{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T20:25:06Z","timestamp":1757622306295,"version":"3.44.0"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032006325"},{"type":"electronic","value":"9783032006332"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-00633-2_16","type":"book-chapter","created":{"date-parts":[[2025,8,8]],"date-time":"2025-08-08T10:15:37Z","timestamp":1754648137000},"page":"269-285","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Time Series Analysis of\u00a0Malware Uploads to\u00a0Programming Language Ecosystems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5147-3084","authenticated-orcid":false,"given":"Jukka","family":"Ruohonen","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4816-2426","authenticated-orcid":false,"given":"Mubashrah","family":"Saddiqa","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,9]]},"reference":[{"issue":"6","key":"16_CR1","doi-asserted-by":"publisher","first-page":"4255","DOI":"10.1109\/TDSC.2021.3125270","volume":"19","author":"A Anwar","year":"2022","unstructured":"Anwar, A., Abusnaina, A., Chen, S., Li, F., Mohaisen, D.: Cleaning the NVD: comprehensive quality assessment, improvements, and analyses. IEEE Trans. Dependable Secure Comput. 19(6), 4255\u20134269 (2022)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"16_CR2","doi-asserted-by":"publisher","first-page":"102287","DOI":"10.1016\/j.cose.2021.102287","volume":"106","author":"M Botacin","year":"2021","unstructured":"Botacin, M., Ceschin, F., Sun, R., Oliveir, D., Gr\u00e9gio, A.: Challenges and pitfalls in malware research. Comput. Secur. 106, 102287 (2021)","journal-title":"Comput. Secur."},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Cao, A., Dolan-Gavitt, B.: What the fork? finding and analyzing malware in github forks. In: Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2022). The Internet Society, San Diego (2022)","DOI":"10.14722\/madweb.2022.23001"},{"key":"16_CR4","doi-asserted-by":"publisher","first-page":"3982","DOI":"10.3390\/su11143982","volume":"11","author":"M Cheng","year":"2019","unstructured":"Cheng, M., Liu, B.: Analysis on the influence of China\u2019s energy consumption on economic growth. Sustainability 11, 3982 (2019)","journal-title":"Sustainability"},{"key":"16_CR5","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1365\/s43439-022-00067-6","volume":"3","author":"PG Chiara","year":"2022","unstructured":"Chiara, P.G.: The cyber resilience act: the EU commission\u2019s proposal for a horizontal regulation on cybersecurity for products with digital elements: an introduction. Int. Cybersecurity Law Rev. 3, 255\u2013272 (2022)","journal-title":"Int. Cybersecurity Law Rev."},{"key":"16_CR6","unstructured":"Claburn, T.: LLMs can\u2019t stop making up software dependencies and sabotaging everything: hallucinated package names fuel \u2018slopsquatting\u2019 (2025), the register, available online in April 2025: https:\/\/www.theregister.com\/2025\/04\/12\/ai_code_suggestions_sabotage_supply_chain\/"},{"issue":"1","key":"16_CR7","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1145\/3722542","volume":"23","author":"R Cox","year":"2025","unstructured":"Cox, R.: Fifty years of open source software supply chain security. ACM Queue 23(1), 84\u2013107 (2025)","journal-title":"ACM Queue"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"de Souza, R.A., Silva, V.D., Junior, S.B., Zarpel\u00e3o, B.B.: Forecasting malware incident rates in higher education institutions. In: Proceedings of the 38th International Conference on Advanced Information Networking and Applications (AINA 2024), pp. 226\u2013237. Springer, Kitakyushu (2024)","DOI":"10.1007\/978-3-031-57916-5_20"},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Decan, A., Mens, T., Claes, M.: An empirical comparison of dependency issues in OSS packaging ecosystems. In: Proceedings of the IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER 2017), pp. 2\u201312. IEEE, Klagenfurt (2017)","DOI":"10.1109\/SANER.2017.7884604"},{"issue":"366","key":"16_CR10","doi-asserted-by":"publisher","first-page":"427","DOI":"10.2307\/2286348","volume":"74","author":"DA Dickey","year":"1979","unstructured":"Dickey, D.A., Fuller, W.A.: Distribution of the estimators for autoregressive time series with a unit root. J. Am. Stat. Assoc. 74(366), 427\u2013431 (1979)","journal-title":"J. Am. Stat. Assoc."},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Esposito, M., Moreschini, S., Lenarduzzi, V., H\u00e4stbacka, D., Falessi, D.: Can we trust the default vulnerabilities severity? In: Proceedings of the IEEE 23rd International Working Conference on Source Code Analysis and Manipulation (SCAM 2023), pp. 265\u2013270. IEEE, Bogot\u00e1 (2023)","DOI":"10.1109\/SCAM59687.2023.00037"},{"key":"16_CR12","unstructured":"Goodin, D.: Destructive malware available in NPM repo went unnoticed for 2 years (2025), ArsTechnica, available online in June 2025. https:\/\/arstechnica.com\/information-technology\/2025\/05\/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years\/"},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Guo, W., Xu, Z., Liu, C., Huang, C., Fang, Y., Liu, Y.: An empirical study of malicious code in PyPI ecosystem. In: Proceedings of the 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE 2023), pp. 166\u2013177. IEEE, Luxembourg (2023)","DOI":"10.1109\/ASE56229.2023.00135"},{"issue":"3","key":"16_CR14","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1016\/0165-1765(80)90024-5","volume":"6","author":"CM Jarque","year":"1980","unstructured":"Jarque, C.M., Bera, A.K.: Efficient tests for normality, homoscedasticity and serial independence of regression residuals. Econ. Lett. 6(3), 255\u2013259 (1980)","journal-title":"Econ. Lett."},{"key":"16_CR15","doi-asserted-by":"crossref","unstructured":"Kim, K.H., Choi, M.J.: Android malware detection using multivariate time-series technique. In: Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS 2015), pp. 198\u2013202. IEEE, Busan (2015)","DOI":"10.1109\/APNOMS.2015.7275426"},{"key":"16_CR16","unstructured":"Luo, Z., et al.: Unsafe LLM-based search: quantitative analysis and mitigation of safety risks in AI web search. arXiv:2502.04951 (2025)"},{"key":"16_CR17","unstructured":"Ma, S., et al.: PsyScam: a benchmark for psychological techniques in real-world scams. arXiv:2505.15017 (2025)"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Marwah, M., Arlitt, M.: Deep learning for network traffic data. In: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD 2022), pp. 4804\u20134805. ACM, Washington (2022)","DOI":"10.1145\/3534678.3542618"},{"key":"16_CR19","unstructured":"Mehedi, S.T., Islam, C., Ramachandran, G., Jurdak, R.: DySec: a machine learning-based dynamic analysis for detecting malicious packages in PyPI ecosystem. arXiv:2503.00324 (2025)"},{"key":"16_CR20","doi-asserted-by":"publisher","first-page":"105","DOI":"10.3390\/economies7040105","volume":"7","author":"AN Menegaki","year":"2019","unstructured":"Menegaki, A.N.: The ARDL method in the energy-growth nexus field; best implementation strategies. Economies 7, 105 (2019)","journal-title":"Economies"},{"key":"16_CR21","unstructured":"Metcalf, L.B., Schwartz, E.J.: Malware Research: if you cannot replicate it, you will not use it (2025), Software Engineering Institute (SEI) Blog, Carnegie Mellon University, available online in June 2025: https:\/\/insights.sei.cmu.edu\/library\/malware-research-if-you-cannot-replicate-it-you-will-not-use-it\/"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Nachuma, C., Hossan, M.M., Turzo, A.K., Zibran, M.F.: Decoding dependency risks: a quantitative study of vulnerabilities in the maven ecosystem. arXiv:2503.22134 (2025)","DOI":"10.1109\/MSR66628.2025.00048"},{"key":"16_CR23","unstructured":"Natsiopoulos, K., Tzeremes, N.: ARDL: ARDL, ECM and bounds-test for cointegration (2023), R package version 0.2.4, available online in April 2025: https:\/\/cran.r-project.org\/web\/packages\/ARDL\/index.html"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Massacci, F.: The (Un)Reliability of NVD vulnerability versions data: an empirical experiment on google chrome vulnerabilities. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIACCS 2013), pp. 493\u2013498. ACM (2013)","DOI":"10.1145\/2484313.2484377"},{"key":"16_CR25","unstructured":"Ruohonen, J., Hjerppe, K., Kang, E.Y.: A mapping analysis of requirements between the CRA and the GDPR. arXiv:2503.01816 (2025)"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Ruohonen, J., Hjerppe, K., Rindell, K.: A large-scale security-oriented static analysis of python packages in PyPI. In: Proceedings of the 18th Annual International Conference on Privacy, Security and Trust (PST 2021), pp. 1\u201310. IEEE, Auckland (2021)","DOI":"10.1109\/PST52912.2021.9647791"},{"key":"16_CR27","unstructured":"Ruohonen, J., Ramadan, Q.: The popularity hypothesis in software security: a large-scale replication with PHP packages. arXiv:2502.16670 (2025)"},{"key":"16_CR28","unstructured":"Ruohonen, J., Ramadan, Q.: Tracing vulnerability propagation across open source software ecosystems. arXiv:2505.04307 (2025)"},{"key":"16_CR29","doi-asserted-by":"crossref","unstructured":"Ruohonen, J., Saddiqa, M.: What do we know about the psychology of insider threats? In: Proceedings of the 15th EAI International Conference on Digital Forensics and Cyber Crime (EAI ICDF2C 2024), pp. 186\u2013211. Springer, Dubrovnik (2025)","DOI":"10.1007\/978-3-031-89363-6_11"},{"key":"16_CR30","unstructured":"Seabold, S., Perktold, J.: statsmodels: econometric and statistical modeling with python. In: Proceedings of the 9th Python in Science Conference (SciPy 2010). Austin (2010), Autoregressive Distributed Lag (ARDL) Models, statsmodels 0.15.0, available online in April 2025: https:\/\/www.statsmodels.org\/devel\/examples\/notebooks\/generated\/autoregressive_distributed_lag.html"},{"key":"16_CR31","unstructured":"Snyk Limited: Name Confusion Attacks (2025). https:\/\/learn.snyk.io\/lesson\/name-confusion-attacks\/"},{"key":"16_CR32","unstructured":"The\u00a0European Union: Regulation (EU) 2024\/2847 of the European Parliament and of the Council of 23 October 2024 on Horizontal Cybersecurity Requirements for Products With Digital Elements and Amending Regulations (EU) No 168\/2013 and (EU) 2019\/1020 and Directive (EU) 2020\/1828 (Cyber Resilience Act) (Text With EEA Relevance) (2024). https:\/\/eur-lex.europa.eu\/eli\/reg\/2024\/2847\/oj\/eng"},{"key":"16_CR33","doi-asserted-by":"crossref","unstructured":"Zahan, N., Burckhardt, P., Lysenko, M., Aboukhadijeh, F., Williams, L.: MalwareBench: malware samples are not enough. In: Proceedings of the 21st International Conference on Mining Software Repositories (MSR 2024), pp. 728\u2013732. ACM, Lisbon (2024)","DOI":"10.1145\/3643991.3644883"},{"issue":"4","key":"16_CR34","first-page":"1","volume":"34","author":"J Zhang","year":"2024","unstructured":"Zhang, J., et al.: Killing two birds with one stone: malicious package detection in NPM and PyPI using a single model of malicious behavior sequence. ACM Trans. Software Eng. Methodol. 34(4), 1\u201328 (2024)","journal-title":"ACM Trans. Software Eng. Methodol."},{"key":"16_CR35","unstructured":"Zheng, M., Robbins, H., Chai, Z., Thapa, P., Moore, T.: Cybersecurity research datasets: taxonomy and empirical analysis. In: Proceedings of the 11th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2018), pp. 1\u20138. USENIX, Baltimore (2018)"},{"key":"16_CR36","unstructured":"Zimmermann, M., Staicu, C., Tenny, C., Pradel, M.: Small world with high risks: a study of security threats in the NPM ecosystem. In: Proceedings of the 28th USENIX Security Symposium, pp. 995\u20131010. USENIX, Santa Clara (2019)"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-00633-2_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T19:23:19Z","timestamp":1757359399000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-00633-2_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032006325","9783032006332"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-00633-2_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"9 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ghent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Belgium","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ares-12025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2025.ares-conference.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}