{"id":"https://openalex.org/W4404711543","doi":"https://doi.org/10.1145/3705304","title":"Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence","display_name":"Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence","publication_year":2024,"publication_date":"2024-11-26","ids":{"openalex":"https://openalex.org/W4404711543","doi":"https://doi.org/10.1145/3705304"},"language":"en","primary_location":{"id":"doi:10.1145/3705304","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3705304","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3705304","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3705304","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013313233","display_name":"J. S. Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Junan Zhang","raw_affiliation_strings":["School of Computer Science, Fudan University, Shanghai, China","Fudan University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]},{"raw_affiliation_string":"Fudan University, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011365470","display_name":"Kaifeng Huang","orcid":"https://orcid.org/0009-0000-1513-8254"},"institutions":[{"id":"https://openalex.org/I116953780","display_name":"Tongji University","ror":"https://ror.org/03rc6as71","country_code":"CN","type":"education","lineage":["https://openalex.org/I116953780"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kaifeng Huang","raw_affiliation_strings":["School of Computer Science and Technology, Tongji University, Shanghai, China","Tongji University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Tongji University, Shanghai, China","institution_ids":["https://openalex.org/I116953780"]},{"raw_affiliation_string":"Tongji University, China","institution_ids":["https://openalex.org/I116953780"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073898228","display_name":"Yiheng Huang","orcid":"https://orcid.org/0009-0009-3301-9107"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiheng Huang","raw_affiliation_strings":["School of Computer Science, Fudan University, Shanghai, China","Fudan University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]},{"raw_affiliation_string":"Fudan University, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059253116","display_name":"Bihuan Chen","orcid":"https://orcid.org/0000-0001-7238-7492"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bihuan Chen","raw_affiliation_strings":["School of Computer Science, Fudan University, Shanghai, China","Fudan University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]},{"raw_affiliation_string":"Fudan University, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034212098","display_name":"Ruisi Wang","orcid":"https://orcid.org/0009-0001-6794-0721"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ruisi Wang","raw_affiliation_strings":["School of Computer Science, Fudan University, Shanghai, China","Fudan University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]},{"raw_affiliation_string":"Fudan University, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100329466","display_name":"Chong Wang","orcid":"https://orcid.org/0000-0003-1424-6290"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chong Wang","raw_affiliation_strings":["School of Computer Science, Fudan University, Shanghai, China","Fudan University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]},{"raw_affiliation_string":"Fudan University, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101854992","display_name":"Xin Peng","orcid":"https://orcid.org/0000-0003-3376-2581"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Peng","raw_affiliation_strings":["School of Computer Science, Fudan University, Shanghai, China","Fudan University, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]},{"raw_affiliation_string":"Fudan University, China","institution_ids":["https://openalex.org/I24943067"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5013313233"],"corresponding_institution_ids":["https://openalex.org/I24943067"],"apc_list":null,"apc_paid":null,"fwci":6.0626,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.9725266,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"34","issue":"4","first_page":"1","last_page":"28"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.804571807384491},{"id":"https://openalex.org/keywords/sequence","display_name":"Sequence (biology)","score":0.6967526078224182},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3424417972564697},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.05728021264076233}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.804571807384491},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.6967526078224182},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3424417972564697},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.05728021264076233},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3705304","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3705304","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3705304","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3705304","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3705304","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3705304","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4404711543.pdf"},"referenced_works_count":60,"referenced_works":["https://openalex.org/W40327287","https://openalex.org/W1481952923","https://openalex.org/W1600184236","https://openalex.org/W2111978054","https://openalex.org/W2148542607","https://openalex.org/W2160289821","https://openalex.org/W2732916693","https://openalex.org/W2755552262","https://openalex.org/W2800651024","https://openalex.org/W2892181857","https://openalex.org/W2911282308","https://openalex.org/W2913273467","https://openalex.org/W2913588338","https://openalex.org/W2914982603","https://openalex.org/W2953558274","https://openalex.org/W2963321189","https://openalex.org/W2970323597","https://openalex.org/W2981852735","https://openalex.org/W3012793501","https://openalex.org/W3027636930","https://openalex.org/W3081194266","https://openalex.org/W3094525800","https://openalex.org/W3109094705","https://openalex.org/W3109947658","https://openalex.org/W3114916308","https://openalex.org/W3155859537","https://openalex.org/W3156903202","https://openalex.org/W3159300567","https://openalex.org/W3161491624","https://openalex.org/W3161685529","https://openalex.org/W3162344723","https://openalex.org/W3172189288","https://openalex.org/W3180903877","https://openalex.org/W3187000578","https://openalex.org/W3196277935","https://openalex.org/W3200811579","https://openalex.org/W3207355325","https://openalex.org/W4214512383","https://openalex.org/W4214931895","https://openalex.org/W4220682629","https://openalex.org/W4221145571","https://openalex.org/W4223937600","https://openalex.org/W4226410005","https://openalex.org/W4226416841","https://openalex.org/W4241830954","https://openalex.org/W4247387602","https://openalex.org/W4288089799","https://openalex.org/W4298869031","https://openalex.org/W4300382868","https://openalex.org/W4301163492","https://openalex.org/W4313549796","https://openalex.org/W4321383456","https://openalex.org/W4321386510","https://openalex.org/W4360948905","https://openalex.org/W4384345699","https://openalex.org/W4385080362","https://openalex.org/W4385208592","https://openalex.org/W4387723777","https://openalex.org/W4403536721","https://openalex.org/W4403536782"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Open":[0],"source":[1],"software":[2,12],"(OSS)":[3],"supply":[4],"chain":[5],"enlarges":[6],"the":[7,43,61,67,76,88,112,169,175,184,189,194,217],"attack":[8],"surface":[9],"of":[10,42,58,60,78,103,146,177,186],"a":[11,56,79,107,117,138,143,159],"system,":[13],"which":[14,71],"makes":[15],"package":[16,24,35,49,83,91],"registries":[17,25],"attractive":[18],"targets":[19],"for":[20],"attacks.":[21],"Recently,":[22],"multiple":[23],"have":[26],"received":[27,212],"intensified":[28],"attacks":[29],"with":[30,53],"malicious":[31,48,81,90,101,122,130,147,165,178,205],"packages.":[32],"Of":[33],"those":[34],"registries,":[36],"NPM":[37,82,133,221],"and":[38,64,134,202,209,211,220],"PyPI":[39,208,219],"are":[40,51],"two":[41,113],"most":[44],"severe":[45],"victims.":[46],"Existing":[47],"detectors":[50,96],"developed":[52],"features":[54,157],"from":[55,216],"list":[57],"packages":[59,105,131,206],"same":[62,68],"ecosystem":[63,69],"deployed":[65],"within":[66],"exclusively,":[70],"is":[72],"infeasible":[73],"to":[74,86,99,128,149,162,173],"utilize":[75],"knowledge":[77,152],"new":[80,89,204],"detected":[84,200],"recently":[85],"detect":[87,129],"in":[92,106,132,207],"PyPI.":[93,135],"Moreover,":[94],"existing":[95],"lack":[97],"support":[98],"model":[100,120,163,172],"behavior":[102,123,148,160],"OSS":[104],"sequential":[108,164],"way.":[109],"To":[110],"address":[111],"limitations,":[114],"we":[115],"propose":[116],"single":[118],"detection":[119],"using":[121],"sequence,":[124],"named":[125],"Cerebro":[126,187,198],",":[127],"We":[136,154,167],"curate":[137],"feature":[139],"set":[140],"based":[141],"on":[142],"high-level":[144],"abstraction":[145],"enable":[150],"multi-lingual":[151],"fusing.":[153],"organize":[155],"extracted":[156],"into":[158],"sequence":[161],"behavior.":[166,179],"fine-tune":[168],"pre-trained":[170],"language":[171],"understand":[174],"semantics":[176],"Extensive":[180],"evaluation":[181],"has":[182,199],"demonstrated":[183],"effectiveness":[185],"over":[188],"state-of-the-art":[190],"as":[191,193],"well":[192],"practically":[195],"acceptable":[196],"efficiency.":[197],"683":[201],"799":[203],"NPM,":[210],"707":[213],"thank":[214],"letters":[215],"official":[218],"teams.":[222]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-22T08:09:32.410652","created_date":"2025-10-10T00:00:00"}