DySec: A Machine Learning-based Dynamic Analysis for Detecting Malicious Packages in PyPI Ecosystem
Sk Tanzir Mehedi, Chadni Islam, Gowri Ramachandran, Raja Jurdak
TL;DR
DySec addresses PyPI software supply-chain risk by shifting from metadata and static analysis to install-time dynamic monitoring using eBPF probes. It collects 36 install-time features across six trace categories from a sandboxed environment and trains ML models, with Random Forest delivering the best overall performance. The framework achieves up to 95.99% accuracy and sub-0.5s latency, reducing false negatives relative to baseline methods and enabling real-world actions such as removing malicious packages. By detecting unseen install-time threats and providing interpretable pattern-based insights, DySec offers a scalable defense to harden open-source ecosystems like PyPI.
Abstract
Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring makes metadata inspection and static code analysis inadequate against advanced attack strategies such as typosquatting, covert remote access activation, and dynamic payload generation. To address these challenges, we introduce DySec, a machine learning (ML)-based dynamic analysis framework for PyPI that uses eBPF kernel and user-level probes to monitor behaviors during package installation. By capturing 36 real-time features-including system calls, network traffic, resource usage, directory access, and installation patterns-DySec detects threats like typosquatting, covert remote access activation, dynamic payload generation, and multiphase attack malware. We developed a comprehensive dataset of 14,271 Python packages, including 7,127 malicious sample traces, by executing them in a controlled isolated environment. Experimental results demonstrate that DySec achieves a 95.99\% detection accuracy with a latency of <0.5s, reducing false negatives by 78.65\% compared to static analysis and 82.24\% compared to metadata analysis. During the evaluation, DySec flagged 11 packages that PyPI classified as benign. A manual analysis, including installation behavior inspection, confirmed six of them as malicious. These findings were reported to PyPI maintainers, resulting in the removal of four packages. DySec bridges the gap between reactive traditional methods and proactive, scalable threat mitigation in open-source ecosystems by uniquely detecting malicious install-time behaviors.