Bridging Expert Reasoning and LLM Detection: A Knowledge-Driven Framework for Malicious Packages

TL;DR

IntelGuard is a knowledge-driven framework that enhances malicious package detection by integrating expert reasoning with large language models, achieving high accuracy and uncovering new threats in open-source ecosystems.

Contribution

It introduces a retrieval-augmented generation framework that combines expert threat intelligence with LLMs for more effective malicious package detection.

Findings

Achieves 99% detection accuracy on real-world packages

Discovered 54 previously unreported malicious packages on PyPI

Maintains high accuracy even on obfuscated code

Abstract

Open-source ecosystems such as NPM and PyPI are increasingly targeted by supply chain attacks, yet existing detection methods either depend on fragile handcrafted rules or data-driven features that fail to capture evolving attack semantics. We present IntelGuard, a retrieval-augmented generation (RAG) based framework that integrates expert analytical reasoning into automated malicious package detection. IntelGuard constructs a structured knowledge base from over 8,000 threat intelligence reports, linking malicious code snippets with behavioral descriptions and expert reasoning. When analyzing new packages, it retrieves semantically similar malicious examples and applies LLM-guided reasoning to assess whether code behaviors align with intended functionality. Experiments on 4,027 real-world packages show that IntelGuard achieves 99% accuracy and a 0.50% false positive rate, while maintaining 96.5% accuracy on obfuscated code. Deployed on PyPI.org, it discovered 54 previously unreported malicious packages, demonstrating interpretable and robust detection guided by expert knowledge.