{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:4S56RJFRCTRTNYRCU5YUJ6TFKL","short_pith_number":"pith:4S56RJFR","canonical_record":{"source":{"id":"1905.07273","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-16T17:16:52Z","cross_cats_sorted":["cs.AI","cs.CV"],"title_canon_sha256":"d9b99ce9545c320888596664d0ef5f3cf486fcfa64988fb4eba88af040d86bad","abstract_canon_sha256":"ec5649e3568dda4c83fc70268d5b14b26f26d3f6c50b978fb913b85455f1d049"},"schema_version":"1.0"},"canonical_sha256":"e4bbe8a4b114e336e222a77144fa6552f2dad8441465567234e04e93fd5eb7c0","source":{"kind":"arxiv","id":"1905.07273","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1905.07273","created_at":"2026-05-17T23:45:51Z"},{"alias_kind":"arxiv_version","alias_value":"1905.07273v2","created_at":"2026-05-17T23:45:51Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.07273","created_at":"2026-05-17T23:45:51Z"},{"alias_kind":"pith_short_12","alias_value":"4S56RJFRCTRT","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_16","alias_value":"4S56RJFRCTRTNYRC","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_8","alias_value":"4S56RJFR","created_at":"2026-05-18T12:33:10Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:4S56RJFRCTRTNYRCU5YUJ6TFKL","target":"record","payload":{"canonical_record":{"source":{"id":"1905.07273","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-16T17:16:52Z","cross_cats_sorted":["cs.AI","cs.CV"],"title_canon_sha256":"d9b99ce9545c320888596664d0ef5f3cf486fcfa64988fb4eba88af040d86bad","abstract_canon_sha256":"ec5649e3568dda4c83fc70268d5b14b26f26d3f6c50b978fb913b85455f1d049"},"schema_version":"1.0"},"canonical_sha256":"e4bbe8a4b114e336e222a77144fa6552f2dad8441465567234e04e93fd5eb7c0","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:45:51.419396Z","signature_b64":"iDg+svfuwfMUbXRruR9/qSsmFCRG5NzA+2e17Ahs+tcn524Fwwv1XO0ava4635jgcqvmC2FI7FgcTrtcDq2UAw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e4bbe8a4b114e336e222a77144fa6552f2dad8441465567234e04e93fd5eb7c0","last_reissued_at":"2026-05-17T23:45:51.418954Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:45:51.418954Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1905.07273","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:45:51Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"NcxRAof25WVt3yQ1+HZnRv3fcFMwuTOPgn6VAfNRpBwhynm8uJ3TlKzhChS3/TFn/MKw4kvSWr38a+KYUwmkCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-02T19:32:41.944413Z"},"content_sha256":"9cf46a5b97709f49d43d2f831d38572d24317633ad5c5d03ac34804cb34d54dc","schema_version":"1.0","event_id":"sha256:9cf46a5b97709f49d43d2f831d38572d24317633ad5c5d03ac34804cb34d54dc"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:4S56RJFRCTRTNYRCU5YUJ6TFKL","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Finding Rats in Cats: Detecting Stealthy Attacks using Group Anomaly Detection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.CV"],"primary_cat":"cs.CR","authors_text":"Aditya Kuppa, Muhammad Rizwan Asghar, Nhien-An Le-Khac, Slawomir Grzonkowski","submitted_at":"2019-05-16T17:16:52Z","abstract_excerpt":"Advanced attack campaigns span across multiple stages and stay stealthy for long time periods. There is a growing trend of attackers using off-the-shelf tools and pre-installed system applications (such as \\emph{powershell} and \\emph{wmic}) to evade the detection because the same tools are also used by system administrators and security analysts for legitimate purposes for their routine tasks. To start investigations, event logs can be collected from operational systems; however, these logs are generic enough and it often becomes impossible to attribute a potential attack to a specific attack "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.07273","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:45:51Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"tCGwRfRngz4sO18zf8WJL2HlOJtWBvJidXFw3bcJDZmDEOs5oZy8HxGjniXHspS1IAlTmhaBSLSBw9DYr6aJDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-02T19:32:41.944769Z"},"content_sha256":"ba164fe7deee3e2e0221da7e728848b84bed71c41d5c912a97b2a90af0a47edd","schema_version":"1.0","event_id":"sha256:ba164fe7deee3e2e0221da7e728848b84bed71c41d5c912a97b2a90af0a47edd"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL/bundle.json","state_url":"https://pith.science/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-02T19:32:41Z","links":{"resolver":"https://pith.science/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL","bundle":"https://pith.science/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL/bundle.json","state":"https://pith.science/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL/state.json","well_known_bundle":"https://pith.science/.well-known/pith/4S56RJFRCTRTNYRCU5YUJ6TFKL/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:4S56RJFRCTRTNYRCU5YUJ6TFKL","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"ec5649e3568dda4c83fc70268d5b14b26f26d3f6c50b978fb913b85455f1d049","cross_cats_sorted":["cs.AI","cs.CV"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-16T17:16:52Z","title_canon_sha256":"d9b99ce9545c320888596664d0ef5f3cf486fcfa64988fb4eba88af040d86bad"},"schema_version":"1.0","source":{"id":"1905.07273","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1905.07273","created_at":"2026-05-17T23:45:51Z"},{"alias_kind":"arxiv_version","alias_value":"1905.07273v2","created_at":"2026-05-17T23:45:51Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.07273","created_at":"2026-05-17T23:45:51Z"},{"alias_kind":"pith_short_12","alias_value":"4S56RJFRCTRT","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_16","alias_value":"4S56RJFRCTRTNYRC","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_8","alias_value":"4S56RJFR","created_at":"2026-05-18T12:33:10Z"}],"graph_snapshots":[{"event_id":"sha256:ba164fe7deee3e2e0221da7e728848b84bed71c41d5c912a97b2a90af0a47edd","target":"graph","created_at":"2026-05-17T23:45:51Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Advanced attack campaigns span across multiple stages and stay stealthy for long time periods. There is a growing trend of attackers using off-the-shelf tools and pre-installed system applications (such as \\emph{powershell} and \\emph{wmic}) to evade the detection because the same tools are also used by system administrators and security analysts for legitimate purposes for their routine tasks. To start investigations, event logs can be collected from operational systems; however, these logs are generic enough and it often becomes impossible to attribute a potential attack to a specific attack ","authors_text":"Aditya Kuppa, Muhammad Rizwan Asghar, Nhien-An Le-Khac, Slawomir Grzonkowski","cross_cats":["cs.AI","cs.CV"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-16T17:16:52Z","title":"Finding Rats in Cats: Detecting Stealthy Attacks using Group Anomaly Detection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.07273","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:9cf46a5b97709f49d43d2f831d38572d24317633ad5c5d03ac34804cb34d54dc","target":"record","created_at":"2026-05-17T23:45:51Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"ec5649e3568dda4c83fc70268d5b14b26f26d3f6c50b978fb913b85455f1d049","cross_cats_sorted":["cs.AI","cs.CV"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-16T17:16:52Z","title_canon_sha256":"d9b99ce9545c320888596664d0ef5f3cf486fcfa64988fb4eba88af040d86bad"},"schema_version":"1.0","source":{"id":"1905.07273","kind":"arxiv","version":2}},"canonical_sha256":"e4bbe8a4b114e336e222a77144fa6552f2dad8441465567234e04e93fd5eb7c0","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e4bbe8a4b114e336e222a77144fa6552f2dad8441465567234e04e93fd5eb7c0","first_computed_at":"2026-05-17T23:45:51.418954Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:45:51.418954Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"iDg+svfuwfMUbXRruR9/qSsmFCRG5NzA+2e17Ahs+tcn524Fwwv1XO0ava4635jgcqvmC2FI7FgcTrtcDq2UAw==","signature_status":"signed_v1","signed_at":"2026-05-17T23:45:51.419396Z","signed_message":"canonical_sha256_bytes"},"source_id":"1905.07273","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:9cf46a5b97709f49d43d2f831d38572d24317633ad5c5d03ac34804cb34d54dc","sha256:ba164fe7deee3e2e0221da7e728848b84bed71c41d5c912a97b2a90af0a47edd"],"state_sha256":"a829ddc8796eea2ab493a160a417682b19b123ecc1863923a6d0a1e8c5961ab0"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"w1tvbwCQC4Ml+LHu74hTJbfFl17L3a3fKGjUidAnRKbjmuR9JX73/GUE5Bf1whOfxvNLtScLhNtZHfa0CrqVAg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-02T19:32:41.946791Z","bundle_sha256":"80e3d1cf632560d5321928972c4d528b791370d51d514ee651f5280bb35a6187"}}