The Python Package Index (PyPI) has become a target for malicious actors, yet existing detection tools generate false positive rates of 15-30%, incorrectly flagging one-third of legitimate packages as malicious. This problem arises because current tools rely on simple syntactic rules rather than semantic understanding, failing to distinguish between identical API calls serving legitimate versus malicious purposes. To address this challenge, we propose PyGuard, a knowledge-driven framework that converts detection failures into useful behavioral knowledge by extracting patterns from existing tools' false positives and negatives. Our method utilizes hierarchical pattern mining to identify behavioral sequences that distinguish malicious from benign code, employs Large Language Models to create semantic abstractions beyond syntactic variations, and combines this knowledge into a detection system that integrates exact pattern matching with contextual reasoning. PyGuard achieves 99.50% accuracy with only 2 false positives versus 1,927-2,117 in existing tools, maintains 98.28% accuracy on obfuscated code, and identified 219 previously unknown malicious packages in real-world deployment. The behavioral patterns show cross-ecosystem applicability with 98.07% accuracy on NPM packages, demonstrating that semantic understanding enables knowledge transfer across programming languages.

翻译：Python包索引（PyPI）已成为恶意攻击者的目标，然而现有检测工具会产生15-30%的误报率，错误地将三分之一的合法包标记为恶意。此问题的根源在于当前工具依赖简单的语法规则而非语义理解，无法区分服务于合法目的与恶意目的的相同API调用。为解决这一挑战，我们提出PyGuard——一个知识驱动的框架，通过从现有工具的误报和漏报中提取模式，将检测失败转化为有用的行为知识。我们的方法采用分层模式挖掘来识别区分恶意代码与良性代码的行为序列，利用大语言模型创建超越语法变体的语义抽象，并将这些知识整合到检测系统中，实现精确模式匹配与上下文推理的结合。PyGuard实现了99.50%的准确率，仅产生2个误报（现有工具为1,927-2,117个），在混淆代码上保持98.28%的准确率，并在实际部署中识别出219个先前未知的恶意包。行为模式展现出跨生态系统的适用性，在NPM包上达到98.07%的准确率，证明语义理解能够实现跨编程语言的知识迁移。