Malicious source code detection using a translation model

Chen Tsfaty; Michael Fire

doi:10.1016/j.patter.2023.100773

Malicious source code detection using a translation model

Chen Tsfaty
, Michael Fire

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

Modern software development often relies on open-source code sharing. Open-source code reuse, however, allows hackers to access wide developer communities, thereby potentially affecting many products. An increasing number of such “supply chain attacks” have occurred in recent years, taking advantage of open-source software development practices. Here, we introduce the Malicious Source code Detection using a Translation model (MSDT) algorithm. MSDT is a novel deep-learning-based analysis method that detects real-world code injections into source code packages. We have tested MSDT by embedding examples from a dataset of over 600,000 different functions and then applying a clustering algorithm to the resulting embedding vectors to identify malicious functions by detecting outliers. We evaluated MSDT's performance with extensive experiments and demonstrated that MSDT could detect malicious code injections with precision@k values of up to 0.909.

Original language	English
Article number	100773
Journal	Patterns
Volume	4
Issue number	7
DOIs	https://doi.org/10.1016/j.patter.2023.100773
State	Published - 14 Jul 2023

Keywords

PyPi
deep learning
malware analysis
open source
software supply chain attack
static analysis

ASJC Scopus subject areas

General Decision Sciences

Access to Document

10.1016/j.patter.2023.100773

Cite this

@article{0a4aa160bb774d119cc817967ff833d6,

title = "Malicious source code detection using a translation model",

abstract = "Modern software development often relies on open-source code sharing. Open-source code reuse, however, allows hackers to access wide developer communities, thereby potentially affecting many products. An increasing number of such “supply chain attacks” have occurred in recent years, taking advantage of open-source software development practices. Here, we introduce the Malicious Source code Detection using a Translation model (MSDT) algorithm. MSDT is a novel deep-learning-based analysis method that detects real-world code injections into source code packages. We have tested MSDT by embedding examples from a dataset of over 600,000 different functions and then applying a clustering algorithm to the resulting embedding vectors to identify malicious functions by detecting outliers. We evaluated MSDT's performance with extensive experiments and demonstrated that MSDT could detect malicious code injections with precision@k values of up to 0.909.",

keywords = "PyPi, deep learning, malware analysis, open source, software supply chain attack, static analysis",

author = "Chen Tsfaty and Michael Fire",

note = "Publisher Copyright: {\textcopyright} 2023 The Author(s)",

year = "2023",

month = jul,

day = "14",

doi = "10.1016/j.patter.2023.100773",

language = "English",

volume = "4",

journal = "Patterns",

issn = "2666-3899",

publisher = "Cell Press",

number = "7",

}

TY - JOUR

T1 - Malicious source code detection using a translation model

AU - Tsfaty, Chen

AU - Fire, Michael

PY - 2023/7/14

Y1 - 2023/7/14

N2 - Modern software development often relies on open-source code sharing. Open-source code reuse, however, allows hackers to access wide developer communities, thereby potentially affecting many products. An increasing number of such “supply chain attacks” have occurred in recent years, taking advantage of open-source software development practices. Here, we introduce the Malicious Source code Detection using a Translation model (MSDT) algorithm. MSDT is a novel deep-learning-based analysis method that detects real-world code injections into source code packages. We have tested MSDT by embedding examples from a dataset of over 600,000 different functions and then applying a clustering algorithm to the resulting embedding vectors to identify malicious functions by detecting outliers. We evaluated MSDT's performance with extensive experiments and demonstrated that MSDT could detect malicious code injections with precision@k values of up to 0.909.

AB - Modern software development often relies on open-source code sharing. Open-source code reuse, however, allows hackers to access wide developer communities, thereby potentially affecting many products. An increasing number of such “supply chain attacks” have occurred in recent years, taking advantage of open-source software development practices. Here, we introduce the Malicious Source code Detection using a Translation model (MSDT) algorithm. MSDT is a novel deep-learning-based analysis method that detects real-world code injections into source code packages. We have tested MSDT by embedding examples from a dataset of over 600,000 different functions and then applying a clustering algorithm to the resulting embedding vectors to identify malicious functions by detecting outliers. We evaluated MSDT's performance with extensive experiments and demonstrated that MSDT could detect malicious code injections with precision@k values of up to 0.909.

KW - PyPi

KW - deep learning

KW - malware analysis

KW - open source

KW - software supply chain attack

KW - static analysis

UR - https://www.scopus.com/pages/publications/85163404865

U2 - 10.1016/j.patter.2023.100773

DO - 10.1016/j.patter.2023.100773

M3 - Article

AN - SCOPUS:85163404865

SN - 2666-3899

VL - 4

JO - Patterns

JF - Patterns

IS - 7

M1 - 100773

ER -

Malicious source code detection using a translation model

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this