{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T23:03:22Z","timestamp":1773615802803,"version":"3.50.1"},"reference-count":29,"publisher":"Allerton Press","issue":"8","license":[{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Aut. Control Comp. Sci."],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.3103\/s0146411625700841","type":"journal-article","created":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T12:34:05Z","timestamp":1771936445000},"page":"1307-1314","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Detection of Potentially Malicious Activities in CI\/CD Pipelines Based on Build Agent Behavior Analysis"],"prefix":"10.3103","volume":"59","author":[{"given":"E. V.","family":"Zhukovskii","sequence":"first","affiliation":[]},{"given":"V. A.","family":"Bugaev","sequence":"additional","affiliation":[]},{"given":"A. A.","family":"Lyrchikov","sequence":"additional","affiliation":[]}],"member":"1627","published-online":{"date-parts":[[2026,2,24]]},"reference":[{"key":"7919_CR1","unstructured":"Research and Markets. DevOps Global Market Report 2024. https:\/\/www.researchandmarkets.com\/reports\/5767407\/devops-global-market-report. Cited December 25, 2024."},{"key":"7919_CR2","unstructured":"State of DevOps Russia 2024. https:\/\/devopsrussia.ru\/wp-content\/themes\/devopsrussia\/assets\/docs\/StateOfDevOpsRussia2024.pdf. Cited December 25, 2024."},{"key":"7919_CR3","unstructured":"Checkov. https:\/\/github.com\/bridgecrewio\/checkov. Cited September 17, 2024."},{"key":"7919_CR4","unstructured":"Chain-bench. https:\/\/github.com\/aquasecurity\/chain-bench. Cited September 17, 2024."},{"key":"7919_CR5","unstructured":"In-toto. https:\/\/in-toto.io\/. Cited September 17, 2024."},{"key":"7919_CR6","unstructured":"Sigstore Cosign. https:\/\/github.com\/sigstore\/cosign. Cited September 17, 2024."},{"key":"7919_CR7","unstructured":"SolarWinds: State-sponsored global software supply chain attack. https:\/\/www.cfcs.dk\/globalassets\/cfcs\/dokumenter\/rapporter\/en\/CFCS-solarwinds-report-EN.pdf. Cited December 17, 2023."},{"key":"7919_CR8","unstructured":"Bash uploader security update. https:\/\/about.codecov.io\/security-update\/. Cited December 17, 2023."},{"key":"7919_CR9","unstructured":"Positive Technologies and TetraSoft reveal details of targeted attack on hydrocarbon production. https:\/\/www.ptsecurity.com\/ru-ru\/about\/news\/positive-technologies-i-tetra-soft-raskryvayut-podrobnosti-czelevoj-ataki-na-dobychu-uglevodorodnogo-syrya\/. Cited December 20, 2024."},{"key":"7919_CR10","unstructured":"Current cyber threats: first quarter of 2024. https:\/\/www.ptsecurity.com\/ru-ru\/research\/analytics\/cybersecurity-threatscape-2024-q1\/. Cited December 20, 2024."},{"key":"7919_CR11","doi-asserted-by":"publisher","first-page":"387","DOI":"10.3103\/s0146411619050067","volume":"53","author":"D.S. Lavrova","year":"2019","unstructured":"Lavrova, D.S., Zaitseva, E.A., and Zegzhda, D.P., Approach to presenting network infrastructure of cyberphysical systems to minimize the cyberattack neutralization time, Autom. Control Comput. Sci., 2019, vol. 53, no. 5, pp. 387\u2013392. https:\/\/doi.org\/10.3103\/s0146411619050067","journal-title":"Autom. Control Comput. Sci."},{"key":"7919_CR12","unstructured":"Falco. https:\/\/github.com\/falcosecurity\/falco\/. Cited September 10, 2024."},{"key":"7919_CR13","unstructured":"Tetragon. https:\/\/github.com\/cilium\/tetragon. Cited September 10, 2024."},{"key":"7919_CR14","unstructured":"Tracee. https:\/\/github.com\/aquasecurity\/tracee. Cited September 10, 2024."},{"key":"7919_CR15","unstructured":"Teixeira, D., Bypassing eBPF-based security enforcement tools, Form3\u20132022. https:\/\/www.form3.tech\/blog\/engineering\/bypassing-ebpf-tools. Cited September 17, 2024."},{"key":"7919_CR16","unstructured":"Lashkin, V. and Evdokimov, D., EDR vs containers: Actual problems, SOC-Forum, 2023. https:\/\/forumsoc.ru\/upload\/iblock\/3dd\/ew9u5itkw7vt36eit9f3sl5q9fu4hzx0.pdf. Cited September 17, 2024."},{"key":"7919_CR17","unstructured":"Gavrilov, I., How to hide your actions when every step is being monitored, Offzone 2023. https:\/\/2023.offzone.moscow\/upload\/iblock\/e3b\/g6q7ndv0uu3e2lp6ebyneakm9hhw5oyw.pdf. Cited September 17, 2024."},{"key":"7919_CR18","unstructured":"Falco-bypasses. https:\/\/github.com\/blackberry\/Falco-bypasses. Cited September 17, 2024."},{"key":"7919_CR19","doi-asserted-by":"publisher","unstructured":"Kim, G., LSTM-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems, arXiv Preprint, 2016. https:\/\/doi.org\/10.48550\/arXiv.1611.01726","DOI":"10.48550\/arXiv.1611.01726"},{"key":"7919_CR20","doi-asserted-by":"publisher","unstructured":"Capizzi, A., Distefano, S., and Mazzara, M., Anomaly detection in devops toolchain, Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment, Bruel, J.M., Mazzara, M., and Meyer, B., Eds., Cham: Springer, 2019, vol. 12055, pp. 37\u201351. https:\/\/doi.org\/10.1007\/978-3-030-39306-9_3","DOI":"10.1007\/978-3-030-39306-9_3"},{"key":"7919_CR21","doi-asserted-by":"publisher","first-page":"993","DOI":"10.3103\/s0146411620080155","volume":"54","author":"M.O. Kalinin","year":"2020","unstructured":"Kalinin, M.O., Krundyshev, V.M., and Sinyapkin, B.G., Development of the intrusion detection system for the Internet of Things based on a sequence alignment algorithm, Autom. Control Comput. Sci., 2020, vol. 54, no. 8, pp. 993\u20131000. https:\/\/doi.org\/10.3103\/s0146411620080155","journal-title":"Autom. Control Comput. Sci."},{"key":"7919_CR22","doi-asserted-by":"publisher","unstructured":"Castanhel, G.R., Heinrich, T., Ceschin, F., and Maziero, C., Taking a peek: An evaluation of anomaly detection using system calls for containers, 2021 IEEE Symposium on Computers and Communications (ISCC), Athens, 2021, IEEE, 2021, pp. 1\u20136. https:\/\/doi.org\/10.1109\/iscc53001.2021.9631251","DOI":"10.1109\/iscc53001.2021.9631251"},{"key":"7919_CR23","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1016\/j.jksuci.2023.02.010","volume":"35","author":"A.H. Fawzy","year":"2023","unstructured":"Fawzy, A.H., Wassif, K., and Moussa, H., Framework for automatic detection of anomalies in DevOps, J. King Saud Univ.-Comput. Inf. Sci., 2023, vol. 35, no. 3, pp. 8\u201319. https:\/\/doi.org\/10.1016\/j.jksuci.2023.02.010","journal-title":"Comput. Inf. Sci."},{"key":"7919_CR24","first-page":"251","volume":"22","author":"M. Poltavtseva","year":"2019","unstructured":"Poltavtseva, M. and Shenets, N., Applying homomorphic cryptography methods to the development of secure big data management systems, Nonlinear Phenom. Complex Syst., 2019, vol. 22, no. 3, pp. 251\u2013259.","journal-title":"Nonlinear Phenom. Complex Syst."},{"key":"7919_CR25","doi-asserted-by":"publisher","unstructured":"Kotenko, I.V., Melnik, M.V., and Abramenko, G.T., Anomaly detection in container systems: Using histograms of normal processes and an autoencoder, 2024 IEEE 25th International Conference of Young Professionals in Electron Devices and Materials (EDM), Altai, 2024, IEEE, 2024, pp. 1930\u20131934. https:\/\/doi.org\/10.1109\/edm61683.2024.10615118","DOI":"10.1109\/edm61683.2024.10615118"},{"key":"7919_CR26","unstructured":"eBPF Documentation. https:\/\/ebpf.io\/what-is-ebpf\/. Cited February 12, 2025."},{"key":"7919_CR27","doi-asserted-by":"publisher","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., and Longstaff, T.A., A sense of self for Unix processes, Proceedings 1996 IEEE Symposium on Security and Privacy, Oakland, CA, 1996, IEEE, 1996, pp. 120\u2013128. https:\/\/doi.org\/10.1109\/secpri.1996.502675","DOI":"10.1109\/secpri.1996.502675"},{"key":"7919_CR28","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1145\/504909.504911","volume":"5","author":"M. Bernaschi","year":"2002","unstructured":"Bernaschi, M., Gabrielli, E., and Mancini, L.V., Remus: A security-enhanced operating system, ACM Transactions on Information and System Security, 2002, vol. 5, no. 1, pp. 36\u201361. https:\/\/doi.org\/10.1145\/504909.504911","journal-title":"ACM Transactions on Information and System Security"},{"key":"7919_CR29","unstructured":"BCC. https:\/\/github.com\/iovisor\/bcc. Cited September 7, 2024."}],"container-title":["Automatic Control and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.3103\/S0146411625700841.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.3103\/S0146411625700841","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.3103\/S0146411625700841.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T22:04:50Z","timestamp":1773612290000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.3103\/S0146411625700841"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12]]},"references-count":29,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["7919"],"URL":"https:\/\/doi.org\/10.3103\/s0146411625700841","relation":{},"ISSN":["0146-4116","1558-108X"],"issn-type":[{"value":"0146-4116","type":"print"},{"value":"1558-108X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12]]},"assertion":[{"value":"17 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 February 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 March 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 February 2026","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors of this work declare that they have no conflicts of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"CONFLICT OF INTEREST"}}]}}