MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains

Li, Ningke; Wang, Shenao; Feng, Mingxi; Wang, Kailong; Wang, Meizhen; Wang, Haoyu

doi:10.1109/ase56229.2023.00073

Cited by 3 publications

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Beyond Fidelity: Explaining Vulnerability Localization of Learning-Based Detectors

Cheng,

Zhao,

Wang

et al. 2024

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

: Vulnerability detectors based on deep learning (DL) models have proven their effectiveness in recent years. However, the shroud of opacity surrounding the decision-making process of these detectors makes it difficult for security analysts to comprehend. To address this, various explanation approaches have been proposed to explain the predictions by highlighting important features, which have been demonstrated effective in other domains such as computer vision and natural language processing. Unfortunately, an in-depth evaluation of vulnerability-critical features, such as fine-grained vulnerability-related code lines, learned and understood by these explanation approaches remains lacking. In this study, we first evaluate the performance of ten explanation approaches for vulnerability detectors based on graph and sequence representations, measured by two quantitative metrics including fidelity and vulnerability line coverage rate. Our results show that fidelity alone is not sufficient for evaluating these approaches, as fidelity incurs significant fluctuations across different datasets and detectors. We subsequently check the precision of the vulnerability-related code lines reported by the explanation approaches, and find poor accuracy in this task among all of them. This can be attributed to the inefficiency of explainers in selecting important features and the presence of irrelevant artifacts learned by DL-based detectors.

show abstract

Beyond Fidelity: Explaining Vulnerability Localization of Learning-Based Detectors

Cheng,

Zhao,

Wang

et al. 2024

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

show abstract

Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments

Zheng,

Wei,

Wang

et al. 2024

Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering

View full text Add to dashboard Cite

The exponential growth of open-source package ecosystems, particularly NPM and PyPI, has led to an alarming increase in software supply chain poisoning attacks. Existing static analysis methods struggle with high false positive rates and are easily thwarted by obfuscation and dynamic code execution techniques. While dynamic analysis approaches offer improvements, they often suffer from capturing non-package behaviors and employing simplistic testing strategies that fail to trigger sophisticated malicious behaviors. To address these challenges, we present OSCAR, a robust dynamic code poisoning detection pipeline for NPM and PyPI ecosystems. OSCAR fully executes packages in a sandbox environment, employs fuzz testing on exported functions and classes, and implements aspect-based behavior monitoring with tailored API hook points. We evaluate OSCAR against six existing tools using a comprehensive benchmark dataset of real-world malicious and benign packages. OSCAR achieves an F1 score of 0.95 in NPM and 0.91 in PyPI, confirming that OSCAR is as effective as the current state-ofthe-art technologies. Furthermore, for benign packages exhibiting characteristics typical of malicious packages, OSCAR reduces the false positive rate by an average of 32.06% in NPM (from 34.63% to 2.57%) and 39.87% in PyPI (from 41.10% to 1.23%), compared to other tools, significantly reducing the workload of manual reviews * Both authors contributed equally to this research.

show abstract

Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs

Zhao,

Wang,

Zhao

et al. 2024

Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering

View full text Add to dashboard Cite

The proliferation of pre-trained models (PTMs) and datasets has led to the emergence of centralized model hubs like Hugging Face, which facilitate collaborative development and reuse. However, recent security reports have uncovered vulnerabilities and instances of malicious attacks within these platforms, highlighting growing security concerns. This paper presents the first systematic study of malicious code poisoning attacks on pre-trained model hubs, focusing on the Hugging Face platform. We conduct a comprehensive threat analysis, develop a taxonomy of model formats, and perform root cause analysis of vulnerable formats. While existing tools like Fickling and ModelScan offer some protection, they face limitations in semantic-level analysis and comprehensive threat detection. To address these challenges, we propose MalHug, an end-to-end pipeline tailored for Hugging Face that combines dataset loading script extraction, model deserialization, in-depth taint analysis, and heuristic pattern matching to detect and classify malicious code poisoning attacks in datasets and models. In collaboration with * Both authors contributed equally to this research.

show abstract

MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains

Cited by 3 publications

References 23 publications

Beyond Fidelity: Explaining Vulnerability Localization of Learning-Based Detectors

Beyond Fidelity: Explaining Vulnerability Localization of Learning-Based Detectors

Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments

Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs

Contact Info

Product

Resources

About