You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains - Research portal of Justus Liebig University Giessen:

Konferenzpaper

You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains

Autorenliste: Truong, MinhTien; Gruschka, Nils; Lo Iacono, Luigi

Erschienen in: Network and System Security

Herausgeberliste: Song, H.H.

Jahr der Veröffentlichung: 2025

Seiten: 147-166

ISBN: 978-981-96-3530-6

eISBN: 978-981-96-3531-3

DOI Link: https://doi.org/10.1007/978-981-96-3531-3_8

Konferenz: 18th International Conference on Network and System Security (NSS)

Serientitel: Lecture Notes in Computer Science

Serienzählung: 15564

Abstract:

In recent years, typosquatting has become a significant threat to software supply chain systems, where malicious packages deceptively mimic legitimate ones. Attackers register these fraudulent packages with names strikingly similar to those of legitimate packages. As a result, developers can mistakenly download these malicious packages by mistyping the intended package name or selecting a package based on its convincing yet deceptive name.
In this paper, we assess the effectiveness of string-matching algorithms in identifying potential typosquatting candidates. We construct an open dataset comprising 394 typosquatting packages and evaluate the performance of these algorithms based on their ability to detect typosquatting packages. In addition, we introduce a novel string-matching algorithm, an extension of the Damerau-Levenshtein distance, demonstrating a notably higher true-positive rate than existing methods. Since our dataset contains features not previously considered, we also investigate how these new features affect the assignment accuracy of ML-based classifiers. Our results show an overall accuracy rate of 98.4% on our datasets and 96.0% and 93.5% accuracy on evaluating two other open datasets. These results provide valuable insights for researchers, package manager vendors, and developers to improve their understanding of malicious typosquatting packages and improve mediation strategies and technologies.

Autoren/Herausgeber

- Uni.-Prof. Dr.-Ing. Luigi Lo Iacono

Zitierstile

Harvard-Zitierstil: Truong, M., Gruschka, N. and Lo Iacono, L. (2025) You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains, in Song, H. (ed.) Network and System Security. Singapore: Springer. pp. 147-166. https://doi.org/10.1007/978-981-96-3531-3_8

APA-Zitierstil: Truong, M., Gruschka, N., & Lo Iacono, L. (2025). You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains. In Song, H. (Ed.), Network and System Security. (pp. 147-166). Springer. https://doi.org/10.1007/978-981-96-3531-3_8