Securing software supply chains is a growing challenge due to the inadequacy of existing datasets in capturing the complexity of next-gen attacks, such as multiphase malware execution, remote access activation, and dynamic payload generation. Existing datasets, which rely on metadata inspection and static code analysis, are inadequate for detecting such attacks. This creates a critical gap because these datasets do not capture what happens during and after a package is installed. To address this gap, we present QUT-DV25, a dynamic analysis dataset specifically designed to support and advance research on detecting and mitigating supply chain attacks within the Python Package Index (PyPI) ecosystem. This dataset captures install and post-install-time traces from 14,271 Python packages, of which 7,127 are malicious. The packages are executed in an isolated sandbox environment using an extended Berkeley Packet Filter (eBPF) kernel and user-level probes. It captures 36 real-time features, that includes system calls, network traffic, resource usages, directory access patterns, dependency logs, and installation behaviors, enabling the study of next-gen attack vectors. ML analysis using the QUT-DV25 dataset identified four malicious PyPI packages previously labeled as benign, each with thousands of downloads. These packages deployed covert remote access and multi-phase payloads, were reported to PyPI maintainers, and subsequently removed. This highlights the practical value of QUT-DV25, as it outperforms reactive, metadata, and static datasets, offering a robust foundation for developing and benchmarking advanced threat detection within the evolving software supply chain ecosystem.

翻译：确保软件供应链安全是一项日益严峻的挑战，这主要是因为现有数据集难以捕捉下一代攻击的复杂性，例如多阶段恶意软件执行、远程访问激活和动态负载生成。现有数据集依赖于元数据检查和静态代码分析，不足以检测此类攻击。这造成了一个关键缺口，因为这些数据集未能捕获软件包安装期间及之后发生的情况。为弥补这一缺口，我们提出了QUT-DV25，这是一个专门设计用于支持和推进Python软件包索引（PyPI）生态系统内供应链攻击检测与缓解研究的动态分析数据集。该数据集捕获了14,271个Python软件包的安装及安装后执行轨迹，其中7,127个为恶意软件包。这些软件包在隔离的沙箱环境中执行，使用了扩展的伯克利包过滤器（eBPF）内核和用户级探针。数据集捕获了36个实时特征，包括系统调用、网络流量、资源使用情况、目录访问模式、依赖项日志和安装行为，从而支持对下一代攻击向量的研究。利用QUT-DV25数据集进行的机器学习分析识别出四个先前被标记为良性的恶意PyPI软件包，每个都有数千次下载。这些软件包部署了隐蔽的远程访问和多阶段负载，已向PyPI维护者报告并随后被移除。这凸显了QUT-DV25的实用价值，它超越了被动的、基于元数据和静态分析的数据集，为在不断发展的软件供应链生态系统中开发和评估高级威胁检测技术提供了坚实的基础。