QUT-DV25

A Dataset for Dynamic Analysis of Next-Gen Software Supply Chain Attacks This dataset captures multi-layered behavioral traces associated with Python package installation and execution, aimed at supporting research in malware detection and software supply chain security. It consists of six trace categories: Filetop traces monitor file read/write operations, highlighting missing or suspicious files (e.g., setup.py) and unauthorized modifications indicative of data exfiltration. Installation traces record dependency chains and detect anomalies like unexpected dependencies, resolution errors, or suspicious post-install scripts often linked to dependency confusion attacks. Opensnoop traces log file access to sensitive directories (e.g., /root/.ssh), revealing unauthorized access attempts or code injection. Pattern traces analyze sequential behaviors (e.g., repeated socket and process creation) to detect loops, version cycling, and stealthy activity patterns. System call traces capture low-level OS operations, identifying unauthorized process, file, or network interactions correlated with system-level sabotage. TCP traces record outbound network connections and state transitions, enabling detection of unusual ports (e.g., 6667), remote access attempts, and anomalous traffic patterns. Together, these datasets offer a rich foundation for identifying behavioral indicators of compromise in Python packages.

下一代软件供应链攻击动态分析数据集 本数据集收录了与Python包安装及执行相关的多层行为轨迹，旨在为恶意软件检测与软件供应链安全领域的研究提供支撑。本数据集包含六类轨迹： 文件操作轨迹（Filetop traces）：用于监控文件读写操作，可定位缺失或可疑文件（如setup.py）以及疑似数据外泄的未授权修改行为。 安装轨迹（Installation traces）：记录依赖链并检测异常情况，例如意外依赖、依赖解析错误，或常与依赖混淆攻击相关联的可疑后置安装脚本。 文件访问轨迹（Opensnoop traces）：记录对敏感目录（如/root/.ssh）的文件访问操作，可暴露未授权访问尝试或代码注入行为。 行为模式轨迹（Pattern traces）：分析序列性行为（如重复的套接字与进程创建操作），以检测循环、版本循环及隐蔽活动模式。 系统调用轨迹（System call traces）：捕获底层操作系统操作，识别与系统级破坏相关的未授权进程、文件或网络交互行为。 TCP轨迹（TCP traces）：记录出站网络连接与状态转换，可用于检测异常端口（如6667）、远程访问尝试及异常流量模式。 上述六类轨迹共同构成了丰富的分析基础，可用于识别Python包中的入侵行为指标。