Enhancing Detection of Malicious Packages in Open-Source Software
A new method improves identification of harmful packages in NPM and PyPI.
― 6 min read
Table of Contents
Open-source software (OSS) is increasingly used in many projects, but this growth also raises security concerns. Package registries like NPM and PyPI, which host these software packages, have become common targets for attacks. Recently, there has been a surge in Malicious Packages in these registries, leading to significant risks for developers and users.
Detecting these malicious packages is challenging due to two main issues. First, it is difficult to combine knowledge about malicious packages from different ecosystems effectively. Second, accurately capturing how these malicious packages behave over time is complex. This article discusses a new approach to detect malicious packages in NPM and PyPI by modeling their behavior in a more effective way.
Background
Package registries like NPM and PyPI store millions of packages that developers use in their projects. However, these registries are also vulnerable to attacks where malicious code can be injected into packages. For example, in 2022, a massive number of packages were removed from PyPI due to malware. Malicious packages can perform harmful actions like stealing data or spreading more malware.
The frequency of attacks on OSS supply chains has increased drastically. Statistics show that the number of attacks has skyrocketed in recent years, illustrating a growing trend that threatens the integrity of software development.
The Problem
Malicious package detection faces several hurdles. One key problem is that attackers frequently change their techniques, which makes it hard for existing detection methods to keep up. Additionally, detecting malicious behavior is often done using rules based on specific characteristics of packages, which may not always identify new types of malicious actions effectively.
Traditional methods of detection in these ecosystems often rely on specific metadata, such as package names or known behaviors, which can lead to high rates of false positives. This means that legitimate packages could be flagged as malicious simply because they match certain patterns.
There are two main challenges in malicious package detection:
Combining Knowledge Across Ecosystems: The various ecosystems (like NPM and PyPI) do not share information about malicious packages openly. This lack of data can reduce the effectiveness of detection methods that rely on learning from other ecosystems.
Modeling Malicious Behavior: Malicious activities occur in sequences, meaning that understanding the order of actions is crucial. However, many existing detection techniques treat these actions individually, missing the bigger picture.
New Approach
To tackle these challenges, a new system was developed to detect malicious packages in both NPM and PyPI. The system consists of three main parts: a Feature Extractor, a behavior sequence generator, and a maliciousness classifier.
Feature Extractor
The feature extractor looks at the source code of packages to identify suspicious behaviors. Instead of relying on metadata, this tool analyzes the actual code to find patterns that indicate malicious activities. It can identify things like:
- Sensitive Information Reading: Detecting when a package tries to access personal data.
- Data Transmission: Finding instances where the package tries to communicate with external servers.
- Malicious Executions: Noticing commands that could execute harmful operations.
By focusing on the code itself, this extractor gathers a wide range of features that help in recognizing patterns of malicious behavior.
Behavior Sequence Generator
Once the features are extracted, the behavior sequence generator organizes them into a sequence based on how they are executed in the package. It prioritizes actions by their likelihood of happening during the install, import, or runtime phases.
This step is crucial because it allows the system to understand the sequence in which malicious behaviors occur. This sequential understanding enhances the overall accuracy of detecting malicious packages, as it reflects more realistic scenarios of how attacks unfold.
Maliciousness Classifier
The last component of the system is the maliciousness classifier. It uses a trained model to evaluate the organized behavior sequences and determine whether a package is malicious or benign. By converting behavior sequences into textual descriptions, the classifier can leverage existing knowledge from previous training to make more informed decisions.
The classifier is fine-tuned to recognize patterns that indicate maliciousness by learning from both NPM and PyPI packages. This training allows the system to detect malicious packages more effectively than existing methods.
Evaluation
An extensive evaluation of this system was conducted using a dataset of both malicious and benign packages. The main goals of the evaluation were to determine the effectiveness, efficiency, and practical usefulness of the new detection system.
Effectiveness
The evaluation showed that the new system significantly outperformed existing approaches. In various scenarios, it achieved higher precision and recall rates, indicating that it could identify malicious packages more accurately.
- Mono-lingual Scenario: When packages from the same ecosystem were tested, the system achieved high precision and recall rates, significantly better than state-of-the-art methods.
- Cross-lingual Scenario: When packages from different ecosystems were analyzed, the system still performed well, showing that it successfully learned from both environments.
- Bi-lingual Scenario: When the system was trained on packages from both ecosystems, results indicated an even higher performance, highlighting the benefits of combining knowledge.
Efficiency
In terms of efficiency, the system was designed to analyze packages quickly. The average time taken to analyze a package was around 10 seconds, making it practical for real-world applications. Training the model took longer, but the entire process remained manageable within a two-day timeframe.
Real-world Usefulness
To test the system's practical usefulness, a monitoring phase was conducted over six weeks, during which thousands of newly published packages were analyzed. The system flagged numerous potentially malicious packages, and manual confirmations were conducted to validate the results.
The findings showed a significant number of packages were accurately identified as malicious, leading to their removal from the registries. This real-world application demonstrated that the system can contribute positively to maintaining the security of package registries.
Challenges and Threats
Even with the new system's success, several challenges remain. Continuous updates in malicious techniques mean that detection systems need to adapt quickly. Additionally, the reliance on manual verification can introduce delays and still harbor risks of false positives.
Moreover, attackers may exploit new weaknesses that arise as the security landscape evolves. As package registries grow, so does the complexity of interactions, making thorough monitoring crucial.
Conclusion
The rise of OSS and its associated security risks necessitates effective detection mechanisms for malicious packages. The new system offers a promising approach by combining feature extraction and the modeling of behavior sequences. Through thorough evaluation, the system has shown superior performance in detecting malicious packages in both NPM and PyPI.
As the world of open-source software continues to expand, ongoing research and development are essential to enhancing security measures. The findings presented demonstrate a significant step toward improving the safety and reliability of OSS ecosystems, ultimately protecting developers and users alike.
Title: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence
Abstract: Open-source software (OSS) supply chain enlarges the attack surface, which makes package registries attractive targets for attacks. Recently, package registries NPM and PyPI have been flooded with malicious packages. The effectiveness of existing malicious NPM and PyPI package detection approaches is hindered by two challenges. The first challenge is how to leverage the knowledge of malicious packages from different ecosystems in a unified way such that multi-lingual malicious package detection can be feasible. The second challenge is how to model malicious behavior in a sequential way such that maliciousness can be precisely captured. To address the two challenges, we propose and implement Cerebro to detect malicious packages in NPM and PyPI. We curate a feature set based on a high-level abstraction of malicious behavior to enable multi-lingual knowledge fusing. We organize extracted features into a behavior sequence to model sequential malicious behavior. We fine-tune the BERT model to understand the semantics of malicious behavior. Extensive evaluation has demonstrated the effectiveness of Cerebro over the state-of-the-art as well as the practically acceptable efficiency. Cerebro has successfully detected 306 and 196 new malicious packages in PyPI and NPM, and received 385 thank letters from the official PyPI and NPM teams.
Authors: Junan Zhang, Kaifeng Huang, Bihuan Chen, Chong Wang, Zhenhao Tian, Xin Peng
Last Update: 2023-09-05 00:00:00
Language: English
Source URL: https://arxiv.org/abs/2309.02637
Source PDF: https://arxiv.org/pdf/2309.02637
Licence: https://creativecommons.org/licenses/by/4.0/
Changes: This summary was created with assistance from AI and may have inaccuracies. For accurate information, please refer to the original source documents linked here.
Thank you to arxiv for use of its open access interoperability.