Table of Contents
Fetching ...

Cutting the Gordian Knot: Detecting Malicious PyPI Packages via a Knowledge-Mining Framework

Wenbo Guo, Chengwei Liu, Ming Kang, Yiran Zhang, Jiahui Wu, Zhengzi Xu, Vinay Sachidananda, Yang Liu

TL;DR

This work tackles the high false-positive rate in PyPI malicious package detection by introducing PyGuard, a knowledge-driven framework that converts detection failures into a semantic knowledge base. It combines hierarchical behavior pattern mining, LLM-assisted semantic abstraction, and a retrieval-augmented detection pipeline to achieve high accuracy (99.50%) with minimal false positives and strong obfuscation robustness (98.28%). The approach yields 304 discriminative patterns (278 deterministic, 26 justifiable) and demonstrates real-world impact by identifying 219 previously unknown malicious packages and enabling cross-ecosystem transfer with 98.07% accuracy on NPM. The framework offers practical benefits for deployment, including reduced analyst workload and robust detection across evolving threats and languages, backed by open science practices.

Abstract

The Python Package Index (PyPI) has become a target for malicious actors, yet existing detection tools generate false positive rates of 15-30%, incorrectly flagging one-third of legitimate packages as malicious. This problem arises because current tools rely on simple syntactic rules rather than semantic understanding, failing to distinguish between identical API calls serving legitimate versus malicious purposes. To address this challenge, we propose PyGuard, a knowledge-driven framework that converts detection failures into useful behavioral knowledge by extracting patterns from existing tools' false positives and negatives. Our method utilizes hierarchical pattern mining to identify behavioral sequences that distinguish malicious from benign code, employs Large Language Models to create semantic abstractions beyond syntactic variations, and combines this knowledge into a detection system that integrates exact pattern matching with contextual reasoning. PyGuard achieves 99.50% accuracy with only 2 false positives versus 1,927-2,117 in existing tools, maintains 98.28% accuracy on obfuscated code, and identified 219 previously unknown malicious packages in real-world deployment. The behavioral patterns show cross-ecosystem applicability with 98.07% accuracy on NPM packages, demonstrating that semantic understanding enables knowledge transfer across programming languages.

Cutting the Gordian Knot: Detecting Malicious PyPI Packages via a Knowledge-Mining Framework

TL;DR

This work tackles the high false-positive rate in PyPI malicious package detection by introducing PyGuard, a knowledge-driven framework that converts detection failures into a semantic knowledge base. It combines hierarchical behavior pattern mining, LLM-assisted semantic abstraction, and a retrieval-augmented detection pipeline to achieve high accuracy (99.50%) with minimal false positives and strong obfuscation robustness (98.28%). The approach yields 304 discriminative patterns (278 deterministic, 26 justifiable) and demonstrates real-world impact by identifying 219 previously unknown malicious packages and enabling cross-ecosystem transfer with 98.07% accuracy on NPM. The framework offers practical benefits for deployment, including reduced analyst workload and robust detection across evolving threats and languages, backed by open science practices.

Abstract

The Python Package Index (PyPI) has become a target for malicious actors, yet existing detection tools generate false positive rates of 15-30%, incorrectly flagging one-third of legitimate packages as malicious. This problem arises because current tools rely on simple syntactic rules rather than semantic understanding, failing to distinguish between identical API calls serving legitimate versus malicious purposes. To address this challenge, we propose PyGuard, a knowledge-driven framework that converts detection failures into useful behavioral knowledge by extracting patterns from existing tools' false positives and negatives. Our method utilizes hierarchical pattern mining to identify behavioral sequences that distinguish malicious from benign code, employs Large Language Models to create semantic abstractions beyond syntactic variations, and combines this knowledge into a detection system that integrates exact pattern matching with contextual reasoning. PyGuard achieves 99.50% accuracy with only 2 false positives versus 1,927-2,117 in existing tools, maintains 98.28% accuracy on obfuscated code, and identified 219 previously unknown malicious packages in real-world deployment. The behavioral patterns show cross-ecosystem applicability with 98.07% accuracy on NPM packages, demonstrating that semantic understanding enables knowledge transfer across programming languages.
Paper Structure (28 sections, 1 equation, 3 figures, 11 tables, 1 algorithm)

This paper contains 28 sections, 1 equation, 3 figures, 11 tables, 1 algorithm.

Figures (3)

  • Figure 1: API-level similarity between malicious and benign packages leading to false positive.
  • Figure 2: Overview of Hierarchical Behavior Pattern Mining and Detection Framework
  • Figure 3: Distribution of Malicious Package Behaviors