Search papers, labs, and topics across Lattice.
ProfMalPlus is a novel detector for malicious NPM packages that synergizes static and dynamic analysis through object-sensitive behavior graphs and coordinated LLM reasoning. By effectively modeling JavaScript's unique features and integrating local and global judgment mechanisms, the system achieves a remarkable 98.1% F1-score, significantly outperforming existing detectors. The approach not only enhances detection accuracy but also successfully identifies 597 previously unknown malicious packages, demonstrating its practical impact on supply-chain security.
Achieving a 98.1% F1-score, ProfMalPlus outperforms existing malicious package detectors while uncovering hundreds of previously hidden threats.
Open source software is vulnerable to supply-chain attacks through transitive dependencies, especially malicious code injected into NPM packages. Existing detectors often inadequately model obfuscated behavior, overlook JavaScript's object-centric features, poorly coordinate static and dynamic analysis, and lose semantic information during behavior abstraction. We propose ProfMalPlus, a malicious NPM package detector combining object-sensitive behavior graphs with coordinated LLM reasoning over annotated code slices. It identifies installation commands and entry files, then constructs graphs capturing sensitive APIs, third-party calls, and unresolved calls. From these graphs, ProfMalPlus extracts security-relevant slices and adds inline static analysis evidence. Local judge agents independently assess each slice. Self-consistency consolidates repeated judgements to reduce LLM variance, while a global judge synthesizes their reports into an entry-level verdict. For undetermined cases, a router selects either third-party enrichment, which adds registry derived module and method semantics, or dynamic augmentation, which executes the package in a sandbox to resolve runtime dependent behavior. The enriched evidence is fed back for reassessment. Finally, a localization agent reports malicious code snippets with explanations. ProfMalPlus achieves a 98.1% F1-score, outperforming state-of-the-art detectors by 3.5% to 52.6%. It also identified 597 previously unknown malicious packages, all confirmed and removed from NPM.