Search papers, labs, and topics across Lattice.
PYPILINE introduces a novel approach to detecting malicious PyPI packages by integrating a suspicious API knowledge base with an Agent workflow, addressing the limitations of existing methods that lack interpretability and adaptability. The system conducts static analysis to generate API call graphs and extract relevant features, which are then utilized for enhanced reasoning during the detection phase. Experimental results demonstrate that PYPILINE achieves a precision of 96.7%, recall of 99.6%, and an F1-score of 98.1%, significantly outperforming existing tools by a margin of 5.7 to 24.2 percentage points in precision.
PYPILINE's innovative use of a suspicious API knowledge base allows for a dramatic leap in malicious package detection accuracy, setting a new standard in open-source security.
The detection of malicious PyPI packages is crucial for maintaining the security of the open source software supply chain. Existing methods, which primarily rely on rules or traditional machine learning, suffer from poor interpretability and difficulty in adapting to novel attacks. To address this, we propose PYPILINE, a novel detection method that combines a suspicious API knowledge base with an Agent workflow. PYPILINE first conducts static analysis on known malicious packages, extracting abstract syntax trees and generating API call graphs, from which it automatically extracts and constructs a structured suspicious API knowledge base. During the detection phase, this knowledge base is used to enhance reasoning capabilities. Through an Agent workflow, PYPILINE performs in depth semantic analysis of unknown packages and outputs a structured, interpretable maliciousness assessment report. The experimental results show that PYPILINE significantly outperforms existing state-of-the-art tools in precision of 96.7\%, recall of 99.6\%, and F1-score of 98.1\%, with its precision surpassing baseline tools by 5.7 to 24.2 percentage points. Additionally, we conducted an empirical study on malicious packages, systematically revealing prevalent attack strategies, as well as the most commonly abused APIs. Equipped with tool-calling AI agent workflows for automated vector database retrieval of suspicious API knowledge and mail server delivery of analysis reports, PYPILINE delivers a practical, efficient, and convenient malicious package detection solution to strengthen open-source ecosystem security.