cs.CR
SynthChain: A Synthetic Benchmark and Forensic Analysis of Advanced and Stealthy Software Supply Chain Attacks
Mar 17, 2026
The paper introduces SynthChain, a comprehensive, multi-source synthetic testbed and dataset that demonstrates that detecting advanced software supply chain attacks requires fusing evidence from multiple, disparate telemetry sources.
Advanced software supply chain (SSC) attacks are increasingly runtime-only and leave fragmented evidence across hosts, services, and build/dependency layers, so any single telemetry stream is inherently insufficient to reconstruct full compromise chains under realistic access and budget limits. We present SynthChain, a near-production testbed and a multi-source runtime dataset with chain-level ground truth, derived from real-world malicious packages and exploit campaigns. SynthChain covers seven representative supply-chain exploit scenarios across PyPI, npm, and a native C/C++ supply-chain case, spanning Windows and Linux, and involving four hosts and one containerized environment. Scenarios span realistic time windows from minutes to hours and are annotated with 14 MITRE ATT&CK tactics and 161 techniques (29-104 techniques per scenario). Beyond releasing the data, we quantify observability constraints by mapping each chain step to the minimum evidence needed for detection and cross-source correlation. With realistic trace availability, no single source is chain-complete: the best single source reaches only 0.391 weighted tag/step coverage and 0.403 mean chain reconstruction. Even minimal two-source fusion boosts coverage to 0.636 and reconstruction to 0.639 (approximately 1.6x gain), with consistent chain coverage/recall improvements (0.545). The corpus contains approximately 0.58M raw multi-source events and 1.50M evaluation rows, enabling controlled studies of detection under constrained telemetry. We release the dataset, ground truth, and artifacts to support reproducible, forensic-aware runtime defenses and to guide efficient detection for software supply chains.
Software Supply Chain Smells: Lightweight Analysis for Secure Dependency Management
The paper introduces 'software supply chain smells,' structural indicators of se…
ChainGuards: Verification of Sensed Data using Permissioned Blockchain Technology
ChainGuards is a decentralized system that uses product-specific rules and block…
Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems
The paper introduces Document-Driven Implicit Payload Execution (DDIPE) to demon…
Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of…
The paper proposes a graph-learning approach to predict multi-vulnerability atta…
Connecting Distributed Ledgers: Surveying Novel Interoperability Solutions in On-chain Finance
This survey analyzes various novel cross-chain interoperability protocols to pro…
Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims
The paper proposes an attestation-aware promotion gate to mitigate supply-chain…
Interoperability Effects: Extending DeFi Lending Risk Models to Multi-Chain Environments
The paper empirically analyzes the impact of cross-chain interoperability on DeF…
Forensic Implications of Localized AI: Artifact Analysis of Ollama, LM Studio, and llama.cpp
This paper systematically analyzes the forensic artifacts left by popular local…