{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,18]],"date-time":"2026-02-18T07:24:23Z","timestamp":1771399463501,"version":"3.50.1"},"reference-count":45,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1109\/aiware69974.2025.00008","type":"proceedings-article","created":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T20:53:03Z","timestamp":1768855983000},"page":"01-10","source":"Crossref","is-referenced-by-count":0,"title":["CHASE: LLM Agents for Dissecting Malicious PyPI Packages"],"prefix":"10.1109","author":[{"given":"Takaaki","family":"Toda","sequence":"first","affiliation":[{"name":"Waseda University,Department of Computer Science and Engineering,Tokyo,Japan"}]},{"given":"Tatsuya","family":"Mori","sequence":"additional","affiliation":[{"name":"Waseda University,Department of Computer Science and Engineering,Tokyo,Japan"}]}],"member":"263","reference":[{"key":"ref1","first-page":"995","article-title":"Small world with high risks: A study of security threats in the npm ecosystem","volume-title":"28th USENIX Security Symposium","author":"Zimmermann","year":"2019"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.55"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_2"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65745-1_7"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00052"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510104"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23055"},{"key":"ref8","first-page":"829","article-title":"Large language models for code analysis: Do LLMs really do their job?","volume-title":"USENIX Security Symposium 2024","author":"Fang","year":"2024"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3663529.3663784"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3713081.3731745"},{"key":"ref11","article-title":"Python Software Foundation (PyPI)","volume-title":"Pypi statistics","year":"2025"},{"key":"ref12","article-title":"InfoStealers.com \/ Checkmarx Security Research Team","volume-title":"Pypi halts new projects, users for 10 hours due to infostealer influx","year":"2024"},{"key":"ref13","article-title":"The Hacker News","volume-title":"Malicious pypi package \u2019fabrice\u2019 found stealing aws keys from thousands of developers","author":"Lakshmanan","year":"2024"},{"key":"ref14","article-title":"Seth Larson (Security Developer-in-Residence, Python Software Foundation)","volume-title":"Supply-chain attack analysis: Ultralytics","year":"2024"},{"key":"ref15","article-title":"Socket Threat Research Team (Socket.dev)","volume-title":"Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys","year":"2025"},{"key":"ref16","article-title":"Python Packaging Authority","volume-title":"Pep 541: Package index name retention","year":"2017"},{"key":"ref17","article-title":"Mike Fiedler (PyPI Admin","volume-title":"Safety & Security Engineer, PSF). (2024, Mar.) Malware reporting evolved. [Online]"},{"key":"ref18","volume-title":"\u2014. (2024, Dec.) Project quarantine"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695493"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3705304"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695262"},{"key":"ref22","article-title":"Donapi: malicious npm packages detector using behavior sequence knowledge mapping","volume-title":"Proceedings of the 33rd USENIX Security Symposium","author":"Huang","year":"2024"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE55347.2025.00146"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695492"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2025.3580336"},{"key":"ref26","article-title":"Malguard: towards real-time, accurate, and actionable detection of malicious packages in pypi ecosystem","volume-title":"Proceedings of the 34th USENIX Conference on Security Symposium","author":"Gao","year":"2025"},{"key":"ref27","article-title":"OpenAI","volume-title":"Introducing Deep Research","year":"2025"},{"key":"ref28","volume-title":"\u2014. (2025, oct) Codex"},{"key":"ref29","first-page":"90","article-title":"Functional cognitive models of malware identification","volume-title":"Proceedings of ICCM 2015","author":"Lebiere","year":"2015"},{"key":"ref30","first-page":"18","article-title":"Malware identification using cognitively-inspired inference","author":"Thomson","year":"2015","journal-title":"BRiMS 2015"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.acl-long.147"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00638"},{"key":"ref33","volume-title":"Gemini 2.5: Pushing the frontier with advanced reasoning, multimodality, long context, and next generation agentic capabilities","author":"DeepMind","year":"2025"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.23919\/DATE64628.2025.10992798"},{"key":"ref35","article-title":"Context rot: How increasing input tokens impacts 11 m performance","volume-title":"Chroma, Tech. Rep.","author":"Hong","year":"2025"},{"key":"ref36","article-title":"React: Synergizing reasoning and acting in language models","author":"Yao","year":"2023","journal-title":"ICLR 2023"},{"key":"ref37","article-title":"Why do multiagent systems fail?","volume-title":"ICLR 2025 Workshop on Building Trust in Language Models and Applications","author":"Pan","year":"2025"},{"key":"ref38","article-title":"Anthropic Engineering","volume-title":"How we built our multi-agent research system","year":"2025"},{"key":"ref39","article-title":"SGLang Team","volume-title":"SGLang: Efficient Execution of Structured Language Model Programs","year":"2025"},{"key":"ref40","volume-title":"Malware analysis","author":"Ferrie","year":"2011"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00135"},{"key":"ref42","article-title":"DataDog","volume-title":"GuardDog","year":"2025"},{"key":"ref43","article-title":"Coder Technologies","volume-title":"Coder: Secure environments for developers and their agents","year":"2025"},{"key":"ref44","article-title":"Python Packaging Authority (PyPA)","volume-title":"Single-sourcing the package version","year":"2025"},{"key":"ref45","article-title":"A large-scale fine-grained analysis of packages in open-source software ecosystems","author":"Zhou","year":"2024","journal-title":"arXiv preprint"}],"event":{"name":"2025 2nd IEEE\/ACM International Conference on AI-powered Software (AIware)","location":"Seoul, Korea, Republic of","start":{"date-parts":[[2025,11,19]]},"end":{"date-parts":[[2025,11,20]]}},"container-title":["2025 2nd IEEE\/ACM International Conference on AI-powered Software (AIware)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11334058\/11334196\/11334439.pdf?arnumber=11334439","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,18]],"date-time":"2026-02-18T06:50:04Z","timestamp":1771397404000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11334439\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/aiware69974.2025.00008","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]}}}