Software supply chain detection method and device
The embodiment of the invention provides a software supply chain detection method and device. The method comprises the steps that the similarity between a to-be-detected package and all popular packages in a preset popular package list is calculated; wherein the popular packages are determined accor...
Saved in:
Main Authors | , , , , , , , |
---|---|
Format | Patent |
Language | Chinese English |
Published |
31.01.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The embodiment of the invention provides a software supply chain detection method and device. The method comprises the steps that the similarity between a to-be-detected package and all popular packages in a preset popular package list is calculated; wherein the popular packages are determined according to the package downloading quantity and the dependency relationship of the packages; outputting a first detection result in response to the fact that the similarity between the to-be-detected packet and any popular packet is greater than a preset similarity threshold value; analyzing the automatic installation script of the to-be-detected packet to generate an abstract syntax tree; preprocessing the abstract syntax tree to obtain a vector representation of the abstract syntax tree; and inputting the vector representation into a preset malicious code detection model, and outputting a second detection result by the malicious code detection model. According to the application, security detection can be carried ou |
---|---|
Bibliography: | Application Number: CN202211689506 |