Large language model supply chain: A research agenda
The rapid advancement of large language models (LLMs) has revolutionized artificial
intelligence, introducing unprecedented capabilities in natural language processing and …
intelligence, introducing unprecedented capabilities in natural language processing and …
Research directions in software supply chain security
Reusable software libraries, frameworks, and components, such as those provided by open-
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …
Maltracker: A fine-grained npm malware tracker copiloted by llm-enhanced dataset
Z Yu, M Wen, X Guo, H ** - Proceedings of the 33rd ACM SIGSOFT …, 2024 - dl.acm.org
As the largest package registry, Node Package Manager (NPM) has become the prime
target for various supply chain attacks recently and has been flooded with numerous …
target for various supply chain attacks recently and has been flooded with numerous …
Models are codes: Towards measuring malicious code poisoning attacks on pre-trained model hubs
The proliferation of pre-trained models (PTMs) and datasets has led to the emergence of
centralized model hubs like Hugging Face, which facilitate collaborative development and …
centralized model hubs like Hugging Face, which facilitate collaborative development and …
Exploring naming conventions (and defects) of pre-trained deep learning models in hugging face and other model hubs
As innovation in deep learning continues, many engineers want to adopt Pre-Trained deep
learning Models (PTMs) as components in computer systems. PTMs are part of a research-to …
learning Models (PTMs) as components in computer systems. PTMs are part of a research-to …
SpiderScan: Practical Detection of Malicious NPM Packages Based on Graph-Based Behavior Modeling and Matching
Open source software (OSS) supply chains have been attractive targets for attacks. One of
the significant, popular attacks is realized by malicious packages on package registries …
the significant, popular attacks is realized by malicious packages on package registries …
Shifting the Lens: Detecting Malware in npm Ecosystem with Large Language Models
N Zahan, P Burckhardt, M Lysenko… - arxiv preprint arxiv …, 2024 - arxiv.org
The Gartner 2022 report predicts that 45% of organizations worldwide will encounter
software supply chain attacks by 2025, highlighting the urgency to improve software supply …
software supply chain attacks by 2025, highlighting the urgency to improve software supply …
1+ 1> 2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection
PyPI, the official package registry for Python, has seen a surge in the number of malicious
package uploads in recent years. Prior studies have demonstrated the effectiveness of …
package uploads in recent years. Prior studies have demonstrated the effectiveness of …
Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence
Open-source software (OSS) supply chain enlarges the attack surface of a software system,
which makes package registries attractive targets for attacks. Recently, multiple package …
which makes package registries attractive targets for attacks. Recently, multiple package …
Software Security Analysis in 2030 and Beyond: A Research Roadmap
As our lives, our businesses, and indeed our world economy become increasingly reliant on
the secure operation of many interconnected software systems, the software engineering …
the secure operation of many interconnected software systems, the software engineering …