Towards detection of software supply chain attacks by forensic artifacts

Ohm, Marc; Sykosch, Arnold; Meier, Michael

doi:10.1145/3407023.3409183

Cited by 35 publications

(19 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Originates from within the organization by legitimate users, e.g., employees, to misuse access to networks and assets [30] Supply chain attack Targets less secure supply network components to harm any industry, from the financial sector, oil or government sector [31,32] Man-in-the-middle (MiiM) A type of cyberattack in which a malicious actor introduces himself into a two-party conversation to gain access to sensitive information [33] Data breaches Known as a data leakage, a theft of data by a malicious actor, e.g., unauthorized access of data by an individual, application, or service [34,35] Hacking To compromise data and digital devices, such as computers, smartphones, tablets, and even entire networks [26,36] SQL injection attack To execute malicious SQL statements for backend database manipulation to access information, typically used to attack data-driven applications [37] Attacks on IoT devices To make it part of a DDoS attack and unauthorized access to data being collected by the device […”

Section: Insider Threatsmentioning

confidence: 99%

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

Furhad²,

2021

View full text Add to dashboard Cite

Artificial intelligence (AI) is one of the key technologies of the Fourth Industrial Revolution (or Industry 4.0), which can be used for the protection of Internet-connected systems from cyber threats, attacks, damage, or unauthorized access. To intelligently solve today's various cybersecurity issues, popular AI techniques involving machine learning and deep learning methods, the concept of natural language processing, knowledge representation and reasoning, as well as the concept of knowledge or rule-based expert systems modeling can be used. Based on these AI methods, in this paper, we present a comprehensive view on "AI-driven Cybersecurity" that can play an important role for intelligent cybersecurity services and management. The security intelligence modeling based on such AI methods can make the cybersecurity computing process automated and intelligent than the conventional security systems. We also highlight several research directions within the scope of our study, which can help researchers do future research in the area. Overall, this paper's ultimate objective is to serve as a reference point and guidelines for cybersecurity researchers as well as industry professionals in the area, especially from an intelligent computing or AI-based technical point of view.

show abstract

Section: Insider Threatsmentioning

confidence: 99%

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

Furhad²,

2021

View full text Add to dashboard Cite

show abstract

“…This problem likely happens due to the lack of an efficient mechanism for checking malicious code injections in FOSS packages uploaded to the package repositories at a high pace (400 and 100 new packages are uploaded to npm and PyPI, respectively every day [10]). Current malware detection techniques in language based ecosystems, on the other hand, are resource demanding [1], require prior knowledge of previously benign releases [8], or unable to process packages that have a limited number of published releases [2].…”

Section: Introductionmentioning

confidence: 99%

“…Ohm et al [8] proposed Buildwatch, a framework for dynamic analysis of software and its third-party dependencies. The authors observed a high number of activities related to files (e.g., files written operations) in malicous verisons compared to the benign versions that were previously released of the analyzed packages.…”

Section: Introductionmentioning

confidence: 99%

Towards Using Source Code Repositories to Identify Software Supply Chain Attacks

Pashchenko

Massacci

et al. 2020

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Increasing popularity of third-party package repositories, like NPM, PyPI, or RubyGems, makes them an attractive target for software supply chain attacks. By injecting malicious code into legitimate packages, attackers were known to gain more than 100 000 downloads of compromised packages. Current approaches for identifying malicious payloads are resource demanding. Therefore, they might not be applicable for the on-the-fly detection of suspicious artifacts being uploaded to the package repository. In this respect, we propose to use source code repositories (e.g., those in Github) for detecting injections into the distributed artifacts of a package. Our preliminary evaluation demonstrates that the proposed approach captures known attacks when malicious code was injected into PyPI packages. The analysis of the 2666 software artifacts (from all versions of the top ten most downloaded Python packages in PyPI) suggests that the technique is suitable for lightweight analysis of real-world packages.

show abstract

“…There has been work in the field to efficiently automate the detection of malicious code injection in the distributed artifacts of packages, and the admins may attempt to implement some of these novel tools [34]. One such tool, named Buildwatch, analyzes the third-party dependencies by using the simple assumption that malicious packages introduce more artifacts during installation than benign libraries [22]. This hypothesis has been formulated and tested in the Buildwatch study [22].…”

Section: Suggested Countermeasuresmentioning

confidence: 99%

“…One such tool, named Buildwatch, analyzes the third-party dependencies by using the simple assumption that malicious packages introduce more artifacts during installation than benign libraries [22]. This hypothesis has been formulated and tested in the Buildwatch study [22]. Admins can also modify Buildwatch to detect squat-ting packages in the dependency tree with the techniques we will discuss in the upcoming sections.…”

Section: Suggested Countermeasuresmentioning

confidence: 99%

A Survey on Common Threats in npm and PyPi Registries

Kaplan

Qian

2021

Preprint

View full text Add to dashboard Cite

Software engineers regularly use JavaScript and Python for both front-end and back-end automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate automation tasks further. Some of these frameworks are Node Manager Package (npm) and Python Package Index (PyPi), which are open source (OS) package libraries. The public registries npm and PyPi use to host packages allow any user with a verified email to publish code. The lack of a comprehensive scanning tool when publishing to the registry creates security concerns. Users can report malicious code on the registry; however, attackers can still cause damage until they remove their tool from the platform. Furthermore, several packages depend on each other, making them more vulnerable to a bad package in the dependency tree. The heavy code reuse creates security artifacts developers have to consider, such as the package reach. This project will illustrate a high-level overview of common risks associated with OS registries and the package dependency structure. There are several attack types, such as typosquatting and combosquatting, in the OS package registries. Outdated packages pose a security risk, and we will examine the extent of technical lag present in the npm environment. In this paper, our main contribution consists of a survey of common threats in OS registries. Afterward, we will offer countermeasures to mitigate the risks presented. These remedies will heavily focus on the applications of Machine Learning (ML) to detect suspicious activities. To the best of our knowledge, the ML-focused countermeasures are the first proposed possible solutions to the security problems listed. In addition, this project is the first survey of threats in npm and PyPi, although several studies focus on a subset of threats.

show abstract

Towards detection of software supply chain attacks by forensic artifacts

Cited by 35 publications

References 2 publications

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

Towards Using Source Code Repositories to Identify Software Supply Chain Attacks

A Survey on Common Threats in npm and PyPi Registries

Contact Info

Product

Resources

About