{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T14:19:59Z","timestamp":1777299599948,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3774904.3792083","type":"proceedings-article","created":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T21:54:34Z","timestamp":1775771674000},"page":"3554-3565","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Bridging Expert Reasoning and LLM Detection: A Knowledge-Driven Framework for Malicious Packages"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6655-8179","authenticated-orcid":false,"given":"Wenbo","family":"Guo","sequence":"first","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-7885-1135","authenticated-orcid":false,"given":"Shiwen","family":"Song","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6004-1277","authenticated-orcid":false,"given":"Jiaxun","family":"Guo","sequence":"additional","affiliation":[{"name":"Sichuan University, China, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8390-7518","authenticated-orcid":false,"given":"Zhengzi","family":"Xu","sequence":"additional","affiliation":[{"name":"Imperial Global Singapore, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1175-2753","authenticated-orcid":false,"given":"Chengwei","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-6501-2655","authenticated-orcid":false,"given":"Haoran","family":"Ou","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6912-6152","authenticated-orcid":false,"given":"Mengmeng","family":"Ge","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7300-9215","authenticated-orcid":false,"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2026,4,12]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Random forests. Machine learning 45","author":"Breiman Leo","year":"2001","unstructured":"Leo Breiman. 2001. Random forests. Machine learning 45 (2001), 5--32."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"e_1_3_2_1_3_1","volume-title":"Aarhus University","author":"Computer Science Department","year":"2025","unstructured":"Computer Science Department, Aarhus University. 2025. Jelly: A Static Analysis Framework for JavaScript. https:\/\/github.com\/cs-au-dk\/jelly. Accessed: 2025-09--10."},{"key":"e_1_3_2_1_4_1","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA). 2025. Widespread Supply Chain Compromise Impacting npm Ecosystem. https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/09\/23\/widespread-supply-chain-compromise-impacting-npm-ecosystem. Accessed: 2025--10-07."},{"key":"e_1_3_2_1_5_1","unstructured":"Datadog Security Labs. 2025. GuardDog: A CLI tool to identify malicious PyPI and NPM packages. https:\/\/github.com\/DataDog\/guarddog. Accessed: 2025-09--10."},{"key":"e_1_3_2_1_6_1","volume-title":"Ryan Elder, Brendan Saltaformaggio, and Wenke Lee.","author":"Duan Ruian","year":"2021","unstructured":"Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In 28th Annual Network and Distributed System Security Symposium, NDSS. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/ndss2021_1B-1_23055_paper.pdf"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00121"},{"key":"e_1_3_2_1_8_1","unstructured":"Fortinet Threat Research. 2025. Malicious Packages Across Open Source Registries. https:\/\/www.fortinet.com\/blog\/threat-research\/malicious-packages-across-open-source-registries. Accessed: 2025--10-07."},{"key":"e_1_3_2_1_9_1","volume-title":"MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem. arXiv preprint arXiv:2506.14466","author":"Gao Xingan","year":"2025","unstructured":"Xingan Gao, Xiaobing Sun, Sicong Cao, Kaifeng Huang, Di Wu, Xiaolei Liu, Xingwei Lin, and Yang Xiang. 2025. MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem. arXiv preprint arXiv:2506.14466 (2025)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev61143.2024.00017"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179332"},{"key":"e_1_3_2_1_12_1","volume-title":"PackageIntel: Leveraging Large Language Models for Automated Intelligence Extraction in Package Ecosystems. arXiv preprint arXiv:2409.15049","author":"Guo Wenbo","year":"2024","unstructured":"Wenbo Guo, Chengwei Liu, Limin Wang, Jiahui Wu, Zhengzi Xu, Cheng Huang, Yong Fang, and Yang Liu. 2024. PackageIntel: Leveraging Large Language Models for Automated Intelligence Extraction in Package Ecosystems. arXiv preprint arXiv:2409.15049 (2024)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00135"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645543"},{"key":"e_1_3_2_1_15_1","volume-title":"Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk. https:\/\/www.paloaltonetworks.com\/blog\/cloud-security\/npm-supply-chain-attack\/. Accessed: 2025--10-07.","author":"Henig Asaf","year":"2025","unstructured":"Asaf Henig and Cameron Hyde. 2025. Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk. https:\/\/www.paloaltonetworks.com\/blog\/cloud-security\/npm-supply-chain-attack\/. Accessed: 2025--10-07."},{"key":"e_1_3_2_1_16_1","unstructured":"Hnfull. 2020. Intensio-Obfuscator: Obfuscate a python code. https:\/\/github.com\/Hnfull\/Intensio-Obfuscator. Accessed: 2025-09--10."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103999"},{"key":"e_1_3_2_1_18_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Huang Cheng","year":"2024","unstructured":"Cheng Huang, Nannan Wang, Ziyan Wang, Siqi Sun, Lingzi Li, Junren Chen, Qianchong Zhao, Jiaxuan Han, Zhen Yang, and Lei Shi. 2024. {DONAPI}: Malicious {NPM} Packages Detector using Behavior Sequence Knowledge Mapping. In 33rd USENIX Security Symposium (USENIX Security 24). 3765--3782."},{"key":"e_1_3_2_1_19_1","volume-title":"First Conference on Language Modeling.","author":"Huang Liangyi","year":"2024","unstructured":"Liangyi Huang and Xusheng Xiao. 2024. Ctikg: Llm-powered knowledge graph construction from cyber threat intelligence. In First Conference on Language Modeling."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695492"},{"key":"e_1_3_2_1_21_1","volume-title":"Packj: Vetting open-source software packages for security risks. https:\/\/github.com\/ossillate-inc\/packj. Accessed: 2025-09--10.","author":"Ossillate Inc.","year":"2024","unstructured":"Ossillate Inc. 2024. Packj: Vetting open-source software packages for security risks. https:\/\/github.com\/ossillate-inc\/packj. Accessed: 2025-09--10."},{"key":"e_1_3_2_1_22_1","unstructured":"Kaspersky Lab. 2025. Kaspersky Lab. https:\/\/www.kaspersky.com\/. Accessed: 2025--10--27."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627138"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00073"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00085"},{"key":"e_1_3_2_1_27_1","volume-title":"Learning under concept drift: A review","author":"Lu Jie","year":"2018","unstructured":"Jie Lu, Anjin Liu, Fan Dong, Feng Gu, Joao Gama, and Guangquan Zhang. 2018. Learning under concept drift: A review. IEEE transactions on knowledge and data engineering 31, 12 (2018), 2346--2363."},{"key":"e_1_3_2_1_28_1","unstructured":"Vu Duc Ly. 2023. Bandit4Mal: A Python AST-based tool for detecting malicious PyPI packages. https:\/\/github.com\/lyvd\/bandit4mal. Accessed: 2025-09--10."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.21105\/joss.00205"},{"key":"e_1_3_2_1_30_1","unstructured":"Microsoft. 2025. OSSGadget: Collection of tools for analyzing open source packages. https:\/\/github.com\/microsoft\/OSSGadget. Accessed: 2025-09--10."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_2"},{"key":"e_1_3_2_1_32_1","volume-title":"OSV: A Distributed Vulnerability Database for Open Source. https:\/\/osv.dev\/. Accessed: 2025--10--27.","author":"Vulnerabilities Project Open Source","year":"2025","unstructured":"Open Source Vulnerabilities Project. 2025. OSV: A Distributed Vulnerability Database for Open Source. https:\/\/osv.dev\/. Accessed: 2025--10--27."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3696427"},{"key":"e_1_3_2_1_34_1","unstructured":"ReversingLabs. 2025. ReversingLabs -- Software Supply Chain Security & Threat Intelligence. https:\/\/www.reversinglabs.com\/. Accessed: 2025--10--27."},{"key":"e_1_3_2_1_35_1","unstructured":"Vitalis Salis. 2023. PyCG: Practical Python Call Graph Generation. https:\/\/github.com\/vitsalis\/PyCG. Accessed: 2025--10-07."},{"key":"e_1_3_2_1_36_1","volume-title":"Open-cykg: An open cyber threat intelligence knowledge graph. Knowledge-based systems 233","author":"Sarhan Injy","year":"2021","unstructured":"Injy Sarhan and Marco Spruit. 2021. Open-cykg: An open cyber threat intelligence knowledge graph. Knowledge-based systems 233 (2021), 107524."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3543815"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510104"},{"key":"e_1_3_2_1_39_1","volume-title":"Ali El Husseini, and Abhik Roychoudhury","author":"Shariffdeen Ridwan","year":"2025","unstructured":"Ridwan Shariffdeen, Behnaz Hassanshahi, Martin Mirchev, Ali El Husseini, and Abhik Roychoudhury. 2025. Detecting Python Malware in the Software Supply Chain with Program Analysis. In 2025 IEEE\/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE, 203--214."},{"key":"e_1_3_2_1_40_1","volume-title":"Time for action: Automated analysis of cyber threat intelligence in the wild. arXiv preprint arXiv:2307.10214","author":"Siracusano Giuseppe","year":"2023","unstructured":"Giuseppe Siracusano, Davide Sanvito, Roberto Gonzalez, Manikantan Srinivasan, Sivakaman Kamatchi, Wataru Takahashi, Masaru Kawakita, Takahiro Kakumaru, and Roberto Bifulco. 2023. Time for action: Automated analysis of cyber threat intelligence in the wild. arXiv preprint arXiv:2307.10214 (2023)."},{"key":"e_1_3_2_1_41_1","volume-title":"Decision tree methods: applications for classification and prediction. Shanghai archives of psychiatry","author":"Song Yan-Yan","year":"2015","unstructured":"Yan-Yan Song and Ying Lu. 2015. Decision tree methods: applications for classification and prediction. Shanghai archives of psychiatry (2015)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695493"},{"key":"e_1_3_2_1_43_1","unstructured":"tesseract-ocr. 2025. Tesseract Open Source OCR Engine (GitHub Repository). https:\/\/github.com\/tesseract-ocr\/tesseract. Accessed: 2025--10--27."},{"key":"e_1_3_2_1_44_1","unstructured":"Trend Micro. 2025. Trend Micro -- Cybersecurity Solutions. https:\/\/www.trendmicro.com\/. Accessed: 2025--10--27."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00052"},{"key":"e_1_3_2_1_46_1","volume-title":"MalPacDetector: An LLM-based Malicious NPM Package Detector","author":"Wang Jian","year":"2025","unstructured":"Jian Wang, Zhen Li, Jixiang Qu, Deqing Zou, Shouhuai Xu, Ziteng Xu, Zhenwei Wang, and Hai Jin. 2025. MalPacDetector: An LLM-based Malicious NPM Package Detector. IEEE Transactions on Information Forensics and Security (2025)."},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium","author":"Wu Yafei","year":"2023","unstructured":"Yafei Wu, Cong Sun, Dongrui Zeng, Gang Tan, Siqi Ma, and Peicheng Wang. 2023. LibScan: towards more precise third-party library identification for android applications. In Proceedings of the 32nd USENIX Conference on Security Symposium (Anaheim, CA, USA) (SEC '23). USENIX Association, USA, Article 190, 18 pages."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3523262"},{"key":"e_1_3_2_1_49_1","volume-title":"Hoon Wei Lim, and Jin Song Dong.","author":"Xu Ming","year":"2024","unstructured":"Ming Xu, Hongtai Wang, Jiahao Liu, Yun Lin, Chenyang Xu Yingshi Liu, Hoon Wei Lim, and Jin Song Dong. 2024. IntelEX: A LLM-driven Attack-level Threat Intelligence Extraction Framework. arXiv preprint arXiv:2412.10872 (2024)."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680397"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE55347.2025.00146"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513044"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3705304"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695262"},{"key":"e_1_3_2_1_55_1","volume-title":"28th USENIX Security symposium (USENIX security 19)","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with high risks: A study of security threats in the npm ecosystem. In 28th USENIX Security symposium (USENIX security 19). 995--1010."}],"event":{"name":"WWW '26: The ACM Web Conference 2026","location":"Dubai United Arab Emirates","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2026"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3774904.3792083","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T13:31:14Z","timestamp":1777296674000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3774904.3792083"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":55,"alternative-id":["10.1145\/3774904.3792083","10.1145\/3774904"],"URL":"https:\/\/doi.org\/10.1145\/3774904.3792083","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-04-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}