Saved in:
Bibliographic Details
Main Authors: Reuben, Maor, Mendel, Ido, Feldman, Or, Kravchik, Moshe, Guri, Mordehai, Puzis, Rami
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.14778
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912671629049856
author Reuben, Maor
Mendel, Ido
Feldman, Or
Kravchik, Moshe
Guri, Mordehai
Puzis, Rami
author_facet Reuben, Maor
Mendel, Ido
Feldman, Or
Kravchik, Moshe
Guri, Mordehai
Puzis, Rami
contents Supply chain attacks significantly threaten software security with malicious code injections within legitimate projects. Such attacks are very rare but may have a devastating impact. Detecting spurious code injections using automated tools is further complicated as it often requires deciphering the intention of both the inserted code and its context. In this study, we propose an unsupervised approach for highlighting spurious code injections by quantifying cohesion disruptions in the source code. Using a name-prediction-based cohesion (NPC) metric, we analyze how function cohesion changes when malicious code is introduced compared to natural cohesion fluctuations. An analysis of 54,707 functions over 369 open-source C++ repositories reveals that code injection reduces cohesion and shifts naming patterns toward shorter, less descriptive names compared to genuine function updates. Considering the sporadic nature of real supply-chain attacks, we evaluate the proposed method with extreme test-set imbalance and show that monitoring high-cohesion functions with NPC can effectively detect functions with injected code, achieving a Precision@100 of 36.41% at a 1:1,000 ratio and 12.47% at 1:10,000. These results suggest that automated cohesion measurements, in general, and name-prediction-based cohesion, in particular, may help identify supply chain attacks, improving source code integrity.
format Preprint
id arxiv_https___arxiv_org_abs_2510_14778
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Leveraging Code Cohesion Analysis to Identify Source Code Supply Chain Attacks
Reuben, Maor
Mendel, Ido
Feldman, Or
Kravchik, Moshe
Guri, Mordehai
Puzis, Rami
Software Engineering
Machine Learning
Supply chain attacks significantly threaten software security with malicious code injections within legitimate projects. Such attacks are very rare but may have a devastating impact. Detecting spurious code injections using automated tools is further complicated as it often requires deciphering the intention of both the inserted code and its context. In this study, we propose an unsupervised approach for highlighting spurious code injections by quantifying cohesion disruptions in the source code. Using a name-prediction-based cohesion (NPC) metric, we analyze how function cohesion changes when malicious code is introduced compared to natural cohesion fluctuations. An analysis of 54,707 functions over 369 open-source C++ repositories reveals that code injection reduces cohesion and shifts naming patterns toward shorter, less descriptive names compared to genuine function updates. Considering the sporadic nature of real supply-chain attacks, we evaluate the proposed method with extreme test-set imbalance and show that monitoring high-cohesion functions with NPC can effectively detect functions with injected code, achieving a Precision@100 of 36.41% at a 1:1,000 ratio and 12.47% at 1:10,000. These results suggest that automated cohesion measurements, in general, and name-prediction-based cohesion, in particular, may help identify supply chain attacks, improving source code integrity.
title Leveraging Code Cohesion Analysis to Identify Source Code Supply Chain Attacks
topic Software Engineering
Machine Learning
url https://arxiv.org/abs/2510.14778