ORCID: https://orcid.org/0009-0003-8823-0029 und Kinder, Johannes ORCID: https://orcid.org/0000-0002-8594-7839
(2023):
Poster: Using CodeQL to Detect Malware in npm.
CCS '23: ACM SIGSAC Conference on Computer and Communications Security, Copenhagen Denmark, November 26 - 30, 2023.
Meng, Weizhi; Jensen, Christian D.; Cremers, Cas und Kirda, Engin (Hrsg.):
In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security,
New York, NY, United States: Association for Computing Machinery. S. 3519-3521
Abstract
Malicious packages are a problem on npm, but like other malware, they are rarely completely novel and share large semantic similarities. We propose to leverage the existing static analysis framework CodeQL to find malware on npm; but instead of detecting variants of vulnerabilities, we use it to detect variants of malware. We present a methodology for writing queries from recently reported packages, as a way of defining semantic signature for specific malicious behavior, where a single one can then be used to match entire families of malware. An iteration of our approach resulted in the discovery of 125 malicious packages from the registry, without producing a single false alarm.
| Dokumententyp: | Konferenzbeitrag (Paper) |
|---|---|
| Fakultät: | Mathematik, Informatik und Statistik > Informatik |
| Themengebiete: | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik |
| ISBN: | 979-8-4007-0050-7 |
| Ort: | New York, NY, United States |
| Sprache: | Englisch |
| Dokumenten ID: | 121939 |
| Datum der Veröffentlichung auf Open Access LMU: | 04. Nov. 2024 08:31 |
| Letzte Änderungen: | 04. Nov. 2024 08:31 |
- Dokument bearbeiten
