Automated Environment Extraction for Malicious Package Validation: Leveraging Threat Intelligence

Automated Environment Extraction for Malicious Package Validation: Leveraging Threat Intelligence

연구 분야: Safety

학회: FSE Companion '25: Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering

The proliferation of malicious packages in software repositories presents significant security challenges for the software supply chain. While threat intelligence reports frequently document newly discovered malicious packages, validating these reports remains a labor-intensive and error-prone process. This paper introduces an automated approach that leverages large language models (LLMs) to extract environmental configuration parameters from threat intelligence reports and automatically construct isolated testing environments to validate reported malicious behaviors. Our methodology encompasses four key components: threat intelligence processing, environment parameter extraction using LLMs, automated environment construction with containers, and dynamic behavior validation. We demonstrate the effectiveness of our approach through a case study involving a real-world malicious PyPI package, where our system successfully extracted relevant parameters and confirmed the reported malicious behavior.