Unveiling A Hidden Risk: Exposing Educational but Malicious Repositories in GitHub
arxiv(2024)
摘要
Are malicious repositories hiding under the educational label in GitHub?
Recent studies have identified collections of GitHub repositories hosting
malware source code with notable collaboration among the developers. Thus,
analyzing GitHub repositories deserves inevitable attention due to its
open-source nature providing easy access to malicious software code and
artifacts. Here we leverage the capabilities of ChatGPT in a qualitative study
to annotate an educational GitHub repository based on maliciousness of its
metadata contents. Our contribution is twofold. First, we demonstrate the
employment of ChatGPT to understand and annotate the content published in
software repositories. Second, we provide evidence of hidden risk in
educational repositories contributing to the opportunities of potential threats
and malicious intents. We carry out a systematic study on a collection of 35.2K
GitHub repositories claimed to be created for educational purposes only. First,
our study finds an increasing trend in the number of such repositories
published every year. Second, 9294 of them are labeled by ChatGPT as malicious,
and further categorization of the malicious ones detects 14 different malware
families including DDoS, keylogger, ransomware and so on. Overall, this
exploratory study flags a wake-up call for the community for better
understanding and analysis of software platforms.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要