Abstract
The use of open-source is rapidly increasing for the software development process, which gives rise to the cyber attack known as ”Dependency Confusion”. This attack is carried out by exploiting the vulnerability of the package management system to insert malicious code into the software supply chain of the organization. Traditional methods of detecting dependency confusion take much time to detect so to overcome that we will use Artificial Intelligence (AI). This paper explores the ability of AI in detecting this type of attack before the attack is performed. It helps detect the attacks by analyzing code signatures and comparing them to a known database of legitimate dependencies.The proposed AI-based approach can provide a more effective and automated way to prevent and detect dependency confusion attacks in software development.
INTRODUCTION
A. Artificial Intelligence
- Supervised Model: Dependency confusion is a security vulnerability that occurs when an attacker can inject malicious code into a software project by exploiting the way the project’s dependencies are managed. Artificial intelligence, including machine learning and other techniques, can be used to detect potential security vulnerabilities and prevent attacks. One approach to detecting dependency confusion using Machine Learning is using the Supervised Learning model. It is used to compare npm packages with subdomain dependencies and identify potential security vulnerabilities in dependency confusion.
Here is one possible approach:
- We created our own....
Author
Latest Articles
- BlogDecember 28, 2022Cybersecurity in Education: What Parents, Teachers, and Students Should Know in 2023
- BlogDecember 15, 2022Remembering Leonard Jacobs
- BlogSeptember 30, 2022VPN Security: A Pentester's Guide to VPN Vulnerabilities
- BlogAugust 9, 2022AppSec Tales II | Sign-in