SUPPLY CHAIN ATTACK DETECTION THROUGH LIFECYCLE-AWARE ANOMALY SYSTEMS: INTEGRATION OF END-OF-LIFE CONTEXT FOR IDENTIFYING MAINTENANCE TRANSITION ANOMALIES
DOI:
https://doi.org/10.30888/2663-5712.2026-35-01-117Keywords:
supply chain attack, anomaly detection, End-of-Life, OpenEoX, lifecycle transition, fork succession, package hijacking, behavioral analysis, SBOM securityAbstract
Supply chain attacks targeting software dependencies represent an escalating threat vector, with adversaries increasingly exploiting lifecycle transitions-particularly End-of-Life (EoL) and maintenance handover events-to introduce malicious code into trusReferences
Ohm, M., Plate, H., Sykosch, A., & Meier, M. (2020, June). Backstabber’s knife collection: A review of open-source software supply chain attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 23-43). Cham: Springer International Publishing.
Demianchuk Sergii (2025). SYSTEMATIC CYBERSECURITY RISKS IN END-OF-LIFE OPEN-SOURCE SOFTWARE: EVIDENCE FROM THE TARMAGEDDON VULNERABILITY. Modern Engineering and Innovative Technologies, 1(41-01), 219–232. https://doi.org/10.30890/2567-5273.2025-41-01-077
Zimmermann, Markus & Staicu, Cristian-Alexandru & Tenny, Cam & Pradel, Michael. (2019). Small World with High Risks: A Study of Security Threats in the npm Ecosystem. 10.48550/arXiv.1902.09217
Vu, D. L., Pashchenko, I., Massacci, F., Plate, H., & Sabetta, A. (2020, October). Towards using source code repositories to identify software supply chain attacks. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security (pp. 2093-2095).
Duan, R., Alrawi, O., Kasturi, R. P., Elder, R., Saltaformaggio, B., & Lee, W. (2020). Towards measuring supply chain attacks on package managers for interpreted languages. arXiv preprint arXiv:2002.01139.
Demianchuk, Sergii (2025). Cybersecurity-Driven Approach to End-of-Life Software Management: Addressing Vulnerability Risks Through Standardized EoL Protocols. In SWorld-Ger Conference proceedings (No. gec40-00, pp. 25-30). https://doi.org/10.30890/2709-1783.2025-40-00-026
Demianchuk, Sergii (2026). PRACTICAL FRAMEWORK FOR END-OF-LIFE SOFTWARE MANAGEMENT IN CYBERSECURITY: FROM VULNERABILITY ASSESSMENT TO AUTOMATED LIFECYCLE TRACKING. Наука і техніка сьогодні. https://doi.org/10.52058/2786-6025-2025-13(54)-1627-1636
Santos, O., Schmidt, T., Roguski, P., Middlekauff, A., Cao, F., Demianchuk, S., Rock, L., Murphy, J., Hagen, S., Chari, S., & Schaffer, T. (2025, April 24). OpenEoX: A standardized framework for managing End of Life and other product lifecycle information [Technical report]. OASIS Open. https://docs.oasis-open.org/openeox/standardization-framework/openeox-standardization-framework-technical-report.pdf
P. Ladisa, H. Plate, M. Martinez and O. Barais, "SoK: Taxonomy of Attacks on Open-Source Software Supply Chains," 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2023, pp. 1509-1526 DOI: https://doi.org/10.1109/SP46215.2023.10179304
K. Garrett, G. Ferreira, L. Jia, J. Sunshine and C. Kästner, "Detecting Suspicious Package Updates," 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), Montreal, QC, Canada, 2019, pp. 13-16 DOI: https://doi.org/10.1109/ICSE-NIER.2019.00012
G. Petrović, M. Ivanković, G. Fraser and R. Just, "Practical Mutation Testing at Scale: A view from Google," in IEEE Transactions on Software Engineering, vol. 48, no. 10, pp. 3900-3912, 1 Oct. 2022 DOI: https://doi.org/10.1109/TSE.2021.3107634
Demianchuk, S., Martynenko, R., & Lopukhovych, V. (2025). OPEN-SOURCE SOFTWARE LIFECYCLE CLASSIFICATION: MEASUREMENT OF THE END-OF-LIFE (EoL) SOFTWARE. SWorldJournal, (33-01), 209-216. https://doi.org/10.30888/2663-5712.2025-33-01-126
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Authors
This work is licensed under a Creative Commons Attribution 4.0 International License.
