🤖 AI Summary
Existing approaches struggle to effectively model the multi-level, heterogeneous program entities and their interactions within Python packages, resulting in limited accuracy and interpretability in malicious behavior detection. This work proposes a novel framework that integrates large language models (LLMs) with hierarchical heterogeneous graph representation learning. The framework constructs an explicit hierarchical graph encoding diverse code entities and structural dependencies, while leveraging LLMs to infer semantic roles of functions, thereby introducing semantic heterogeneity. A type-aware graph neural network is further designed for message passing, enabling both package-level classification and function-level localization of suspicious behaviors. Requiring no manual intervention, the method significantly outperforms existing baselines—including conventional machine learning, graph neural networks, and LLM-based approaches—on real-world datasets, achieving high accuracy, robustness, and fine-grained interpretability.
📝 Abstract
Malicious Python packages have become a major threat to software supply chain ecosystems due to the widespread adoption of open-source repositories such as PyPI. Existing learning-based detection methods struggle to capture the hierarchical organization and heterogeneous interactions among different program entities. Although Large Language Models (LLMs) have demonstrated strong capabilities in code understanding and semantic reasoning, they are rarely integrated with structural program representations for fine-grained malicious behavior analysis. In this paper, we propose an LLM-enhanced hierarchical heterogeneous graph representation learning framework for malicious Python package detection. The framework constructs a hierarchical heterogeneous code graph that explicitly models heterogeneous code entities and different types of structural dependencies. LLMs are further leveraged to infer function-level semantic roles, introducing an additional layer of semantic heterogeneity. Based on this graph, we develop a hierarchical heterogeneous graph neural network that performs type-aware message passing over different node and edge categories, effectively modeling malicious behavior propagation for accurate package-level classification. The framework also incorporates a function-level attribution mechanism which, combined with LLM reasoning, automatically identifies suspicious functions and localizes fine-grained malicious behaviors without human expert intervention. Extensive experiments on real-world datasets show that our framework consistently outperforms traditional machine learning methods, graph-based detectors, and state-of-the-art LLMs across packages with varying sizes and dependency complexities, while providing accurate, robust, and interpretable malicious behavior localization.