages
dc.subjectSoftware Supply Chain
dc.titleUsing Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packagesen
dc.typeText/Conference Paper
gi.citation.endPage538
gi.citation.publisherPlaceBonn
gi.citation.startPage529
gi.conference.date24.-26. September 2024
gi.conference.locationWiesbaden
gi.conference.sessiontitleSafety in Bytes

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
Ohm_Goetz_Using_Pre_trained_Transformers.pdf
Größe:
345.88 KB
Format:
Adobe Portable Document Format