Practical Automated Detection of Malicious npm Packages

28 February 2022

Papers citing "Practical Automated Detection of Malicious npm Packages"

18 / 18 papers shown

Title
DySec: A Machine Learning-based Dynamic Analysis for Detecting Malicious Packages in PyPI Ecosystem Sk Tanzir Mehedi Chadni Islam Gowri Ramachandran Raja Jurdak 34 1 0 01 Mar 2025
SoK: A Systems Perspective on Compound AI Threats and Countermeasures Sarbartha Banerjee Prateek Sahu Mulong Luo Anjo Vahldiek-Oberwagner N. Yadwadkar Mohit Tiwari AAML 77 0 0 20 Nov 2024
Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments Xinyi Zheng Chen Wei Shenao Wang Yanjie Zhao Peiming Gao Yuanchao Zhang Kailong Wang Haoyu Wang 32 3 0 14 Sep 2024
Tactics, Techniques, and Procedures (TTPs) in Interpreted Malware: A Zero-Shot Generation with Large Language Models Ying Zhang Xiaoyan Zhou Hui Wen Wenjia Niu Jiqiang Liu Haining Wang Qiang Li 46 3 0 11 Jul 2024
SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties C. Okafor Taylor R. Schorlemmer Santiago Torres-Arias James C. Davis 34 41 0 14 Jun 2024
A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems Xiaoyan Zhou Feiran Liang Zhaojie Xie Yang Lan Wenjia Niu Jiqiang Liu Haining Wang Qiang Li 29 1 0 17 Apr 2024
Leveraging Large Language Models to Detect npm Malicious Packages Nusrat Zahan Philipp Burckhardt Mikola Lysenko Feross Aboukhadijeh Laurie A. Williams 45 2 0 18 Mar 2024
A Survey of Source Code Representations for Machine Learning-Based Cybersecurity Tasks B.K. Casey Joanna C. S. Santos George Perry 68 5 0 15 Mar 2024
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping Cheng Huang Nannan Wang Ziteng Wang Siqi Sun Lingzi Li Junren Chen Qianchong Zhao Jiaxuan Han Zhen Yang Lei Shi Sichuan University 34 9 0 13 Mar 2024
Malicious Package Detection using Metadata Information Sajal Halder Michael Bewong Arash Mahboubi Yinhao Jiang Md. Rafiqul Islam Md. Zahidul Islam Ryan H. L. Ip Muhammad Ejaz Ahmed Gowri Ramachandran Muhammad Ali Babar 15 7 0 12 Feb 2024
On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI Piergiorgio Ladisa Serena Elisa Ponta Nicola Ronzoni Matias Martinez Olivier Barais 31 11 0 14 Oct 2023
The Hitchhiker's Guide to Malicious Third-Party Dependencies Piergiorgio Ladisa Merve Sahin Serena Elisa Ponta M. Rosa Matias Martinez Olivier Barais 19 7 0 18 Jul 2023
You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js Marc Ohm Timo Pohl Felix Boes 28 5 0 31 May 2023
Journey to the Center of Software Supply Chain Attacks Piergiorgio Ladisa Serena Elisa Ponta A. Sabetta Matias Martinez Olivier Barais 16 4 0 11 Apr 2023
Beyond the Surface: Investigating Malicious CVE Proof of Concept Exploits on GitHub Soufian El Yadmani Robin The Olga Gadyatskaya 39 2 0 15 Oct 2022
Towards the Detection of Malicious Java Packages Piergiorgio Ladisa H. Plate Matias Martinez Olivier Barais Serena Elisa Ponta 42 14 0 08 Oct 2022
A Benchmark Comparison of Python Malware Detection Approaches Duc-Ly Vu Zachary Newman J. Meyers 14 21 0 27 Sep 2022
Taxonomy of Attacks on Open-Source Software Supply Chains Piergiorgio Ladisa H. Plate Matias Martinez Olivier Barais 17 138 0 08 Apr 2022