{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2014:A5NMOIH3MUJU2TF765GLWHVOMN","short_pith_number":"pith:A5NMOIH3","canonical_record":{"source":{"id":"1412.3664","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-12-11T14:51:17Z","cross_cats_sorted":[],"title_canon_sha256":"8a30dee3761b8ce4564743d09afcca08d147a08faffd5424549e1910369d5662","abstract_canon_sha256":"25d402da2c468cd0f07c6badfc1b475c9b8d75fd31d841ddad92887ed372ac14"},"schema_version":"1.0"},"canonical_sha256":"075ac720fb65134d4cbff74cbb1eae63577ee4eb503de0c191179e1427c7f4aa","source":{"kind":"arxiv","id":"1412.3664","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1412.3664","created_at":"2026-05-18T01:08:31Z"},{"alias_kind":"arxiv_version","alias_value":"1412.3664v3","created_at":"2026-05-18T01:08:31Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1412.3664","created_at":"2026-05-18T01:08:31Z"},{"alias_kind":"pith_short_12","alias_value":"A5NMOIH3MUJU","created_at":"2026-05-18T12:28:19Z"},{"alias_kind":"pith_short_16","alias_value":"A5NMOIH3MUJU2TF7","created_at":"2026-05-18T12:28:19Z"},{"alias_kind":"pith_short_8","alias_value":"A5NMOIH3","created_at":"2026-05-18T12:28:19Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2014:A5NMOIH3MUJU2TF765GLWHVOMN","target":"record","payload":{"canonical_record":{"source":{"id":"1412.3664","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-12-11T14:51:17Z","cross_cats_sorted":[],"title_canon_sha256":"8a30dee3761b8ce4564743d09afcca08d147a08faffd5424549e1910369d5662","abstract_canon_sha256":"25d402da2c468cd0f07c6badfc1b475c9b8d75fd31d841ddad92887ed372ac14"},"schema_version":"1.0"},"canonical_sha256":"075ac720fb65134d4cbff74cbb1eae63577ee4eb503de0c191179e1427c7f4aa","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:08:31.115436Z","signature_b64":"nQMYFMRijRMO8g6o25n4QQt/SoLRtZmO4OmwHjHRUr8HA66ECKgAI3DCT1Sznax7DQkv8SMKQTV8d6esi7QUDQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"075ac720fb65134d4cbff74cbb1eae63577ee4eb503de0c191179e1427c7f4aa","last_reissued_at":"2026-05-18T01:08:31.114875Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:08:31.114875Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1412.3664","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:08:31Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"uHfyrJJOybUmVC0i/oOgdFwbabnKURpZfYQ9XbzhjAj/6pJiIiuDT93Kb5yV+hDLXjw7KI5zHWzp9WhO650TAA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-24T16:29:53.263091Z"},"content_sha256":"f95eb8aa9e9720c2479369b71ebe5c8a9e25bef06ce0f40980b77df68726197d","schema_version":"1.0","event_id":"sha256:f95eb8aa9e9720c2479369b71ebe5c8a9e25bef06ce0f40980b77df68726197d"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2014:A5NMOIH3MUJU2TF765GLWHVOMN","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Exploiting n-gram location for intrusion detection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Angelo Furfaro, Fabrizio Angiulli, Luciano Argento","submitted_at":"2014-12-11T14:51:17Z","abstract_excerpt":"Signature-based and protocol-based intrusion detection systems (IDS) are employed as means to reveal content-based network attacks. Such systems have proven to be effective in identifying known intrusion attempts and exploits but they fail to recognize new types of attacks or carefully crafted variants of well known ones. This paper presents the design and the development of an anomaly-based IDS technique which is able to detect content-based attacks carried out over application level protocols, like HTTP and FTP. In order to identify anomalous packets, the payload is split up in chunks of equ"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1412.3664","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:08:31Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"gnxx7fpsz62soEc6tjFc7129pkNLYy1TvbYRAX58NGW1q//SaaJD6h//GEpSBH4TBYR/le79kxa6evjSMr4DCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-24T16:29:53.263743Z"},"content_sha256":"ee3f103b2861fea0afa7847f6cd7e5556d8442dbe23b0c21fdbac0ec6b7ac451","schema_version":"1.0","event_id":"sha256:ee3f103b2861fea0afa7847f6cd7e5556d8442dbe23b0c21fdbac0ec6b7ac451"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/A5NMOIH3MUJU2TF765GLWHVOMN/bundle.json","state_url":"https://pith.science/pith/A5NMOIH3MUJU2TF765GLWHVOMN/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/A5NMOIH3MUJU2TF765GLWHVOMN/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-24T16:29:53Z","links":{"resolver":"https://pith.science/pith/A5NMOIH3MUJU2TF765GLWHVOMN","bundle":"https://pith.science/pith/A5NMOIH3MUJU2TF765GLWHVOMN/bundle.json","state":"https://pith.science/pith/A5NMOIH3MUJU2TF765GLWHVOMN/state.json","well_known_bundle":"https://pith.science/.well-known/pith/A5NMOIH3MUJU2TF765GLWHVOMN/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2014:A5NMOIH3MUJU2TF765GLWHVOMN","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"25d402da2c468cd0f07c6badfc1b475c9b8d75fd31d841ddad92887ed372ac14","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-12-11T14:51:17Z","title_canon_sha256":"8a30dee3761b8ce4564743d09afcca08d147a08faffd5424549e1910369d5662"},"schema_version":"1.0","source":{"id":"1412.3664","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1412.3664","created_at":"2026-05-18T01:08:31Z"},{"alias_kind":"arxiv_version","alias_value":"1412.3664v3","created_at":"2026-05-18T01:08:31Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1412.3664","created_at":"2026-05-18T01:08:31Z"},{"alias_kind":"pith_short_12","alias_value":"A5NMOIH3MUJU","created_at":"2026-05-18T12:28:19Z"},{"alias_kind":"pith_short_16","alias_value":"A5NMOIH3MUJU2TF7","created_at":"2026-05-18T12:28:19Z"},{"alias_kind":"pith_short_8","alias_value":"A5NMOIH3","created_at":"2026-05-18T12:28:19Z"}],"graph_snapshots":[{"event_id":"sha256:ee3f103b2861fea0afa7847f6cd7e5556d8442dbe23b0c21fdbac0ec6b7ac451","target":"graph","created_at":"2026-05-18T01:08:31Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Signature-based and protocol-based intrusion detection systems (IDS) are employed as means to reveal content-based network attacks. Such systems have proven to be effective in identifying known intrusion attempts and exploits but they fail to recognize new types of attacks or carefully crafted variants of well known ones. This paper presents the design and the development of an anomaly-based IDS technique which is able to detect content-based attacks carried out over application level protocols, like HTTP and FTP. In order to identify anomalous packets, the payload is split up in chunks of equ","authors_text":"Angelo Furfaro, Fabrizio Angiulli, Luciano Argento","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-12-11T14:51:17Z","title":"Exploiting n-gram location for intrusion detection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1412.3664","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:f95eb8aa9e9720c2479369b71ebe5c8a9e25bef06ce0f40980b77df68726197d","target":"record","created_at":"2026-05-18T01:08:31Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"25d402da2c468cd0f07c6badfc1b475c9b8d75fd31d841ddad92887ed372ac14","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-12-11T14:51:17Z","title_canon_sha256":"8a30dee3761b8ce4564743d09afcca08d147a08faffd5424549e1910369d5662"},"schema_version":"1.0","source":{"id":"1412.3664","kind":"arxiv","version":3}},"canonical_sha256":"075ac720fb65134d4cbff74cbb1eae63577ee4eb503de0c191179e1427c7f4aa","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"075ac720fb65134d4cbff74cbb1eae63577ee4eb503de0c191179e1427c7f4aa","first_computed_at":"2026-05-18T01:08:31.114875Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T01:08:31.114875Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"nQMYFMRijRMO8g6o25n4QQt/SoLRtZmO4OmwHjHRUr8HA66ECKgAI3DCT1Sznax7DQkv8SMKQTV8d6esi7QUDQ==","signature_status":"signed_v1","signed_at":"2026-05-18T01:08:31.115436Z","signed_message":"canonical_sha256_bytes"},"source_id":"1412.3664","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:f95eb8aa9e9720c2479369b71ebe5c8a9e25bef06ce0f40980b77df68726197d","sha256:ee3f103b2861fea0afa7847f6cd7e5556d8442dbe23b0c21fdbac0ec6b7ac451"],"state_sha256":"c1f403f1d43c47281a664fa41672ca77beeb92535cf93c1b44d04a8a6e3163f4"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"w49RoGaH1BvpXBI3/eapXV5jZEsWQo+Qzyeu7Ir1NmFZPdZ+Mqi5j/in6a3XWmUJk62PSJkbRjgivWBibhWaBQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-24T16:29:53.267754Z","bundle_sha256":"07b2defe44dd545c01bc376c4fa1883b155ba768e250585476de32a6e119feda"}}