ConfuGuard: Using Metadata to Detect Active and Stealthy Package Confusion Attacks Accurately and at Scale
Package confusion attacks such as typosquatting threaten software supply chains. Attackers make packages with names that syntactically or semantically resemble legitimate ones, tricking engineers into installing malware. While prior work has developed defenses against package confusions in some software package registries, notably NPM, PyPI, and RubyGems, gaps remain: high false-positive rates, generalization to more software package ecosystems, and insights from real-world deployment.
In this work, we introduce ConfuGuard, a state-of-art detector for package confusion threats. We begin by presenting the first empirical analysis of benign signals derived from prior package confusion data, uncovering their threat patterns, engineering practices, and measurable attributes. Advancing existing detectors, we leverage package metadata to distinguish benign packages, and extend support from three up to seven software package registries. Our approach significantly reduces false positive rates (from 80% to 28%), at the cost of an additional 14𝑠 average latency to filter out benign packages by analyzing the package metadata. ConfuGuard is used in production at our industry partner, whose analysts have already confirmed 630 real attacks detected by ConfuGuard.
Wed 15 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
16:00 - 17:30 | Dependability and Security 4Journal-first Papers / Research Track at Oceania VIII Chair(s): Dario Di Nucci University of Salerno | ||
16:00 15mTalk | Diagnosing Unknown Attacks in Smart Homes Using Abductive Reasoning Journal-first Papers Kushal Ramkumar Lero@University College Dublin, Wanling Cai Lero@Trinity College Dublin, Gavin Doherty Lero@Trinity College Dublin, John McCarthy Lero@University College Cork, Bashar Nuseibeh The Open University, UK; Lero, University of Limerick, Ireland, Liliana Pasquale University College Dublin & Lero | ||
16:15 15mTalk | Attention Distance: A Novel Metric for Directed Fuzzing with Large Language Models Research Track Bin Wang , Ao Yang Peking University, Kedan Li University of Illinois at Urbana-Champaign, Aofan Liu Peking University, Hui Li Xiamen University, Guibo Luo Peking University, Weixiang Huang China Mobile Internet CO, Yan Zhuang China Mobile Internet CO | ||
16:30 15mTalk | BTreeFuzz: Enhanced Feedback Mechanism for ROS Program Fuzzer Based on Behavior Tree Research Track Hee Yeon Kim Korea University, Gyunghoon Kim Korea University, Dong Hoon Lee Korea University, Wonsuk Choi Korea University | ||
16:45 15mTalk | GenDetect: Generalizing Reactive Detection for Resilience Against Imitative DeFi Attack Cascade Research Track Bowen Cai University of Minnesota - Twin City, Weihng Bai University of Minnesota - Twin City, Youshui Lu Xi'an Jiaotong University, Haoran Xu Johns Hopkins University, Yuannan Yang Johns Hopkins University, Yajin Zhou The Chinese University of Hong Kong, Kangjie Lu University of Minnesota DOI | ||
17:00 15mTalk | ConfuGuard: Using Metadata to Detect Active and Stealthy Package Confusion Attacks Accurately and at Scale Research Track Wenxin Jiang Socket, Berk Çakar Purdue University, Mikola Lysenko Socket, Inc, James C. Davis Purdue University Pre-print | ||
17:15 15mTalk | Enforcing Control Flow Integrity on DeFi Smart Contracts Research Track Zhiyang Chen University of Toronto, Sidi Mohamed Beillahi University of Toronto, Pasha Barahimi University of Tehran, Cyrus Minwalla Bank of Canada, Han Du Bank of Canada, Andreas Veneris University of Toronto, Fan Long University of Toronto Pre-print | ||