DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping | allinfosecnews.com

March 14, 2024, 4:11 a.m. | Cheng Huang (Sichuan University), Nannan Wang (Sichuan University), Ziyan Wang (Sichuan University), Siqi Sun (Sichuan University), Lingzi Li (Sichuan

cs.CR updates on arXiv.org arxiv.org

arXiv:2403.08334v1 Announce Type: new
Abstract: With the growing popularity of modularity in software development comes the rise of package managers and language ecosystems. Among them, npm stands out as the most extensive package manager, hosting more than 2 million third-party open-source packages that greatly simplify the process of building code. However, this openness also brings security risks, as evidenced by numerous package poisoning incidents.
In this paper, we synchronize a local package cache containing more than 3.4 million packages in …

arxiv building code cs.cr detector development ecosystems hosting knowledge language malicious malicious npm manager managers mapping npm package package manager package managers packages party process simplify software software development third third-party

More from arxiv.org / cs.CR updates on arXiv.org

PrivLM-Bench: A Multi-level Privacy Evaluation Benchmark for Language Models 2 days, 2 hours ago | arxiv.org

accessibility art arxiv attention +15

Provably Robust Cost-Sensitive Learning via Randomized Smoothing 2 days, 2 hours ago | arxiv.org

arxiv cost cs.cr cs.lg +1

WW-FL: Secure and Private Large-Scale Federated Learning 2 days, 2 hours ago | arxiv.org

arxiv attacks client cs.cr +28

Formalizing and Benchmarking Prompt Injection Attacks and Defenses 2 days, 2 hours ago | arxiv.org

arxiv attacks benchmarking cs.ai +9

SecureFalcon: Are We There Yet in Automated Software Vulnerability Detection with LLMs? 2 days, 2 hours ago | arxiv.org

adoption analysis applications arxiv +30

An Efficient and Multi-private Key Secure Aggregation for Federated Learning 2 days, 2 hours ago | arxiv.org

aggregation arxiv client cs.ai +21

How (not) to Build Quantum PKE in Minicrypt 2 days, 2 hours ago | arxiv.org

arxiv box build can +12

Computing Low-Entropy Couplings for Large-Support Distributions 2 days, 2 hours ago | arxiv.org

arxiv computing cs.cr cs.it +6

Unveiling and Mitigating Backdoor Vulnerabilities based on Unlearning Weight Changes and Backdoor Activeness 2 days, 2 hours ago | arxiv.org

arxiv attacks backdoor backdoor attacks +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com