zorro
Zorro is a machine learning framework for detecting malicious packages in software registries by identifying intent misalignment between local code behavior and global package purpose. It provides two complementary models: ICN (Intent Convergence Networks) for advanced iterative detection of hidden payloads and trojans, and AMIL (Attention-based Multiple Instance Learning) for lightweight scanning in CI/CD pipelines. The framework includes comprehensive benchmarking tools and supports multiple programming languages including Python, JavaScript, and Rust packages.
Zorro is a machine learning framework for detecting malicious packages in software registries using two models: ICN for advanced intent misalignment detection and AMIL for lightweight CI/CD scanning. The project addresses supply chain security by analyzing the divergence between local code behavior and global package purpose across multiple programming languages.
- ✓Innovative dual-model approach combining ICN's iterative convergence detection with AMIL's attention-based lightweight scanning
- ✓Novel conceptual framework treating malice as emergent property of intent misalignment rather than line-by-line analysis
- ✓Comprehensive multi-language support covering Python, JavaScript, and Rust package ecosystems with practical CI/CD integration focus
- →Implement the actual models and provide working code examples since the repository appears to contain only documentation and planning materials
- →Add concrete benchmarking results, evaluation metrics, and comparison with existing malicious package detection tools to validate the theoretical approach