Maltracker: A Fine-Grained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset

{2024}, {Zeliang Yu, Ming Wen, Xiaochen Guo, and Hai Jin.}, {ISSTA}

Zeliang Yu, Ming Wen, Xiaochen Guo, and Hai Jin. 2024. Maltracker: A FineGrained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA ’24), September 16–20, 2024, Vienna, Austria. ACM, New York, NY, USA, 13 pages.

Key Points

  • AST

Summary

Research Objective(s)

Background / Problem Statement

Method(s)

基线模型

基于规则的:

  • OSSGadget

基于学习的:

  • Amalfi
  • Ladisaa

Evaluation

setup:

软硬件环境
CPU R74800H
操作系统 Windows 10
Python 3.7
Crypto++ 8.5
Visual Studio 2019
Tensorflow 2.0
SKLearn 0.24.1

Conclusion

Thought(s)

  • 一般来说NPM中的恶意攻击可以分为三种主要类型:(本研究重点介绍后两种类型的攻击)
    • Attacks during Installation: When users install NPM packages, the scripts specified by package.json of the packages and their dependencies will be executed. Therefore, if such scripts contain any malicious code, the malicious behavior will be triggered.
      • 这个方向已经有很多研究并取得了可喜的性能 [4, 37]
    • Attacks during Import: The JavaScript ‘require’ mechanism allows executing the code of a required file when it is imported, whether the user invokes it or not. Therefore, importing a compromised file can also trigger those embedded malicious logic.
    • Attacks during Runtime: If the malicious logic is injected into a module’s functions, it will be activated when that function is actually invoked at runtime by users.

Notes

References

Adriana Sejfia and Max Schäfer. 2022. Practical Automated Detection of Malicious npm Packages. In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 1681–1692. https://doi.org/10.1145/3510003.3510104

Piergiorgio Ladisa, Serena Elisa Ponta, Nicola Ronzoni, Matias Martinez, and Olivier Barais. 2023. On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI. In Proceedings of the Annual Computer Security Applications Conference, ACSAC 2023, Austin, TX, USA, December 4-8, 2023. ACM, 71–82. https://doi.org/10.1145/3627106.3627138

Junan Zhang, Kaifeng Huang, Bihuan Chen, Chong Wang, Zhenhao Tian, and Xin Peng. 2023. Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence. CoRR abs/2309.02637 (2023). https: //doi.org/10.48550/ARXIV.2309.02637 arXiv:2309.02637

Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In Proceedings of the 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society. https://www.ndss-symposium.org/ndss-paper/towards-measuring-supplychain- attacks- on- package- managers- for- interpreted- languages/

Benjamin Barslev Nielsen, Martin Toldam Torp, and Anders Møller. 2021. Modular call graph construction for security scanning of Node.js applications. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021, Virtual Event, Denmark, July 11-17, 2021. ACM, 29–41. https://doi.org/10.1145/3460319.3464836

Ahmed Zerouali, Tom Mens, Alexandre Decan, and Coen De Roover. 2022. On the impact of security vulnerabilities in the npm and RubyGems dependency networks. Empir. Softw. Eng. 27, 5 (2022), 107. https://doi.org/10.1007/s10664022- 10154- 1 (提示符)

related work 引用

Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments

{2024}, {}, {ASE}

Key Points

Summary

Research Objective(s)

Background / Problem Statement

Method(s)

Evaluation

setup:

软硬件环境
CPU R74800H
操作系统 Windows 10
Python 3.7
Crypto++ 8.5
Visual Studio 2019
Tensorflow 2.0
SKLearn 0.24.1

Conclusion

Thought(s)

Notes

References

引用1

引用2

引用3

......