{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T02:17:14Z","timestamp":1743041834321,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":42,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819635306"},{"type":"electronic","value":"9789819635313"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-3531-3_8","type":"book-chapter","created":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:11:24Z","timestamp":1741867884000},"page":"147-166","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["You Can\u2019t Touch This: Detecting Typosquatting Packages for\u00a0Enhanced Malware Prevention in\u00a0Software Supply Chains"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3866-4621","authenticated-orcid":false,"given":"Minh Tien","family":"Truong","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7360-8314","authenticated-orcid":false,"given":"Nils","family":"Gruschka","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7863-0622","authenticated-orcid":false,"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,14]]},"reference":[{"key":"8_CR1","unstructured":"Aklson, A., et al.: State of the software supply chain report: Sonatype\u2019s industry-defining research on the rapidly changing landscape of open source (2022). https:\/\/de.sonatype.com\/state-of-the-software-supply-chain\/introduction"},{"key":"8_CR2","unstructured":"Aldawood, H., Skinner, G.: Contemporary cyber security social engineering solutions, measures, policies, tools and applications: a critical appraisal (2019). https:\/\/f.hubspotusercontent30.net\/hubfs\/8156085\/WhitePaper%20-%20IJS%20-%20Contemporary%20Cyber%20Security%20Social%20Engineering%20Solutions[1].pdf"},{"key":"8_CR3","doi-asserted-by":"publisher","unstructured":"Blanc, G., Miyamoto, D., Akiyama, M., Kadobayashi, Y.: Characterizing obfuscated javascript using abstract syntax trees: experimenting with malicious scripts. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops, pp. 344\u2013351 (2012). https:\/\/doi.org\/10.1109\/WAINA.2012.140","DOI":"10.1109\/WAINA.2012.140"},{"key":"8_CR4","unstructured":"Breese, J.S., Heckerman, D., Kadie, C.: Empirical analysis of predictive algorithms for collaborative filtering. In: Proceedings of the Fourteenth Conference on Uncertainty in Artificial Intelligence, UAI 1998, pp. 43\u201352. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA (1998)"},{"key":"8_CR5","unstructured":"Breiman, L.: Random forests, pp. 5\u201332 (2001). https:\/\/link.springer.com\/article\/10.1023\/A:1010933404324"},{"key":"8_CR6","unstructured":"\u010carnogursk\u00fd, M.: Attacks on Package Managers. Bachelor thesis, Masaryk University, Br\u00fcnn, Tschechien (2019). https:\/\/is.muni.cz\/th\/y41ft\/thesis_final_electronic.pdf"},{"key":"8_CR7","unstructured":"Chappell, B., Neuman, S.: U.s. says north korea \u2019directly responsible\u2019 for wannacry ransomware attack. NPR (2017-12-19), https:\/\/www.npr.org\/sections\/thetwo-way\/2017\/12\/19\/571854614\/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack"},{"issue":"3","key":"8_CR8","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1145\/363958.363994","volume":"7","author":"FJ Damerau","year":"1964","unstructured":"Damerau, F.J.: A technique for computer detection and correction of spelling errors. Commun. ACM 7(3), 171\u2013176 (1964). https:\/\/doi.org\/10.1145\/363958.363994","journal-title":"Commun. ACM"},{"key":"8_CR9","doi-asserted-by":"publisher","unstructured":"Duan, R., Alrawi, O., Kasturi, R.P., Elder, R., Saltaformaggio, B., Lee, W.: Towards measuring supply chain attacks on package managers for interpreted languages. In: Sadeghi, A.R., Koushanfar, F. (eds.) Proceedings 2021 Network and Distributed System Security Symposium. Internet Society, Reston, VA (2021). https:\/\/doi.org\/10.14722\/ndss.2021.23055","DOI":"10.14722\/ndss.2021.23055"},{"key":"8_CR10","doi-asserted-by":"publisher","unstructured":"Garrett, K., Ferreira, G., Jia, L., Sunshine, J., Kastner, C.: Detecting suspicious package updates. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). pp. 13\u201316. IEEE (2019). https:\/\/doi.org\/10.1109\/ICSE-NIER.2019.00012","DOI":"10.1109\/ICSE-NIER.2019.00012"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Hendrick, S., Mckeay, M.: Addressing cybersecurity challenges in open source software (2022). https:\/\/www.linuxfoundation.org\/research\/addressing-cybersecurity-challenges-in-open-source-software","DOI":"10.70828\/JXEY9389"},{"key":"8_CR12","unstructured":"Ilyankou, I.: Comparison of jaro-winkler and ratcliff\/obershelp algorithms in spell check (2014). https:\/\/ilyankou.files.wordpress.com\/2015\/06\/ib-extended-essay.pdf"},{"key":"8_CR13","doi-asserted-by":"publisher","unstructured":"Jaccard, P.: The distribution of the flora in the alpine zone.1. New Phytologist 11(2), 37\u201350 (1912).https:\/\/doi.org\/10.1111\/j.1469-8137.1912.tb05611.x, https:\/\/nph.onlinelibrary.wiley.com\/doi\/abs\/10.1111\/j.1469-8137.1912.tb05611.x","DOI":"10.1111\/j.1469-8137.1912.tb05611.x"},{"issue":"406","key":"8_CR14","doi-asserted-by":"publisher","first-page":"414","DOI":"10.2307\/2289924","volume":"84","author":"MA Jaro","year":"1989","unstructured":"Jaro, M.A.: Advances in record-linkage methodology as applied to matching the 1985 census of Tampa, Florida. J. Am. Stat. Assoc. 84(406), 414 (1989). https:\/\/doi.org\/10.2307\/2289924","journal-title":"J. Am. Stat. Assoc."},{"issue":"4","key":"8_CR15","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1002\/sam.11583","volume":"15","author":"VR Joseph","year":"2022","unstructured":"Joseph, V.R.: Optimal ratio for data splitting. Statist. Anal. Data Mining ASA Data Sci. J. 15(4), 531\u2013538 (2022). https:\/\/doi.org\/10.1002\/sam.11583","journal-title":"Statist. Anal. Data Mining ASA Data Sci. J."},{"issue":"8","key":"8_CR16","first-page":"707","volume":"10","author":"VI Levenshtein","year":"1966","unstructured":"Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions and reversals. Soviet Phys. Doklady 10(8), 707\u2013710 (1966)","journal-title":"Soviet Phys. Doklady"},{"key":"8_CR17","unstructured":"Mayhew, B., et al.: State of the software supply chain 2021: the 7th annual report on global open source software development (2021). https:\/\/www.sonatype.com\/hubfs\/Q3%202021-State%20of%20the%20Software%20Supply%20Chain-Report\/SSSC-Report-2021_0913_PM_2.pdf?hsLang=en-us"},{"key":"8_CR18","unstructured":"Mcbride, L.: Software supply chains: An introductory guide (2021). https:\/\/blog.sonatype.com\/software-supply-chain-a-definition-and-introductory-guide"},{"key":"8_CR19","unstructured":"Meyers, J.S., Tozer, B.: Bewear! python typosquatting is about more than typos - in-q-tel (2020). https:\/\/www.iqt.org\/library\/bewear-python-typosquatting-is-about-more-than-typos"},{"key":"8_CR20","unstructured":"MITRE Corporation: Common vulnerabilities and exposures (cve) (2024). https:\/\/cve.mitre.org, Accessed: 17 Jan 2024"},{"issue":"3","key":"8_CR21","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1016\/0022-2836(70)90057-4","volume":"48","author":"SB Needleman","year":"1970","unstructured":"Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48(3), 443\u2013453 (1970). https:\/\/doi.org\/10.1016\/0022-2836(70)90057-4","journal-title":"J. Mol. Biol."},{"key":"8_CR22","unstructured":"npm: Threats and mitigations. https:\/\/docs.npmjs.com\/threats-and-mitigations (2023), Accessed 12 April 2024"},{"key":"8_CR23","unstructured":"Offensive Security: Exploit database (2024). https:\/\/www.exploit-db.com, Accessed 26 Feb 2024"},{"key":"8_CR24","doi-asserted-by":"publisher","unstructured":"Ohm, M., Boes, F., Bungartz, C., Meier, M.: On the feasibility of supervised machine learning for the detection of malicious software packages (2022). https:\/\/doi.org\/10.1145\/3538969.3544415, https:\/\/publica.fraunhofer.de\/handle\/publica\/445251","DOI":"10.1145\/3538969.3544415"},{"key":"8_CR25","unstructured":"Ohm, M., Kempf, L., Boes, F., Meier, M.: Supporting the detection of software supply chain attacks through unsupervised signature generation (2021). https:\/\/arxiv.org\/pdf\/2011.02235"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Ohm, M., Plate, H., Sykosch, A., Meier, M.: Backstabber\u2019s knife collection: A review of open source software supply chain attacks (2020). http:\/\/arxiv.org\/pdf\/2005.09535v1","DOI":"10.1007\/978-3-030-52683-2_2"},{"key":"8_CR27","doi-asserted-by":"publisher","unstructured":"Ohm, M., Stuke, C.: Sok: practical detection of software supply chain attacks. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023. Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3600160.3600162","DOI":"10.1145\/3600160.3600162"},{"key":"8_CR28","doi-asserted-by":"publisher","unstructured":"Ohm, M., Sykosch, A., Meier, M.: Towards detection of software supply chain attacks by forensic artifacts. In: Volkamer, M., Wressnegger, C. (eds.) Proceedings of the 15th International Conference on Availability, Reliability and Security, pp.\u00a01\u20136. ACM, New York (2020). https:\/\/doi.org\/10.1145\/3407023.3409183","DOI":"10.1145\/3407023.3409183"},{"key":"8_CR29","doi-asserted-by":"publisher","unstructured":"Ohm, M., Sykosch, A., Meier, M.: Towards detection of software supply chain attacks by forensic artifacts. In: Proceedings of the 15th International Conference on Availability, Reliability and Security. ARES 2020, Association for Computing Machinery, New York (2020). https:\/\/doi.org\/10.1145\/3407023.3409183","DOI":"10.1145\/3407023.3409183"},{"key":"8_CR30","unstructured":"Philips, L.: Hanging on the metaphone (1990)"},{"key":"8_CR31","unstructured":"Phylum: Phylum blog (2024). https:\/\/blog.phylum.io, Accessed 26 Jan 2024"},{"key":"8_CR32","unstructured":"Russel, R.C.: Patent us1435663a (1922). https:\/\/worldwide.espacenet.com\/patent\/search\/family\/024063815\/publication\/us1435663a?q=pn%3dus1435663"},{"key":"8_CR33","doi-asserted-by":"publisher","unstructured":"Sejfia, A., Sch\u00e4fer, M.: Practical automated detection of malicious npm packages (2022). https:\/\/doi.org\/10.1145\/3510003.3510104, https:\/\/arxiv.org\/pdf\/2202.13953","DOI":"10.1145\/3510003.3510104"},{"key":"8_CR34","doi-asserted-by":"publisher","unstructured":"Smith, T., Waterman, M.: Identification of common molecular subsequences. J. Mol. Biol. 147(1), 195\u2013197 (1981). https:\/\/doi.org\/10.1016\/0022-2836(81)90087-5, https:\/\/www.sciencedirect.com\/science\/article\/pii\/0022283681900875","DOI":"10.1016\/0022-2836(81)90087-5"},{"key":"8_CR35","unstructured":"Snyk: Snyk security (2024). https:\/\/security.snyk.io\/, Accessed 01 Mar 2024"},{"key":"8_CR36","unstructured":"Sonatype: Sonatype (2024). https:\/\/www.sonatype.com\/, Accessed 26 Feb 2024"},{"key":"8_CR37","doi-asserted-by":"crossref","unstructured":"Taylor, M., Vaidya, R.K., Davidson, D., de\u00a0Carli, L., Rastogi, V.: Spellbound: defending against package typosquatting (2020). http:\/\/arxiv.org\/pdf\/2003.03471v1","DOI":"10.1007\/978-3-030-65745-1_7"},{"key":"8_CR38","unstructured":"Team, P.R.: Q1 2023 evolution of software supply chain security (Jul 2023). https:\/\/blog.phylum.io\/q1-2023-evolution-of-software-supply-chain-security\/"},{"key":"8_CR39","unstructured":"Tschacher, N.P.: Typosquatting in Programming Language Package Managers. Bachelor thesis, University of Hamburg, Hamburg (2016). https:\/\/incolumitas.com\/data\/thesis.pdf"},{"key":"8_CR40","doi-asserted-by":"publisher","unstructured":"Vu, D.L., Pashchenko, I., Massacci, F., Plate, H., Sabetta, A.: Typosquatting and combosquatting attacks on the python ecosystem. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 509\u2013514. IEEE (2020). https:\/\/doi.org\/10.1109\/EuroSPW51379.2020.00074","DOI":"10.1109\/EuroSPW51379.2020.00074"},{"key":"8_CR41","unstructured":"Vu, L.D., Newman, Z., Meyers, J.S.: Hunting malware on package repositories: interviews with pypi maintainers and a comparison of alternative approaches to pypi malware detection (2022)"},{"key":"8_CR42","unstructured":"Whittaker, Z.: Two years after wannacry, a million computers remain at risk. TechCrunch (2019-05-12). https:\/\/techcrunch.com\/2019\/05\/12\/wannacry-two-years-on\/"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-3531-3_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:11:45Z","timestamp":1741867905000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-3531-3_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819635306","9789819635313"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-3531-3_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Abu Dhabi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss-socialsec2024\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}