2025-5月论文阅读
Maltracker: A Fine-Grained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset
{2024}, {Zeliang Yu, Ming Wen, Xiaochen Guo, and Hai Jin.}, {ISSTA}
Zeliang Yu, Ming Wen, Xiaochen Guo, and Hai Jin. 2024. Maltracker: A FineGrained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA ’24), September 16–20, 2024, Vienna, Austria. ACM, New York, NY, USA, 13 pages.
Key Points
AST
[ ] 关键点,看文章途中觉得很关键的词可以填写在此处
Summary
- [ ] 写完笔记之后最后填,概述文章的内容,以后查阅笔记的时候先看这一段。注:写文章summary切记需要通过自己的思考,用自己的语言描述。忌讳直接Ctrl + c原文。
Research Objective(s)
- [ ] 作者的研究目标是什么?
Background / Problem Statement
- [ ] 研究的背景以及问题陈述:作者需要解决的问题是什么?
Method(s)
- [ ] 作者解决问题的方法/算法是什么?
- [ ] 是否基于前人的方法?基于了哪些?
Evaluation
setup:
| 软硬件环境 | |
|---|---|
| CPU | R74800H |
| 操作系统 | Windows 10 |
| Python | 3.7 |
| Crypto++ | 8.5 |
| Visual Studio | 2019 |
| Tensorflow | 2.0 |
| SKLearn | 0.24.1 |
- [ ] 作者如何评估自己的方法?
- [ ] 数据集、基线模型
- [ ] 实验的setup(实验环境、配置)是什么样的?
- [ ] 感兴趣实验数据和结果有哪些?
- [ ] 有没有问题或者可以借鉴的地方?
Conclusion
- [ ] 作者给出了哪些结论?
- [ ] 哪些是strong conclusions, 哪些又是weak的conclusions(即作者并没有通过实验提供evidence,只在discussion中提到;或实验的数据并没有给出充分的evidence)?
Thought(s)
一般来说NPM中的恶意攻击可以分为三种主要类型:(本研究重点介绍后两种类型的攻击)
- Attacks during Installation: When users install NPM packages, the scripts specified by package.json of the packages and their dependencies will be executed. Therefore, if such scripts contain any malicious code, the malicious behavior will be triggered.
- 这个方向已经有很多研究并取得了可喜的性能 [4, 37]
- Attacks during Import: The JavaScript ‘require’ mechanism allows executing the code of a required file when it is imported, whether the user invokes it or not. Therefore, importing a compromised file can also trigger those embedded malicious logic.
- Attacks during Runtime: If the malicious logic is injected into a module’s functions, it will be activated when that function is actually invoked at runtime by users.
- Attacks during Installation: When users install NPM packages, the scripts specified by package.json of the packages and their dependencies will be executed. Therefore, if such scripts contain any malicious code, the malicious behavior will be triggered.
[ ] 对这篇文章的疑问和思考
- [ ] 可参考的研究方向,即本文的展望或不足
Notes
[ ] (Optional) 不在以上列表中,但需要特别记录的笔记。
References
- [ ] (Optional) 列出相关性高的文献,以便之后可以继续track下去。
Adriana Sejfia and Max Schäfer. 2022. Practical Automated Detection of Malicious npm Packages. In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 1681–1692. https://doi.org/10.1145/3510003.3510104
Piergiorgio Ladisa, Serena Elisa Ponta, Nicola Ronzoni, Matias Martinez, and Olivier Barais. 2023. On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI. In Proceedings of the Annual Computer Security Applications Conference, ACSAC 2023, Austin, TX, USA, December 4-8, 2023. ACM, 71–82. https://doi.org/10.1145/3627106.3627138
Junan Zhang, Kaifeng Huang, Bihuan Chen, Chong Wang, Zhenhao Tian, and Xin Peng. 2023. Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence. CoRR abs/2309.02637 (2023). https: //doi.org/10.48550/ARXIV.2309.02637 arXiv:2309.02637
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In Proceedings of the 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society. https://www.ndss-symposium.org/ndss-paper/towards-measuring-supplychain- attacks- on- package- managers- for- interpreted- languages/
Benjamin Barslev Nielsen, Martin Toldam Torp, and Anders Møller. 2021. Modular call graph construction for security scanning of Node.js applications. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021, Virtual Event, Denmark, July 11-17, 2021. ACM, 29–41. https://doi.org/10.1145/3460319.3464836
Ahmed Zerouali, Tom Mens, Alexandre Decan, and Coen De Roover. 2022. On the impact of security vulnerabilities in the npm and RubyGems dependency networks. Empir. Softw. Eng. 27, 5 (2022), 107. https://doi.org/10.1007/s10664022- 10154- 1 (提示符)
related work 引用
Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments
{2024}, {}, {ASE}
Key Points
- [ ] 关键点,看文章途中觉得很关键的词可以填写在此处
Summary
- [ ] 写完笔记之后最后填,概述文章的内容,以后查阅笔记的时候先看这一段。注:写文章summary切记需要通过自己的思考,用自己的语言描述。忌讳直接Ctrl + c原文。
Research Objective(s)
- [ ] 作者的研究目标是什么?
Background / Problem Statement
- [ ] 研究的背景以及问题陈述:作者需要解决的问题是什么?
Method(s)
- [ ] 作者解决问题的方法/算法是什么?
- [ ] 是否基于前人的方法?基于了哪些?
Evaluation
setup:
| 软硬件环境 | |
|---|---|
| CPU | R74800H |
| 操作系统 | Windows 10 |
| Python | 3.7 |
| Crypto++ | 8.5 |
| Visual Studio | 2019 |
| Tensorflow | 2.0 |
| SKLearn | 0.24.1 |
- [ ] 作者如何评估自己的方法?
- [ ] 数据集、基线模型
- [ ] 实验的setup(实验环境、配置)是什么样的?
- [ ] 感兴趣实验数据和结果有哪些?
- [ ] 有没有问题或者可以借鉴的地方?
Conclusion
- [ ] 作者给出了哪些结论?
- [ ] 哪些是strong conclusions, 哪些又是weak的conclusions(即作者并没有通过实验提供evidence,只在discussion中提到;或实验的数据并没有给出充分的evidence)?
Thought(s)
- [ ] 对这篇文章的疑问和思考
- [ ] 可参考的研究方向,即本文的展望或不足
Notes
- [ ] (Optional) 不在以上列表中,但需要特别记录的笔记。
References
- [ ] (Optional) 列出相关性高的文献,以便之后可以继续track下去。
引用1
引用2
引用3
……
