ProfMal: Detecting Malicious NPM Packages by the Synergy between Static and Dynamic Analysis
This program is tentative and subject to change.
Open source software (OSS) has become the foundation of modern applications, but its transitive dependencies make it especially vulnerable to supply chain attacks. One common tactic is to inject malicious code into third-party packages. NPM, in particular, due to its widespread use and large volume of packages, has become the popular target of malicious code injection. While various detectors have been proposed, they suffer three limitations, i.e., inadequate behavior modeling of obfuscated code, ignoring object-centric features of JavaScript, and lack of synergy between static and dynamic analysis. These limitations lead to imprecise modeling of program behavior and hinder detection effectiveness.
To address these limitations, we propose ProfMal to identify malicious NPM packages, which leverages the synergy between static and dynamic analysis to construct behavior graphs for each package. Specifically, our static analysis constructs the behavior graphs through object-sensitive analysis, while identifying sensitive API calls and locating statically unresolved calls. Our dynamic analysis augments the behavior graphs by resolving those statically unresolved calls. Based on these comprehensive behavior graphs, we train a graph-based classifier to identify maliciousness. Our evaluation has indicated that ProfMal achieves the highest F1-score of 92.4%, outperforming the state-of-the-arts by 6.2% to 48.8%. During a three-month real-world detection, ProfMal has detected 496 previously unknown malicious NPM packages, and all of them have been confirmed and removed from NPM.
This program is tentative and subject to change.
Wed 19 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Advancing Binary Code Similarity Detection via Context-Content Fusion and LLM Verification Research Papers Chaopeng Dong Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Jingdong Guo Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Shouguo Yang Zhongguancun Laboratory, Beijing, China, Yi Li Nanyang Technological University, Dongliang Fang Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China, Yang Xiao Chinese Academy of Sciences, Yongle Chen Taiyuan University of Technology, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
14:10 10mTalk | ACTaint: Agent-Based Taint Analysis for Access Control Vulnerabilities in Smart Contracts Research Papers Huarui Lin Zhejiang University, Zhipeng Gao Shanghai Institute for Advanced Study - Zhejiang University, Jiachi Chen Sun Yat-sen University, Xiang Chen Nantong University, Xiaohu Yang Zhejiang University, Lingfeng Bao Zhejiang University | ||
14:20 10mTalk | AMPLE: Fine-grained File Access Policies for Server Applications Research Papers | ||
14:30 10mTalk | Mockingbird: Efficient Excessive Data Exposures Detection via Dynamic Code Instrumentation Research Papers Chenxiao Xia Beijing Institute of Technology, Jiazheng Sun Fudan University, Jun Zheng Beijing Institute of Technology, Yu-an Tan Beijing Institute of Technology, Hongyi Su Beijing Institute of Technology | ||
14:40 10mTalk | DrainCode: Stealthy Energy Consumption Attacks on Retrieval-Augmented Code Generation via Context Poisoning Research Papers Jiadong Wu School of Software Engineering, Sun Yat-sen University, Yanlin Wang Sun Yat-sen University, Tianyue Jiang Sun Yat-sen University, Mingwei Liu Sun Yat-Sen University, Jiachi Chen Sun Yat-sen University, Chong Wang Nanyang Technological University, Ensheng Shi Huawei, Xilin Liu Huawei Cloud, Yuchi Ma Huawei Cloud Computing Technologies, Hongyu Zhang Chongqing University, Zibin Zheng Sun Yat-sen University | ||
14:50 10mTalk | Finding Insecure State Dependency in DApps via Multi-Source Tracing and Semantic Enrichment Research Papers Jingwen Zhang School of Software Engineering, Sun Yat sen University, Yuhong Nan Sun Yat-sen University, Wei Li School of Software Engineering, Sun Yat sen University, Kaiwen Ning Sun Yat-sen University, Zewei Lin Sun Yat-sen University, Zitong Yao School of Software Engineering, Sun Yat sen University, Yuming Feng Peng Cheng Laboratory, Weizhe Zhang Harbin Institute of Technology, Zibin Zheng Sun Yat-sen University | ||
15:00 10mTalk | Better Safe than Sorry: Preventing Policy Violations through Predictive Root-Cause-Analysis for IoT Systems Research Papers Michael Norris Penn State University, Syed Rafiul Hussain Pennsylvania State University, Gang (Gary) Tan Pennsylvania State University | ||
15:10 10mTalk | Backdoors in Code Summarizers: How Bad Is It? Research Papers Chenyu Wang Singapore Management University, Zhou Yang University of Alberta, Alberta Machine Intelligence Institute , Yaniv Harel Tel Aviv University, David Lo Singapore Management University Pre-print | ||
15:20 10mTalk | ProfMal: Detecting Malicious NPM Packages by the Synergy between Static and Dynamic Analysis Research Papers Yiheng Huang Fudan University, Wen Zheng Fudan University, Susheng Wu Fudan University, Bihuan Chen Fudan University, You Lu Fudan University, Zhuotong Zhou Fudan University, Yiheng Cao Fudan University, Xiaoyu Li Fudan University, Xin Peng Fudan University | ||