{"id":"https://openalex.org/W7139123575","doi":"https://doi.org/10.48550/arxiv.2603.16694","title":"SynthChain: A Synthetic Benchmark and Forensic Analysis of Advanced and Stealthy Software Supply Chain Attacks","display_name":"SynthChain: A Synthetic Benchmark and Forensic Analysis of Advanced and Stealthy Software Supply Chain Attacks","publication_year":2026,"publication_date":"2026-03-17","ids":{"openalex":"https://openalex.org/W7139123575","doi":"https://doi.org/10.48550/arxiv.2603.16694"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.16694","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16694","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.16694","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Tan, Zhuoran","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Tan, Zhuoran","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Guo, Wenbo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guo, Wenbo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Brierley, Taylor","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brierley, Taylor","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Luo, Jiewen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luo, Jiewen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Singer, Jeremy","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Singer, Jeremy","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Anagnostopoulos, Christos","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anagnostopoulos, Christos","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.36820000410079956,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.36820000410079956,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.2824999988079071,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.2093999981880188,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8485000133514404},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6399000287055969},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6259999871253967},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6086999773979187},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.5697000026702881},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.48429998755455017},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.43869999051094055},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.352400004863739}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8485000133514404},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7854999899864197},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6399000287055969},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6259999871253967},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6086999773979187},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.5697000026702881},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.5231000185012817},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.48429998755455017},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.43869999051094055},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.352400004863739},{"id":"https://openalex.org/C36299963","wikidata":"https://www.wikidata.org/wiki/Q1369844","display_name":"Observability","level":2,"score":0.3440999984741211},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3375000059604645},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3190999925136566},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.30799999833106995},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.29190000891685486},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2825999855995178},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.28220000863075256},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.26840001344680786},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.2630000114440918},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.25839999318122864},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.25529998540878296},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.25270000100135803},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.25220000743865967}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.16694","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16694","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.16694","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16694","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"software":[1,221],"supply":[2,222],"chain":[3,124,158,177],"(SSC)":[4],"attacks":[5],"are":[6,99],"increasingly":[7],"runtime-only":[8],"and":[9,16,35,44,58,71,79,81,85,98,106,133,155,168,189,207,215],"leave":[10],"fragmented":[11],"evidence":[12,129],"across":[13,68],"hosts,":[14],"services,":[15],"build/dependency":[17],"layers,":[18],"so":[19],"any":[20],"single":[21,141,147],"telemetry":[22],"stream":[23],"is":[24,143],"inherently":[25],"insufficient":[26],"to":[27,96,126,166,170,209,216],"reconstruct":[28],"full":[29],"compromise":[30],"chains":[31],"under":[32,198],"realistic":[33,91,137],"access":[34],"budget":[36],"limits.":[37],"We":[38,201],"present":[39],"SynthChain,":[40],"a":[41,45,72],"near-production":[42],"testbed":[43],"multi-source":[46,187],"runtime":[47,213],"dataset":[48],"with":[49,101,175],"chain-level":[50],"ground":[51,205],"truth,":[52,206],"derived":[53],"from":[54,94],"real-world":[55],"malicious":[56],"packages":[57],"exploit":[59,66],"campaigns.":[60],"SynthChain":[61],"covers":[62],"seven":[63],"representative":[64],"supply-chain":[65,75],"scenarios":[67],"PyPI,":[69],"npm,":[70],"native":[73],"C/C++":[74],"case,":[76],"spanning":[77],"Windows":[78],"Linux,":[80],"involving":[82],"four":[83],"hosts":[84],"one":[86],"containerized":[87],"environment.":[88],"Scenarios":[89],"span":[90],"time":[92],"windows":[93],"minutes":[95],"hours":[97],"annotated":[100],"14":[102],"MITRE":[103],"ATT&amp;CK":[104],"tactics":[105],"161":[107],"techniques":[108,110],"(29-104":[109],"per":[111],"scenario).":[112],"Beyond":[113],"releasing":[114],"the":[115,127,145,203],"data,":[116],"we":[117],"quantify":[118],"observability":[119],"constraints":[120],"by":[121],"mapping":[122],"each":[123],"step":[125],"minimum":[128],"needed":[130],"for":[131,220],"detection":[132,197,219],"cross-source":[134],"correlation.":[135],"With":[136],"trace":[138],"availability,":[139],"no":[140],"source":[142,148],"chain-complete:":[144],"best":[146],"reaches":[149],"only":[150],"0.391":[151],"weighted":[152],"tag/step":[153],"coverage":[154,165],"0.403":[156],"mean":[157],"reconstruction.":[159],"Even":[160],"minimal":[161],"two-source":[162],"fusion":[163],"boosts":[164],"0.636":[167],"reconstruction":[169],"0.639":[171],"(approximately":[172],"1.6x":[173],"gain),":[174],"consistent":[176],"coverage/recall":[178],"improvements":[179],"(0.545).":[180],"The":[181],"corpus":[182],"contains":[183],"approximately":[184],"0.58M":[185],"raw":[186],"events":[188],"1.50M":[190],"evaluation":[191],"rows,":[192],"enabling":[193],"controlled":[194],"studies":[195],"of":[196],"constrained":[199],"telemetry.":[200],"release":[202],"dataset,":[204],"artifacts":[208],"support":[210],"reproducible,":[211],"forensic-aware":[212],"defenses":[214],"guide":[217],"efficient":[218],"chains.":[223]},"counts_by_year":[],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2026-02-07T00:00:00"}