You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains - Research portal of Justus Liebig University Giessen:

Conference paper

You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains

Authors list: Truong, MinhTien; Gruschka, Nils; Lo Iacono, Luigi

Appeared in: Network and System Security

Editor list: Song, H.H.

Publication year: 2025

Pages: 147-166

ISBN: 978-981-96-3530-6

eISBN: 978-981-96-3531-3

DOI Link: https://doi.org/10.1007/978-981-96-3531-3_8

Conference: 18th International Conference on Network and System Security (NSS)

Title of series: Lecture Notes in Computer Science

Number in series: 15564

Abstract:

In recent years, typosquatting has become a significant threat to software supply chain systems, where malicious packages deceptively mimic legitimate ones. Attackers register these fraudulent packages with names strikingly similar to those of legitimate packages. As a result, developers can mistakenly download these malicious packages by mistyping the intended package name or selecting a package based on its convincing yet deceptive name.
In this paper, we assess the effectiveness of string-matching algorithms in identifying potential typosquatting candidates. We construct an open dataset comprising 394 typosquatting packages and evaluate the performance of these algorithms based on their ability to detect typosquatting packages. In addition, we introduce a novel string-matching algorithm, an extension of the Damerau-Levenshtein distance, demonstrating a notably higher true-positive rate than existing methods. Since our dataset contains features not previously considered, we also investigate how these new features affect the assignment accuracy of ML-based classifiers. Our results show an overall accuracy rate of 98.4% on our datasets and 96.0% and 93.5% accuracy on evaluating two other open datasets. These results provide valuable insights for researchers, package manager vendors, and developers to improve their understanding of malicious typosquatting packages and improve mediation strategies and technologies.

Authors/Editors

- Uni.-Prof. Dr.-Ing. Luigi Lo Iacono

Citation Styles

Harvard Citation style: Truong, M., Gruschka, N. and Lo Iacono, L. (2025) You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains, in Song, H. (ed.) Network and System Security. Singapore: Springer. pp. 147-166. https://doi.org/10.1007/978-981-96-3531-3_8

APA Citation style: Truong, M., Gruschka, N., & Lo Iacono, L. (2025). You Can’t Touch This: Detecting Typosquatting Packages for Enhanced Malware Prevention in Software Supply Chains. In Song, H. (Ed.), Network and System Security. (pp. 147-166). Springer. https://doi.org/10.1007/978-981-96-3531-3_8