Cyber-guided Deep Neural Network for Malicious Repository Detection in GitHub

2020 IEEE International Conference on Knowledge Graph (ICKG) Pub Date : 2020-08-01 DOI:10.1109/ICBK50248.2020.00071

Yiming Zhang, Yujie Fan, Shifu Hou, Yanfang Ye, Xusheng Xiao, P. Li, C. Shi, Liang Zhao, Shouhuai Xu

{"title":"Cyber-guided Deep Neural Network for Malicious Repository Detection in GitHub","authors":"Yiming Zhang, Yujie Fan, Shifu Hou, Yanfang Ye, Xusheng Xiao, P. Li, C. Shi, Liang Zhao, Shouhuai Xu","doi":"10.1109/ICBK50248.2020.00071","DOIUrl":null,"url":null,"abstract":"As the largest source code repository, GitHub has played a vital role in modern social coding ecosystem to generate production software. Despite the apparent benefits of such social coding paradigm, its potential security risks have been largely overlooked (e.g., malicious codes or repositories could be easily embedded and distributed). To address this imminent issue, in this paper, we propose a novel framework (named GitCyber) to automate malicious repository detection in GitHub at the first attempt. In GitCyber, we first extract code contents from the repositories hosted in GitHub as the inputs for deep neural network (DNN), and then we incorporate cybersecurity domain knowledge modeled by heterogeneous information network (HIN) to design cyber-guided loss function in the learning objective of the DNN to assure the classification performance while preserving consistency with the observational domain knowledge. Comprehensive experiments based on the large-scale data collected from GitHub demonstrate that our proposed GitCyber outperforms the state-of-the-arts in malicious repository detection.","PeriodicalId":432857,"journal":{"name":"2020 IEEE International Conference on Knowledge Graph (ICKG)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Knowledge Graph (ICKG)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICBK50248.2020.00071","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

As the largest source code repository, GitHub has played a vital role in modern social coding ecosystem to generate production software. Despite the apparent benefits of such social coding paradigm, its potential security risks have been largely overlooked (e.g., malicious codes or repositories could be easily embedded and distributed). To address this imminent issue, in this paper, we propose a novel framework (named GitCyber) to automate malicious repository detection in GitHub at the first attempt. In GitCyber, we first extract code contents from the repositories hosted in GitHub as the inputs for deep neural network (DNN), and then we incorporate cybersecurity domain knowledge modeled by heterogeneous information network (HIN) to design cyber-guided loss function in the learning objective of the DNN to assure the classification performance while preserving consistency with the observational domain knowledge. Comprehensive experiments based on the large-scale data collected from GitHub demonstrate that our proposed GitCyber outperforms the state-of-the-arts in malicious repository detection.

查看原文本刊更多论文

用于恶意存储库检测的网络引导深度神经网络

作为最大的源代码存储库，GitHub在现代社会编码生态系统中发挥了至关重要的作用，以生成生产软件。尽管这种社会编码范式有明显的好处，但其潜在的安全风险在很大程度上被忽视了(例如，恶意代码或存储库可以很容易地嵌入和分发)。为了解决这个迫在眉睫的问题，在本文中，我们提出了一个新的框架(名为GitHub)，在第一次尝试时自动检测GitHub中的恶意存储库。在GitHub中，我们首先从GitHub存储库中提取代码内容作为深度神经网络(DNN)的输入，然后在DNN的学习目标中引入异构信息网络(HIN)建模的网络安全领域知识，设计网络引导损失函数，在保证分类性能的同时保持与观测领域知识的一致性。基于从GitHub收集的大规模数据的综合实验表明，我们提出的GitHub网络在恶意存储库检测方面优于最先进的技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE International Conference on Knowledge Graph (ICKG)

自引率

0.00%

发文量