Acknowledgement
본 연구는 과학기술정보통신부 및 정보통신기획평가원의 인공지능융합혁신인재양성사업(IITP-2023-RS-2023-00256629), 대학 ICT 연구센터사업(IITP-2024-RS-2024-00437718), 정보통신기획평가원의 지원(No.RS-2024-00438686, 비정상 오픈소스 식별 및 DevSecOps 자동 적용을 통한 소프트웨어 신뢰성 향상 기술 개발)을 받아 수행된 연구임.
References
- Wentao Liang, Xiang Ling, Jingzheng Wu, Tianyue Luo, and Yanjun Wu, "A Needle is an Outlier in a Haystack: Hunting Malicious PyPI Packages with Code Clustering," Proc. IEEE/ACM International Conference on Automated Software Engineering (ASE), Kirchberg, Luxembourg, Sep. 2023, pp. 307-318.
- Ahmed Zerouali, Tom Mens, Alexandre Decan, and Coen De Roover, "On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency Networks," Empirical Software Engineering, vol. 27, no. 5, pp. 1-45, 2022.
- Muhammad Ijaz, Muhammad Hanif Durad, and Maliha Ismail, "Static and Dynamic Malware Analysis Using Machine Learning," Proc. of the 2019 16th International Bhurban Conference on Applied Sciences & Technology (IBCAST), Islamabad, Pakistan, Jan. 2019, pp. 687-691.
- Sajal Halder, Michael Bewong, Arash Mahboubi, Yinhao Jiang, Md Rafiqul Islam, Md Zahid Islam, Ryan HL Ip, Muhammad Ejaz Ahmed, Gowri Sankar Ramachandran, Muhammad Ali Babar. "Malicious Package Detection using Metadata Information." roc. of the ACM Web Conference 2024, Singapore, May 2024, pp. 1779-1789.
- Xiaoyan Zhou, Ying Zhang, Wenjia Niu, Jiqiang Liu, Haining Wang, and Qiang Li, "OSS Malicious Package Analysis in the Wild," arXiv preprint, 2024.
- Xiaoyan Zhou, Feiran Liang, Zhaojie Xie, Yang Lan, Wenjia Niu, Jiqiang Liu, and Qiang Li, "A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems," arXiv preprint, 2024.