Approach of Detecting Dependency Confusion Attacks using Artificial Intelligence and Machine Learning - Pentestmag

Approach of Detecting Dependency Confusion Attacks using Artificial Intelligence and Machine Learning

Jul 13, 2023

Abstract

The use of open-source is rapidly increasing for the software development process, which gives rise to the cyber attack known as ”Dependency Confusion”. This attack is carried out by exploiting the vulnerability of the package management system to insert malicious code into the software supply chain of the organization. Traditional methods of detecting dependency confusion take much time to detect so to overcome that we will use Artificial Intelligence (AI). This paper explores the ability of AI in detecting this type of attack before the attack is performed. It helps detect the attacks by analyzing code signatures and comparing them to a known database of legitimate dependencies.The proposed AI-based approach can provide a more effective and automated way to prevent and detect dependency confusion attacks in software development.

INTRODUCTION

A. Artificial Intelligence

  • Supervised Model: Dependency confusion is a security vulnerability that occurs when an attacker can inject malicious code into a software project by exploiting the way the project’s dependencies are managed. Artificial intelligence, including machine learning and other techniques, can be used to detect potential security vulnerabilities and prevent attacks. One approach to detecting dependency confusion using Machine Learning is using the Supervised Learning model. It is used to compare npm packages with subdomain dependencies and identify potential security vulnerabilities in dependency confusion.

Here is one possible approach:

  1. We created our own....

July 13, 2023

Author

Gaurav Bhatia, Vansh Chanchlani, Tanisha Gupta, Dhruv Jain
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023