Using Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packages
| dc.contributor.author | Ohm, Marc | |
| dc.contributor.author | Götz, Anja | |
| dc.contributor.editor | Klein, Maike | |
| dc.contributor.editor | Krupka, Daniel | |
| dc.contributor.editor | Winter, Cornelia | |
| dc.contributor.editor | Gergeleit, Martin | |
| dc.contributor.editor | Martin, Ludger | |
| dc.date.accessioned | 2024-10-21T18:24:26Z | |
| dc.date.available | 2024-10-21T18:24:26Z | |
| dc.date.issued | 2024 | |
| dc.description.abstract | The proliferation of open source software reuse has led to a significant increase in software supply chain attacks, making it increasingly challenging to identify malicious packages amidst the sheer volume of available packages. Traditional static analysis methods often fall short in detecting these threats due to the complexity and diversity of code semantics. This paper addresses these challenges by leveraging the remarkable success of transformer models in understanding code semantics. We propose a novel approach that utilizes pre-trained transformer models to embed source code, followed by training classifiers on these embeddings. This methodology enables a more nuanced understanding of code semantics, significantly improving the detection of malicious packages. Through extensive experiments, our approach achieves F1-scores as high as 0.98 and an alert rate of 0.09%, demonstrating its effectiveness in detecting malicious code within open source software supply chains. | en |
| dc.identifier.doi | 10.18420/inf2024_40 | |
| dc.identifier.isbn | 978-3-88579-746-3 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/45200 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | INFORMATIK 2024 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-352 | |
| dc.subject | Transformers | |
| dc.subject | Malicious Packages | |
| dc.subject | Software Supply Chain | |
| dc.title | Using Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packages | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 538 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 529 | |
| gi.conference.date | 24.-26. September 2024 | |
| gi.conference.location | Wiesbaden | |
| gi.conference.sessiontitle | Safety in Bytes |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- Ohm_Goetz_Using_Pre_trained_Transformers.pdf
- Größe:
- 345.88 KB
- Format:
- Adobe Portable Document Format