Graph Learning-Based Behavioral Detection for Software Supply Chain Attacks

Authors

  • Jiacheng Hu Master’s Degree in Information Technology,University of New South Wales,Australia Author
  • Xiaoyi Long Computer Science, Georgia Institute of Technology, GA, USA Author

DOI:

https://doi.org/10.69987/JACS.2024.40405

Keywords:

Software supply chain security, Graph neural networks, Malicious package detection, Behavioral analysis

Abstract

Software supply chain attacks have emerged as critical threats to modern software ecosystems, exploiting vulnerabilities in package dependencies to inject malicious code. Traditional detection methods struggle with high false positive rates and limited coverage across diverse attack vectors. This work presents a graph-learning-based approach that models dependency relationships as structured graphs and leverages graph neural networks and behavioral sequence analysis for comprehensive threat detection. Our methodology constructs multi-level dependency graphs enriched with metadata, code, and behavioral features, employing graph convolutional layers with attention mechanisms to identify anomalous patterns. Experimental evaluations on real-world npm and PyPI datasets demonstrate detection accuracy of 94.3% with false positive rates below 2.1%, outperforming baseline methods by 17.8% in F1-score while maintaining scalability for repositories containing millions of packages.

Author Biography

  • Xiaoyi Long, Computer Science, Georgia Institute of Technology, GA, USA

     

     

Downloads

Published

2024-04-15

Issue

Vol. 4 No. 4 (2024): Advanced Computing Systems

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Jiacheng Hu, & Xiaoyi Long. (2024). Graph Learning-Based Behavioral Detection for Software Supply Chain Attacks . Journal of Advanced Computing Systems , 4(4), 49-60. https://doi.org/10.69987/JACS.2024.40405
Crossref
Scopus
Google Scholar
Europe PMC

Share