ORCID: https://orcid.org/0009-0003-8823-0029 und Kinder, Johannes ORCID: https://orcid.org/0000-0002-8594-7839
(2023):
Poster: Using CodeQL to Detect Malware in npm.
CCS '23: ACM SIGSAC Conference on Computer and Communications Security, Copenhagen Denmark, November 26 - 30, 2023.
Meng, Weizhi; Jensen, Christian D.; Cremers, Cas und Kirda, Engin (eds.) :
In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security,
New York, NY, United States: Association for Computing Machinery. pp. 3519-3521
Abstract
Malicious packages are a problem on npm, but like other malware, they are rarely completely novel and share large semantic similarities. We propose to leverage the existing static analysis framework CodeQL to find malware on npm; but instead of detecting variants of vulnerabilities, we use it to detect variants of malware. We present a methodology for writing queries from recently reported packages, as a way of defining semantic signature for specific malicious behavior, where a single one can then be used to match entire families of malware. An iteration of our approach resulted in the discovery of 125 malicious packages from the registry, without producing a single false alarm.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Faculties: | Mathematics, Computer Science and Statistics > Computer Science |
| Subjects: | 000 Computer science, information and general works > 004 Data processing computer science |
| ISBN: | 979-8-4007-0050-7 |
| Place of Publication: | New York, NY, United States |
| Language: | English |
| Item ID: | 121939 |
| Date Deposited: | 04. Nov 2024 08:31 |
| Last Modified: | 04. Nov 2024 08:31 |
Actions (login required)
- View Item
