乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T22:29:29Z","timestamp":1730327369419,"version":"3.28.0"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,8,29]]},"DOI":"10.1145\/3600160.3600162","type":"proceedings-article","created":{"date-parts":[[2023,8,9]],"date-time":"2023-08-09T22:54:41Z","timestamp":1691621681000},"page":"1-11","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["SoK: Practical Detection of Software Supply Chain Attacks"],"prefix":"10.1145","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-2913-5270","authenticated-orcid":false,"given":"Marc","family":"Ohm","sequence":"first","affiliation":[{"name":"Fraunhofer FKIE, Germany and University of Bonn, Germany"}]},{"ORCID":"http:\/\/orcid.org\/0009-0008-5172-3248","authenticated-orcid":false,"given":"Charlene","family":"Stuke","sequence":"additional","affiliation":[{"name":"University of Bonn, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,8,29]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564550"},{"key":"e_1_3_2_1_2_1","unstructured":"Gianluca Borello. 2015. System and application monitoring and troubleshooting with sysdig. (2015)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2022.23001"},{"key":"e_1_3_2_1_4_1","unstructured":"Martin \u010carnogursk\u1ef3. 2019. Attacks on Package Managers. (2019)."},{"key":"e_1_3_2_1_5_1","volume-title":"Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. arXiv preprint arXiv:2002.01139","author":"Duan Ruian","year":"2020","unstructured":"Ruian Duan, Omar Alrawi, Ranjita\u00a0Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2020. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. arXiv preprint arXiv:2002.01139 (2020)."},{"key":"e_1_3_2_1_6_1","volume-title":"Detecting Suspicious Package Updates. In 2019 IEEE\/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). IEEE, 13\u201316","author":"Garrett Kalil","year":"2019","unstructured":"Kalil Garrett, Gabriel Ferreira, Limin Jia, Joshua Sunshine, and Christian K\u00e4stner. 2019. Detecting Suspicious Package Updates. In 2019 IEEE\/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). IEEE, 13\u201316."},{"key":"e_1_3_2_1_7_1","unstructured":"GitHub Inc.2020. The State of the Octoverse. https:\/\/octoverse.github.com\/2019\/ (accessed: 16.01.2023)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Danielle Gonzalez Thomas Zimmermann Patrice Godefroid and Max Sch\u00e4fer. 2021. Anomalicious: Automated Detection of Anomalous and Potentially Malicious Commits on GitHub. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE 258\u2013267.","DOI":"10.1109\/ICSE-SEIP52600.2021.00035"},{"key":"e_1_3_2_1_9_1","unstructured":"Trey Herr William Loomis Stewart Scott and June Lee. 2020. Breaking trust: Shades of crisis across an insecure software supply chain. https:\/\/www.atlanticcouncil.org\/in-depth-research-reports\/report\/breaking-trust-shades-of-crisis-across-an-insecure-software-supply-chain\/ (accessed: 16.11.2022)."},{"key":"e_1_3_2_1_10_1","unstructured":"Thomas Hunter ||. 2018. Compromised npm Package: event-stream. https:\/\/medium.com\/intrinsic-blog\/compromised-npm-package-event-stream-d47d08605502 (accessed: 11.11.2022)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564546"},{"key":"e_1_3_2_1_12_1","volume-title":"Towards the Detection of Malicious Java Packages. arXiv preprint arXiv:2210.03998","author":"Ladisa Piergiorgio","year":"2022","unstructured":"Piergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais, and Serena\u00a0Elisa Ponta. 2022. Towards the Detection of Malicious Java Packages. arXiv preprint arXiv:2210.03998 (2022)."},{"key":"e_1_3_2_1_13_1","volume-title":"Malicious Packages Lurking in User-Friendly Python Package Index. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 606\u2013613","author":"Liang Genpei","year":"2021","unstructured":"Genpei Liang, Xiangyu Zhou, Qingyu Wang, Yutong Du, and Cheng Huang. 2021. Malicious Packages Lurking in User-Friendly Python Package Index. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 606\u2013613."},{"key":"e_1_3_2_1_14_1","unstructured":"Anders\u00a0Aasrum Milje. 2022. Detecting Malicious Python Packages in the Python Package Index (PyPI). Master\u2019s thesis. NTNU."},{"key":"e_1_3_2_1_15_1","unstructured":"npm Inc.(accessed: 29.11.2022). npm metadata. https:\/\/replicate.npmjs.com\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3544415"},{"key":"e_1_3_2_1_17_1","first-page":"1","article-title":"Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors","volume":"2022","author":"Ohm Marc","year":"2022","unstructured":"Marc Ohm, Lukas Kempf, Felix Boes, and Michael Meier. 2022. Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors. Sicherheit 2022 (2022), 1\u201313.","journal-title":"Sicherheit"},{"key":"e_1_3_2_1_18_1","volume-title":"Backstabber\u2019s Knife Collection: A Review of Open Source Software Supply Chain Attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer.","author":"Ohm Marc","year":"2020","unstructured":"Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstabber\u2019s Knife Collection: A Review of Open Source Software Supply Chain Attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409183"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3120928"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3543815"},{"key":"e_1_3_2_1_22_1","volume-title":"Practical Automated Detection of Malicious npm Packages. arXiv preprint arXiv:2202.13953","author":"Sejfia Adriana","year":"2022","unstructured":"Adriana Sejfia and Max Sch\u00e4fer. 2022. Practical Automated Detection of Malicious npm Packages. arXiv preprint arXiv:2202.13953 (2022)."},{"volume-title":"d.]. State of the Software Supply Chain","year":"2022","key":"e_1_3_2_1_23_1","unstructured":"Sonatype. [n. d.]. State of the Software Supply Chain 2022."},{"key":"e_1_3_2_1_24_1","volume-title":"Spellbound: Defending Against Package Typosquatting. arXiv preprint arXiv:2003.03471","author":"Taylor Matthew","year":"2020","unstructured":"Matthew Taylor, Ruturaj\u00a0K Vaidya, Drew Davidson, Lorenzo De\u00a0Carli, and Vaibhav Rastogi. 2020. Spellbound: Defending Against Package Typosquatting. arXiv preprint arXiv:2003.03471 (2020)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468592"},{"key":"e_1_3_2_1_26_1","volume-title":"A Benchmark Comparison of Python Malware Detection Approaches. arXiv preprint arXiv:2209.13288","author":"Vu Duc-Ly","year":"2022","unstructured":"Duc-Ly Vu, Zachary Newman, and John\u00a0Speed Meyers. 2022. A Benchmark Comparison of Python Malware Detection Approaches. arXiv preprint arXiv:2209.13288 (2022)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3420015"},{"key":"e_1_3_2_1_28_1","volume-title":"Typosquatting and Combosquatting Attacks on the Python Ecosystem. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 509\u2013514","author":"Vu Duc-Ly","year":"2020","unstructured":"Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, and Antonino Sabetta. 2020. Typosquatting and Combosquatting Attacks on the Python Ecosystem. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 509\u2013514."},{"key":"e_1_3_2_1_29_1","volume-title":"On the Feasibility of Detecting Software Supply Chain Attacks. In MILCOM 2021-2021 IEEE Military Communications Conference (MILCOM). IEEE, 458\u2013463","author":"Wang Xinyuan","year":"2021","unstructured":"Xinyuan Wang. 2021. On the Feasibility of Detecting Software Supply Chain Attacks. In MILCOM 2021-2021 IEEE Military Communications Conference (MILCOM). IEEE, 458\u2013463."}],"event":{"name":"ARES 2023: The 18th International Conference on Availability, Reliability and Security","acronym":"ARES 2023","location":"Benevento Italy"},"container-title":["Proceedings of the 18th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3600160.3600162","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T01:00:00Z","timestamp":1721264400000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3600160.3600162"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,29]]},"references-count":29,"alternative-id":["10.1145\/3600160.3600162","10.1145\/3600160"],"URL":"https:\/\/doi.org\/10.1145\/3600160.3600162","relation":{},"subject":[],"published":{"date-parts":[[2023,8,29]]},"assertion":[{"value":"2023-08-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}