Towards Classifying Benign And Malicious Packages Using Machine Learning

• URL: http://arxiv.org/abs/2511.15033v1
• Date: Wed, 19 Nov 2025 01:59:11 GMT
• Title: Towards Classifying Benign And Malicious Packages Using Machine Learning
• Authors: Thanh-Cong Nguyen, Ngoc-Thanh Nguyen, Van-Giau Ung, Duc-Ly Vu,
• Abstract summary: Malicious open-source package detection typically requires static, dynamic analysis, or both.<n>Current dynamic analysis tools lack an automatic method to differentiate malicious packages from benign packages.<n>We propose an approach to extract the features from dynamic analysis (e.g., executed commands) and leverage machine learning techniques to automatically classify packages as benign or malicious.
• Score: 2.8630136355252582
• License: http://creativecommons.org/publicdomain/zero/1.0/
• Abstract: Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures (CVEs) in open-source packages, there are very few studies on detecting malicious packages. Malicious open-source package detection typically requires static, dynamic analysis, or both. Dynamic analysis is more effective as it can expose a package's behaviors at runtime. However, current dynamic analysis tools (e.g., ossf's package-analysis) lack an automatic method to differentiate malicious packages from benign packages. In this paper, we propose an approach to extract the features from dynamic analysis (e.g., executed commands) and leverage machine learning techniques to automatically classify packages as benign or malicious. Our evaluation of nearly 2000 packages on npm shows that the machine learning classifier achieves an AUC of 0.91 with a false positive rate of nearly 0%.

Related papers

• Multi-Agent Taint Specification Extraction for Vulnerability Detection [49.27772068704498]
  Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results.<n>We present SemTaint, a multi-agent system that strategically combines the semantic understanding of Large Language Models (LLMs) with traditional static program analysis.<n>We integrate SemTaint with CodeQL, a state-of-the-art SAST tool, and demonstrate its effectiveness by detecting 106 of 162 vulnerabilities previously undetectable by CodeQL.
  arXiv  Detail & Related papers  (2026-01-15T21:31:51Z)
• Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages [2.6686157733529847]
  This paper highlights that dynamic analysis, rather than static analysis, provides greater insight but is also more resource-intensive for understanding software behaviour during execution.<n>We enhance a dynamic analysis tool, package-analysis, to capture key runtime behaviours, including commands executed, files accessed, and network communications.<n>This modification enables the use of container sandboxing technologies, such as gVisor, to analyse potentially malicious packages without significantly compromising the host system.
  arXiv  Detail & Related papers  (2025-11-13T04:39:40Z)
• A Machine Learning-Based Approach For Detecting Malicious PyPI Packages [4.311626046942916]
  In modern software development, the use of external libraries and packages is increasingly prevalent.<n>This reliance on reusing code introduces serious risks for deployed software in the form of malicious packages.<n>We propose a data-driven approach that uses machine learning and static analysis to examine the package's metadata, code, files, and textual characteristics.
  arXiv  Detail & Related papers  (2024-12-06T18:49:06Z)
• A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems [13.610690659041417]
  Malicious packages have less metadata content and utilize fewer static and dynamic functions than legitimate ones. One dimension in fine-grained information (FGI) has sufficient distinguishable capability to detect malicious packages.
  arXiv  Detail & Related papers  (2024-04-17T15:16:01Z)
• DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping [28.852274185512236]
  npm is the most extensive package manager, hosting more than 2 million third-party open-source packages. In this paper, we synchronize a local package cache containing more than 3.4 million packages in near real-time to give us access to more package code details. We propose the DONAPI, an automatic malicious npm packages detector that combines static and dynamic analysis.
  arXiv  Detail & Related papers  (2024-03-13T08:38:21Z)
• Malicious Package Detection using Metadata Information [0.272760415353533]
  We introduce a metadata-based malicious package detection model, MeMPtec. MeMPtec extracts a set of features from package metadata information. Our experiments indicate a significant reduction in both false positives and false negatives.
  arXiv  Detail & Related papers  (2024-02-12T06:54:57Z)
• DADApy: Distance-based Analysis of DAta-manifolds in Python [51.37841707191944]
  DADApy is a python software package for analysing and characterising high-dimensional data. It provides methods for estimating the intrinsic dimension and the probability density, for performing density-based clustering and for comparing different distance metrics.
  arXiv  Detail & Related papers  (2022-05-04T08:41:59Z)
• Mlr3spatiotempcv: Spatiotemporal resampling methods for machine learning in R [63.26453219947887]
  This package integrates the proglangR package directly into the mlr3 machine-learning framework. One advantage is the use of a consistent recommendations in an overarching machine-learning toolkit.
  arXiv  Detail & Related papers  (2021-10-25T06:48:29Z)
• D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using Differential Analysis [55.15995704119158]
  We propose D2A, a differential analysis based approach to label issues reported by static analysis tools. We use D2A to generate a large labeled dataset to train models for vulnerability identification.
  arXiv  Detail & Related papers  (2021-02-16T07:46:53Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)
• Autosploit: A Fully Automated Framework for Evaluating the Exploitability of Security Vulnerabilities [47.748732208602355]
  Autosploit is an automated framework for evaluating the exploitability of vulnerabilities. It automatically tests the exploits on different configurations of the environment. It is able to identify the system properties that affect the ability to exploit a vulnerability in both noiseless and noisy environments.
  arXiv  Detail & Related papers  (2020-06-30T18:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.