DeepAI
Log In Sign Up

If You've Seen One, You've Seen Them All: Leveraging AST Clustering Using MCL to Mimic Expertise to Detect Software Supply Chain Attacks

11/04/2020
by   Marc Ohm, et al.
0

Trojanized software packages used in software supply chain attacks constitute an merging threat. Unfortunately, there is still a lack of scalable approaches that allow automated and timely detection of malicious software packages. However, it has been observed that most attack campaigns comprise multiple packages that share the same or similar malicious code. We leverage that fact to automatically reproduce manually identified clusters of known malicious packages that have been used in real world attacks, thus, reducing the need for expert knowledge and manual inspection. Our approach, AST Clustering using MCL to mimic Expertise (ACME), yields promising results with a F_1 score of 0.99. Signatures are automatically generated based on representative code fragments from clusters and are subsequently used to scan the whole npm registry for unreported malicious packages. We are able to identify and report six malicious packages that have been removed from npm consequentially. Therefore, our approach is able to reproduce clustering based on expert knowledge and hence may be employed by maintainers of package repositories like npm to timely detect possible maliciousness of newly uploaded or updated packages.

READ FULL TEXT
05/19/2020

Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks

A software supply chain attack is characterized by the injection of mali...
10/08/2022

Towards the Detection of Malicious Java Packages

Open-source software supply chain attacks aim at infecting downstream us...
09/16/2022

Malicious Source Code Detection Using Transformer

Open source code is considered a common practice in modern software deve...
02/28/2022

Practical Automated Detection of Malicious npm Packages

The npm registry is one of the pillars of the JavaScript and TypeScript ...
12/19/2021

What are Weak Links in the npm Supply Chain?

Modern software development frequently uses third-party packages, raisin...
02/04/2020

Measuring and Preventing Supply Chain Attacks on Package Managers

Package managers have become a vital part of the modern software develop...
02/03/2021

All Infections are Not Created Equal: Time-Sensitive Prediction of Malware Generated Network Attacks

Many techniques have been proposed for quickly detecting and containing ...