{"id":"https://openalex.org/W6963353659","doi":"https://doi.org/10.18420/inf2024_40","title":"Using Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packages","display_name":"Using Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packages","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W6963353659","doi":"https://doi.org/10.18420/inf2024_40"},"language":"en","primary_location":{"id":"pmh:oai:publica.fraunhofer.de:publica/484290","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/484290","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.18420/inf2024_40","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Ohm, Marc","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ohm, Marc","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"G\u00f6tz, Anja","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"G\u00f6tz, Anja","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.40468493,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8432000279426575,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8432000279426575,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.08380000293254852,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.015399999916553497,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.6284000277519226},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5349000096321106},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.5249000191688538},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.5148000121116638},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.508400022983551},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.4747999906539917},{"id":"https://openalex.org/keywords/transformer","display_name":"Transformer","score":0.4016000032424927},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.3912000060081482}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6632999777793884},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.6284000277519226},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5349000096321106},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.5249000191688538},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.5148000121116638},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.508400022983551},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.4747999906539917},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.4016000032424927},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.3912000060081482},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.38109999895095825},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.38019999861717224},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.36649999022483826},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3610999882221222},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3610000014305115},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.34929999709129333},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.3384000062942505},{"id":"https://openalex.org/C187303228","wikidata":"https://www.wikidata.org/wiki/Q867330","display_name":"Cyclomatic complexity","level":3,"score":0.3212999999523163},{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.31769999861717224},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.31439998745918274},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29660001397132874},{"id":"https://openalex.org/C101317890","wikidata":"https://www.wikidata.org/wiki/Q940053","display_name":"Software maintenance","level":4,"score":0.2924000024795532},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.2799000144004822},{"id":"https://openalex.org/C76518257","wikidata":"https://www.wikidata.org/wiki/Q271680","display_name":"Software framework","level":5,"score":0.26109999418258667},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.25369998812675476},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.2513999938964844},{"id":"https://openalex.org/C174683762","wikidata":"https://www.wikidata.org/wiki/Q609588","display_name":"Component-based software engineering","level":4,"score":0.2506999969482422}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:publica.fraunhofer.de:publica/484290","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/484290","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"},{"id":"doi:10.18420/inf2024_40","is_oa":true,"landing_page_url":"https://doi.org/10.18420/inf2024_40","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"doi:10.18420/inf2024_40","is_oa":true,"landing_page_url":"https://doi.org/10.18420/inf2024_40","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article-journal"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"proliferation":[1],"of":[2,30,50,63,98,105,123],"open":[3,133],"source":[4,82,134],"software":[5,14,135],"reuse":[6],"has":[7],"led":[8],"to":[9,22,45,80],"a":[10,72,94],"significant":[11],"increase":[12],"in":[13,40,66,128],"supply":[15,136],"chain":[16],"attacks,":[17],"making":[18],"it":[19],"increasingly":[20],"challenging":[21],"identify":[23],"malicious":[24,106,130],"packages":[25],"amidst":[26],"the":[27,46,60,103],"sheer":[28],"volume":[29],"available":[31],"packages.":[32,107],"Traditional":[33],"static":[34],"analysis":[35],"methods":[36],"often":[37],"fall":[38],"short":[39],"detecting":[41,129],"these":[42,56,89],"threats":[43],"due":[44],"complexity":[47],"and":[48,119],"diversity":[49],"code":[51,68,99,131],"semantics.":[52,69],"This":[53,91],"paper":[54],"addresses":[55],"challenges":[57],"by":[58,85],"leveraging":[59],"remarkable":[61],"success":[62],"transformer":[64,78],"models":[65,79],"understanding":[67,97],"We":[70],"propose":[71],"novel":[73],"approach":[74,112],"that":[75],"utilizes":[76],"pre-trained":[77],"embed":[81],"code,":[83],"followed":[84],"training":[86],"classifiers":[87],"on":[88],"embeddings.":[90],"methodology":[92],"enables":[93],"more":[95],"nuanced":[96],"semantics,":[100],"significantly":[101],"improving":[102],"detection":[104],"Through":[108],"extensive":[109],"experiments,":[110],"our":[111],"achieves":[113],"F1-scores":[114],"as":[115,117],"high":[116],"0.98":[118],"an":[120],"alert":[121],"rate":[122],"0.09%,":[124],"demonstrating":[125],"its":[126],"effectiveness":[127],"within":[132],"chains.":[137]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}