Software supply chain detection method and device

The embodiment of the invention provides a software supply chain detection method and device. The method comprises the steps that the similarity between a to-be-detected package and all popular packages in a preset popular package list is calculated; wherein the popular packages are determined accor...

Full description

Saved in:
Bibliographic Details
Main Authors WEN QIAOYAN, SHI YIJIE, CHAI ZHIGANG, CHEN MIAO, WANG SENMIAO, KIM JEONG-PYEONG, QIN SUJUAN, TU TENGFEI
Format Patent
LanguageChinese
English
Published 31.01.2023
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:The embodiment of the invention provides a software supply chain detection method and device. The method comprises the steps that the similarity between a to-be-detected package and all popular packages in a preset popular package list is calculated; wherein the popular packages are determined according to the package downloading quantity and the dependency relationship of the packages; outputting a first detection result in response to the fact that the similarity between the to-be-detected packet and any popular packet is greater than a preset similarity threshold value; analyzing the automatic installation script of the to-be-detected packet to generate an abstract syntax tree; preprocessing the abstract syntax tree to obtain a vector representation of the abstract syntax tree; and inputting the vector representation into a preset malicious code detection model, and outputting a second detection result by the malicious code detection model. According to the application, security detection can be carried ou
Bibliography:Application Number: CN202211689506