{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T02:55:48Z","timestamp":1768532148526,"version":"3.49.0"},"reference-count":56,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Journal of Information Security and Applications"],"published-print":{"date-parts":[[2025,5]]},"DOI":"10.1016\/j.jisa.2025.104032","type":"journal-article","created":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T23:07:06Z","timestamp":1742425626000},"page":"104032","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":1,"special_numbering":"C","title":["PypiGuard: A novel meta-learning approach for enhanced malicious package detection in PyPI through static-dynamic feature fusion"],"prefix":"10.1016","volume":"90","author":[{"given":"Tahir","family":"Iqbal","sequence":"first","affiliation":[]},{"given":"Guowei","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Zahid","family":"Iqbal","sequence":"additional","affiliation":[]},{"given":"Muhammad Bilal","family":"Mahmood","sequence":"additional","affiliation":[]},{"given":"Amreen","family":"Shafique","sequence":"additional","affiliation":[]},{"given":"Wenbo","family":"Guo","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.jisa.2025.104032_b1","doi-asserted-by":"crossref","DOI":"10.1145\/3714464","article-title":"Research directions in software supply chain security","author":"Williams","year":"2025","journal-title":"ACM Trans Softw Eng Methodol","ISSN":"https:\/\/id.crossref.org\/issn\/1049-331X","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b2","unstructured":"PYPI \u22c5 The Python Package Index, [Online]. Available: https:\/\/pypi.org\/."},{"key":"10.1016\/j.jisa.2025.104032_b3","series-title":"2023 IEEE symposium on security and privacy","first-page":"1509","article-title":"Sok: Taxonomy of attacks on open-source software supply chains","author":"Ladisa","year":"2023"},{"key":"10.1016\/j.jisa.2025.104032_b4","series-title":"Towards measuring supply chain attacks on package managers for interpreted languages","author":"Duan","year":"2020"},{"issue":"2","key":"10.1016\/j.jisa.2025.104032_b5","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1109\/MSEC.2022.3142338","article-title":"Top five challenges in software supply chain security: Observations from 30 industry and government organizations","volume":"20","author":"Enck","year":"2022","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.jisa.2025.104032_b6","series-title":"Kaspersky uncovers year-long PyPI supply chain attack using AI chatbot","year":"2024"},{"key":"10.1016\/j.jisa.2025.104032_b7","series-title":"45K+ users victimized by malicious PyPI packages","author":"Cyble Inc.","year":"2023"},{"key":"10.1016\/j.jisa.2025.104032_b8","series-title":"Detection of intrusions and malware, and vulnerability assessment","isbn-type":"print","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1007\/978-3-030-52683-2_2","article-title":"Backstabber\u2019s knife collection: A review of open source software supply chain attacks","author":"Ohm","year":"2020","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030526832"},{"key":"10.1016\/j.jisa.2025.104032_b9","article-title":"Killing two birds with one stone: Malicious package detection in NPM and PyPI using a single model of malicious behavior sequence","author":"Zhang","year":"2024","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"10.1016\/j.jisa.2025.104032_b10","doi-asserted-by":"crossref","DOI":"10.1145\/3660822","article-title":"Pyradar: Towards automatically retrieving and validating source code repository information for PyPI packages","author":"Gao","year":"2024","journal-title":"Proc ACM Softw Eng"},{"key":"10.1016\/j.jisa.2025.104032_b11","series-title":"Proceedings of the 2020 ACM SIGSAC conference on computer and communications security","first-page":"2093","article-title":"Towards using source code repositories to identify software supply chain attacks","author":"Vu","year":"2020"},{"issue":"20","key":"10.1016\/j.jisa.2025.104032_b12","doi-asserted-by":"crossref","first-page":"14049","DOI":"10.1007\/s00521-021-06047-x","article-title":"A novel deep learning-based feature selection model for improving the static analysis of vulnerability detection","volume":"33","author":"Batur \u015eahin","year":"2021","journal-title":"Neural Comput Appl","ISSN":"https:\/\/id.crossref.org\/issn\/1433-3058","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b13","series-title":"Finding malicious PyPI packages through static code analysis: Meet GuardDog | Datadog Security Labs","author":"Wang","year":"2022"},{"key":"10.1016\/j.jisa.2025.104032_b14","series-title":"2023 IEEE\/ACM 45th international conference on software engineering","first-page":"499","article-title":"Bad snakes: Understanding and improving python package index malware scanning","author":"Vu","year":"2023"},{"key":"10.1016\/j.jisa.2025.104032_b15","series-title":"SoK: Practical detection of software supply chain attacks","isbn-type":"print","author":"Ohm","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400707728"},{"key":"10.1016\/j.jisa.2025.104032_b16","series-title":"2021 IEEE 20th international conference on trust, security and privacy in computing and communications","first-page":"606","article-title":"Malicious packages lurking in user-friendly python package index","author":"Liang","year":"2021"},{"key":"10.1016\/j.jisa.2025.104032_b17","series-title":"2020 IEEE European symposium on security and privacy workshops","first-page":"509","article-title":"Typosquatting and combosquatting attacks on the python ecosystem","author":"Vu","year":"2020"},{"key":"10.1016\/j.jisa.2025.104032_b18","series-title":"Deployable machine learning for security defense","isbn-type":"print","doi-asserted-by":"crossref","first-page":"132","DOI":"10.1007\/978-3-030-87839-9_6","article-title":"A survey on common threats in npm and PyPi registries","author":"Kaplan","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030878399"},{"key":"10.1016\/j.jisa.2025.104032_b19","series-title":"Proceedings of the 32nd USENIX conference on security symposium","isbn-type":"print","article-title":"Beyond typosquatting: an in-depth look at package confusion","author":"Neupane","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133373"},{"key":"10.1016\/j.jisa.2025.104032_b20","series-title":"Malicious package detection using metadata information","isbn-type":"print","doi-asserted-by":"crossref","first-page":"1779","DOI":"10.1145\/3589334.3645543","author":"Halder","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400701719"},{"key":"10.1016\/j.jisa.2025.104032_b21","doi-asserted-by":"crossref","first-page":"203","DOI":"10.37256\/ccds.5220244503","article-title":"DeepMetaDroid: Real-time android malware detection using deep learning and metadata features","author":"Manzil","year":"2024","journal-title":"Cloud Comput Data Sci","ISSN":"https:\/\/id.crossref.org\/issn\/2737-4106","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b22","series-title":"Proceedings of the 33rd ACM SIGSOFT international symposium on software testing and analysis","isbn-type":"print","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1145\/3650212.3680313","article-title":"An empirical study of static analysis tools for secure code review","author":"Charoenwet","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400706127"},{"key":"10.1016\/j.jisa.2025.104032_b23","series-title":"2020 IEEE fifth international conference on data science in cyberspace","first-page":"394","article-title":"Malicious code detection technology based on metadata machine learning","author":"Wang","year":"2020"},{"key":"10.1016\/j.jisa.2025.104032_b24","series-title":"Proceedings of the 39th annual computer security applications conference","isbn-type":"print","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1145\/3627106.3627138","article-title":"On the feasibility of cross-language detection of malicious packages in npm and PyPI","author":"Ladisa","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400708862"},{"key":"10.1016\/j.jisa.2025.104032_b25","series-title":"Proceedings of the 39th IEEE\/ACM international conference on automated software engineering","isbn-type":"print","doi-asserted-by":"crossref","first-page":"1990","DOI":"10.1145\/3691620.3695262","article-title":"Towards robust detection of open source software supply chain poisoning attacks in industry environments","author":"Zheng","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400712487"},{"key":"10.1016\/j.jisa.2025.104032_b26","series-title":"DONAPI: Malicious NPM packages detector using behavior sequence knowledge mapping","author":"Huang","year":"2024"},{"key":"10.1016\/j.jisa.2025.104032_b27","series-title":"Proceedings of the 33rd USENIX conference on security symposium","isbn-type":"print","article-title":"DONAPI: malicious NPM packages detector using behavior sequence knowledge mapping","author":"Huang","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133441"},{"issue":"5","key":"10.1016\/j.jisa.2025.104032_b28","doi-asserted-by":"crossref","DOI":"10.3390\/electronics13050963","article-title":"A dynamic analysis data preprocessing technique for malicious code detection with TF-IDF and sliding windows","volume":"13","author":"Kim","year":"2024","journal-title":"Electronics","ISSN":"https:\/\/id.crossref.org\/issn\/2079-9292","issn-type":"print"},{"issue":"17","key":"10.1016\/j.jisa.2025.104032_b29","doi-asserted-by":"crossref","DOI":"10.3390\/electronics13173553","article-title":"Going beyond API calls in dynamic malware analysis: A novel dataset","volume":"13","author":"Ili\u0107","year":"2024","journal-title":"Electronics","ISSN":"https:\/\/id.crossref.org\/issn\/2079-9292","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b30","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103518","article-title":"CTIMD: Cyber threat intelligence enhanced malware detection using API call sequences with parameters","volume":"136","author":"Chen","year":"2024","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b31","series-title":"Machine learning techniques for cybersecurity","isbn-type":"print","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1007\/978-3-031-28259-1_4","article-title":"Software security analysis","author":"Bertino","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9783031282591"},{"key":"10.1016\/j.jisa.2025.104032_b32","doi-asserted-by":"crossref","first-page":"140609","DOI":"10.1109\/ACCESS.2023.3341911","article-title":"Malicious data classification in packet data network through hybrid meta deep learning","volume":"11","author":"Tapu","year":"2023","journal-title":"IEEE Access"},{"key":"10.1016\/j.jisa.2025.104032_b33","series-title":"Proceedings of the 17th international conference on availability, reliability and security","isbn-type":"print","doi-asserted-by":"crossref","DOI":"10.1145\/3538969.3544415","article-title":"On the feasibility of supervised machine learning for the detection of malicious software packages","author":"Ohm","year":"2022","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450396707"},{"key":"10.1016\/j.jisa.2025.104032_b34","series-title":"Practical automated detection of malicious npm packages","isbn-type":"print","doi-asserted-by":"crossref","first-page":"1681","DOI":"10.1145\/3510003.3510104","author":"Sejfia","year":"2022","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450392211"},{"key":"10.1016\/j.jisa.2025.104032_b35","series-title":"Proceedings of the 39th IEEE\/ACM international conference on automated software engineering","isbn-type":"print","doi-asserted-by":"crossref","first-page":"1159","DOI":"10.1145\/3691620.3695493","article-title":"1+1>2: Integrating deep code behaviors with metadata features for malicious PyPI package detection","author":"Sun","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400712487"},{"key":"10.1016\/j.jisa.2025.104032_b36","doi-asserted-by":"crossref","DOI":"10.1016\/j.iswa.2023.200283","article-title":"MalHyStack: A hybrid stacked ensemble learning framework with feature engineering schemes for obfuscated malware analysis","volume":"20","author":"Roy","year":"2023","journal-title":"Intell Syst Appl","ISSN":"https:\/\/id.crossref.org\/issn\/2667-3053","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b37","series-title":"Proceedings of the 2023 workshop on software supply chain offensive research and ecosystem defenses","isbn-type":"print","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1145\/3605770.3625212","article-title":"The hitchhiker\u2019s guide to malicious third-party dependencies","author":"Ladisa","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400702631"},{"key":"10.1016\/j.jisa.2025.104032_b38","series-title":"Shifting the lens: Detecting malicious npm packages using large language models","author":"Zahan","year":"2024"},{"key":"10.1016\/j.jisa.2025.104032_b39","series-title":"2024 international conference on knowledge engineering and communication systems, vol. 1","first-page":"1","article-title":"ML-based cross-platform malware detection","author":"Bhavya","year":"2024"},{"key":"10.1016\/j.jisa.2025.104032_b40","series-title":"Proceedings of the 21st international conference on mining software repositories","isbn-type":"print","doi-asserted-by":"crossref","first-page":"728","DOI":"10.1145\/3643991.3644883","article-title":"MalwareBench: Malware samples are not enough","author":"Zahan","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400705878"},{"key":"10.1016\/j.jisa.2025.104032_b41","isbn-type":"print","first-page":"258","article-title":"Anomalicious: automated detection of anomalous and potentially malicious commits on GitHub","author":"Gonzalez","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9780738146690"},{"key":"10.1016\/j.jisa.2025.104032_b42","series-title":"OSS malicious package analysis in the wild","author":"Zhou","year":"2024"},{"key":"10.1016\/j.jisa.2025.104032_b43","series-title":"2023 international conference on inventive computation technologies","first-page":"257","article-title":"Data preparation and pre-processing of intrusion detection datasets using machine learning","author":"Ketepalli","year":"2023"},{"key":"10.1016\/j.jisa.2025.104032_b44","series-title":"2023 38th IEEE\/ACM international conference on automated software engineering","first-page":"166","article-title":"An empirical study of malicious code in PyPI ecosystem","author":"Guo","year":"2023"},{"key":"10.1016\/j.jisa.2025.104032_b45","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104177","article-title":"Multi-perspective API call sequence behavior analysis and fusion for malware classification","volume":"148","author":"Wu","year":"2025","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"issue":"1","key":"10.1016\/j.jisa.2025.104032_b46","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1007\/s10791-025-09497-2","article-title":"Bowerbird courtship-inspired feature selection for efficient high-dimensional data analysis using a novel meta-heuristic","volume":"28","author":"Mallidi","year":"2025","journal-title":"Discov Comput","ISSN":"https:\/\/id.crossref.org\/issn\/2948-2992","issn-type":"print"},{"issue":"9","key":"10.1016\/j.jisa.2025.104032_b47","doi-asserted-by":"crossref","first-page":"1449","DOI":"10.1109\/JPROC.2015.2460697","article-title":"Multimodal data fusion: An overview of methods, challenges, and prospects","volume":"103","author":"Lahat","year":"2015","journal-title":"Proc IEEE"},{"key":"10.1016\/j.jisa.2025.104032_b48","series-title":"2023 IEEE international conference on software analysis, evolution and reengineering","first-page":"522","article-title":"How dynamic features affect API usages? An empirical study of API misuses in Python programs","author":"He","year":"2023"},{"issue":"2","key":"10.1016\/j.jisa.2025.104032_b49","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1016\/S0893-6080(05)80023-1","article-title":"Stacked generalization","volume":"5","author":"Wolpert","year":"1992","journal-title":"Neural Netw","ISSN":"https:\/\/id.crossref.org\/issn\/0893-6080","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b50","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1016\/j.future.2021.03.024","article-title":"Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection","volume":"122","author":"Zhang","year":"2021","journal-title":"Future Gener Comput Syst","ISSN":"https:\/\/id.crossref.org\/issn\/0167-739X","issn-type":"print"},{"key":"10.1016\/j.jisa.2025.104032_b51","series-title":"Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining","isbn-type":"print","doi-asserted-by":"crossref","first-page":"785","DOI":"10.1145\/2939672.2939785","article-title":"XGBoost: A scalable tree boosting system","author":"Chen","year":"2016","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450342322"},{"key":"10.1016\/j.jisa.2025.104032_b52","series-title":"2023 7th international conference on electronics, communication and aerospace technology","first-page":"1469","article-title":"MalNet: Detection of malwares using ensemble learning techniques","author":"Nivaashini","year":"2023"},{"key":"10.1016\/j.jisa.2025.104032_b53","series-title":"Ensemble methods: Foundations and algorithms","isbn-type":"print","author":"Zhou","year":"2012","ISBN":"https:\/\/id.crossref.org\/isbn\/1439830037"},{"key":"10.1016\/j.jisa.2025.104032_b54","series-title":"Proceedings of the institute for system programming of the RAS, vol. 36, no. 3","first-page":"161","article-title":"Detecting malicious activity in open-source projects using machine learning methods","author":"Rakovsky","year":"2024"},{"key":"10.1016\/j.jisa.2025.104032_b55","series-title":"Proceedings of the 12th ACM\/IEEE international symposium on empirical software engineering and measurement","isbn-type":"print","doi-asserted-by":"crossref","DOI":"10.1145\/3239235.3268920","article-title":"Vulnerable open source dependencies: counting those that matter","author":"Pashchenko","year":"2018","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450358231"},{"issue":"2","key":"10.1016\/j.jisa.2025.104032_b56","doi-asserted-by":"crossref","DOI":"10.1111\/exsy.13793","article-title":"Intrusion detection using CTGAN and lightweight neural network for Internet of Things","volume":"42","author":"Das","year":"2025","journal-title":"Expert Syst"}],"container-title":["Journal of Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2214212625000705?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2214212625000705?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,9]],"date-time":"2025-06-09T14:07:15Z","timestamp":1749478035000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2214212625000705"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5]]},"references-count":56,"alternative-id":["S2214212625000705"],"URL":"https:\/\/doi.org\/10.1016\/j.jisa.2025.104032","relation":{},"ISSN":["2214-2126"],"issn-type":[{"value":"2214-2126","type":"print"}],"subject":[],"published":{"date-parts":[[2025,5]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"PypiGuard: A novel meta-learning approach for enhanced malicious package detection in PyPI through static-dynamic feature fusion","name":"articletitle","label":"Article Title"},{"value":"Journal of Information Security and Applications","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.jisa.2025.104032","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2025 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"104032"}}