Cutting the Gordian Knot: Detecting Malicious PyPI Packages via a Knowledge-Mining Framework

TL;DR

PyGuard is a knowledge-driven framework that significantly improves the detection of malicious PyPI packages by using behavioral pattern mining and semantic analysis, reducing false positives and identifying previously unknown threats.

Contribution

The paper introduces PyGuard, a novel semantic and behavioral pattern mining approach that enhances malicious package detection accuracy and cross-ecosystem applicability.

Findings

99.50% detection accuracy with only 2 false positives

Identified 219 previously unknown malicious packages

Maintains high accuracy on obfuscated code

Abstract

The Python Package Index (PyPI) has become a target for malicious actors, yet existing detection tools generate false positive rates of 15-30%, incorrectly flagging one-third of legitimate packages as malicious. This problem arises because current tools rely on simple syntactic rules rather than semantic understanding, failing to distinguish between identical API calls serving legitimate versus malicious purposes. To address this challenge, we propose PyGuard, a knowledge-driven framework that converts detection failures into useful behavioral knowledge by extracting patterns from existing tools' false positives and negatives. Our method utilizes hierarchical pattern mining to identify behavioral sequences that distinguish malicious from benign code, employs Large Language Models to create semantic abstractions beyond syntactic variations, and combines this knowledge into a detection system that integrates exact pattern matching with contextual reasoning. PyGuard achieves 99.50% accuracy with only 2 false positives versus 1,927-2,117 in existing tools, maintains 98.28% accuracy on obfuscated code, and identified 219 previously unknown malicious packages in real-world deployment. The behavioral patterns show cross-ecosystem applicability with 98.07% accuracy on NPM packages, demonstrating that semantic understanding enables knowledge transfer across programming languages.