Enregistré dans:
Détails bibliographiques
Auteurs principaux: Guo, Wenbo, Liu, Chengwei, Wang, Limin, Zhang, Yiran, Wu, Jiahui, Xu, Zhengzi, Liu, Yang
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2409.15049
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866915633485053952
author Guo, Wenbo
Liu, Chengwei
Wang, Limin
Zhang, Yiran
Wu, Jiahui
Xu, Zhengzi
Liu, Yang
author_facet Guo, Wenbo
Liu, Chengwei
Wang, Limin
Zhang, Yiran
Wu, Jiahui
Xu, Zhengzi
Liu, Yang
contents Malicious packages in public registries pose serious threats to software supply chain security. While current software component analysis (SCA) tools rely on databases like OSV and Snyk to detect these threats, these databases suffer from delayed updates and incomplete coverage. However, they miss intelligence from unstructured sources like social media and developer forums, where new threats are often first reported. This delay extends the lifecycle of malicious packages and increases risks for downstream users. To address this, we developed a novel and comprehensive approach to construct a platform IntelliRadar to collect disclosed malicious package names from unstructured web content. Specifically, by exhaustively searching and snowballing the public sources of malicious package names, and incorporating large language models (LLMs) with domain-specialized Least to Most prompts, IntelliRadar ensures comprehensive collection of historical and current disclosed malicious package names from diverse unstructured sources. As a result, we constructed a comprehensive malicious package database containing 34,313 malicious NPM and PyPI package names. Our evaluation shows that IntelliRadar achieves high performance (97.91% precision) on malicious package intelligence extraction. Compared to existing databases, IntelliRadar identifies 7,542 more malicious package names than OSV and 12,684 more than Snyk. Furthermore, 76.6% of NPM components and 70.3% of PyPI components in IntelliRadar were collected earlier than in Snyk's database. IntelliRadar is also more cost-efficient, with a cost of $0.003 per piece of malicious package intelligence and only $7 per month for continuous monitoring. Furthermore, we identified and received confirmation for 1,981 malicious packages in downstream package manager mirror registries through the IntelliRadar.
format Preprint
id arxiv_https___arxiv_org_abs_2409_15049
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle IntelliRadar: A Comprehensive Platform to Pinpoint Malicious Package Information from Cyber Intelligence
Guo, Wenbo
Liu, Chengwei
Wang, Limin
Zhang, Yiran
Wu, Jiahui
Xu, Zhengzi
Liu, Yang
Software Engineering
Malicious packages in public registries pose serious threats to software supply chain security. While current software component analysis (SCA) tools rely on databases like OSV and Snyk to detect these threats, these databases suffer from delayed updates and incomplete coverage. However, they miss intelligence from unstructured sources like social media and developer forums, where new threats are often first reported. This delay extends the lifecycle of malicious packages and increases risks for downstream users. To address this, we developed a novel and comprehensive approach to construct a platform IntelliRadar to collect disclosed malicious package names from unstructured web content. Specifically, by exhaustively searching and snowballing the public sources of malicious package names, and incorporating large language models (LLMs) with domain-specialized Least to Most prompts, IntelliRadar ensures comprehensive collection of historical and current disclosed malicious package names from diverse unstructured sources. As a result, we constructed a comprehensive malicious package database containing 34,313 malicious NPM and PyPI package names. Our evaluation shows that IntelliRadar achieves high performance (97.91% precision) on malicious package intelligence extraction. Compared to existing databases, IntelliRadar identifies 7,542 more malicious package names than OSV and 12,684 more than Snyk. Furthermore, 76.6% of NPM components and 70.3% of PyPI components in IntelliRadar were collected earlier than in Snyk's database. IntelliRadar is also more cost-efficient, with a cost of $0.003 per piece of malicious package intelligence and only $7 per month for continuous monitoring. Furthermore, we identified and received confirmation for 1,981 malicious packages in downstream package manager mirror registries through the IntelliRadar.
title IntelliRadar: A Comprehensive Platform to Pinpoint Malicious Package Information from Cyber Intelligence
topic Software Engineering
url https://arxiv.org/abs/2409.15049