{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:CAI2YZOU23GBW2WJFIKSZFLG47","short_pith_number":"pith:CAI2YZOU","canonical_record":{"source":{"id":"1902.03955","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-02-11T15:50:20Z","cross_cats_sorted":[],"title_canon_sha256":"dc19aa1fd75d7b99903650554d66997e809e38c80e37bd6a658ba288fff888e3","abstract_canon_sha256":"ef5448fc47ffe680a417a2645733ba3488abe594a0f4e612a55f26dbf7bee0de"},"schema_version":"1.0"},"canonical_sha256":"1011ac65d4d6cc1b6ac92a152c9566e7cfc9a1f02f8e725968b11d34f898042c","source":{"kind":"arxiv","id":"1902.03955","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1902.03955","created_at":"2026-05-17T23:54:17Z"},{"alias_kind":"arxiv_version","alias_value":"1902.03955v1","created_at":"2026-05-17T23:54:17Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1902.03955","created_at":"2026-05-17T23:54:17Z"},{"alias_kind":"pith_short_12","alias_value":"CAI2YZOU23GB","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_16","alias_value":"CAI2YZOU23GBW2WJ","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_8","alias_value":"CAI2YZOU","created_at":"2026-05-18T12:33:12Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:CAI2YZOU23GBW2WJFIKSZFLG47","target":"record","payload":{"canonical_record":{"source":{"id":"1902.03955","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-02-11T15:50:20Z","cross_cats_sorted":[],"title_canon_sha256":"dc19aa1fd75d7b99903650554d66997e809e38c80e37bd6a658ba288fff888e3","abstract_canon_sha256":"ef5448fc47ffe680a417a2645733ba3488abe594a0f4e612a55f26dbf7bee0de"},"schema_version":"1.0"},"canonical_sha256":"1011ac65d4d6cc1b6ac92a152c9566e7cfc9a1f02f8e725968b11d34f898042c","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:54:17.496400Z","signature_b64":"xVBIU0/RcRanvdvcGXCx6/8Do+j7vlQx6Y/MDIONkCdK6Fx+d4kZZp08Puq8dmRNAR0oUMTFBbWv93nbgFfIDA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1011ac65d4d6cc1b6ac92a152c9566e7cfc9a1f02f8e725968b11d34f898042c","last_reissued_at":"2026-05-17T23:54:17.495717Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:54:17.495717Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1902.03955","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:54:17Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"mYCCaAGXK4e4n4V+w+Ltv1c9XDIVvDYpBYhTQ1WN7xUB2a4gM8OuUUmewqdsgZb36Hv1k1QN5+0lyxTYyw+aBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T08:40:12.957443Z"},"content_sha256":"532856333ba8f3893826d4a28189808b35c8638a13ab153483fcf66d19c5c8a3","schema_version":"1.0","event_id":"sha256:532856333ba8f3893826d4a28189808b35c8638a13ab153483fcf66d19c5c8a3"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:CAI2YZOU23GBW2WJFIKSZFLG47","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Analyzing, Comparing, and Detecting Emerging Malware: A Graph-based Approach","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Afsah Anwar, Aminollah Khormali, Aziz Mohaisen, DaeHun Nyang, Hisham Alasmary, Jeman Park, Jinchun Choi","submitted_at":"2019-02-11T15:50:20Z","abstract_excerpt":"The growth in the number of Android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware), calling for new analysis approaches. We represent binaries using their graph properties of the Control Flow Graph (CFG) structure and conduct an in-depth analysis of malicious graphs extracted from the Android and IoT malware to understand their differences. Using 2,874 and 2,891 malware binaries corresponding to IoT and Android samples, we analyze both general characteristics and graph algorithmic properties. Using the CFG as an abstract str"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1902.03955","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:54:17Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"RUuJVuYIcfmxGiIKFrkhWiwJEdgOmMICdTAY7WE1F8Lt97N4CykZnJZjqXphYnnaR1IZvwB3HSChRu6uGTwMDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T08:40:12.958116Z"},"content_sha256":"1fb02ec18f860f4f8099a099f8c78b69b4f8455972efaea95f717c46519d890b","schema_version":"1.0","event_id":"sha256:1fb02ec18f860f4f8099a099f8c78b69b4f8455972efaea95f717c46519d890b"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/CAI2YZOU23GBW2WJFIKSZFLG47/bundle.json","state_url":"https://pith.science/pith/CAI2YZOU23GBW2WJFIKSZFLG47/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/CAI2YZOU23GBW2WJFIKSZFLG47/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-04T08:40:12Z","links":{"resolver":"https://pith.science/pith/CAI2YZOU23GBW2WJFIKSZFLG47","bundle":"https://pith.science/pith/CAI2YZOU23GBW2WJFIKSZFLG47/bundle.json","state":"https://pith.science/pith/CAI2YZOU23GBW2WJFIKSZFLG47/state.json","well_known_bundle":"https://pith.science/.well-known/pith/CAI2YZOU23GBW2WJFIKSZFLG47/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:CAI2YZOU23GBW2WJFIKSZFLG47","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"ef5448fc47ffe680a417a2645733ba3488abe594a0f4e612a55f26dbf7bee0de","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-02-11T15:50:20Z","title_canon_sha256":"dc19aa1fd75d7b99903650554d66997e809e38c80e37bd6a658ba288fff888e3"},"schema_version":"1.0","source":{"id":"1902.03955","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1902.03955","created_at":"2026-05-17T23:54:17Z"},{"alias_kind":"arxiv_version","alias_value":"1902.03955v1","created_at":"2026-05-17T23:54:17Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1902.03955","created_at":"2026-05-17T23:54:17Z"},{"alias_kind":"pith_short_12","alias_value":"CAI2YZOU23GB","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_16","alias_value":"CAI2YZOU23GBW2WJ","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_8","alias_value":"CAI2YZOU","created_at":"2026-05-18T12:33:12Z"}],"graph_snapshots":[{"event_id":"sha256:1fb02ec18f860f4f8099a099f8c78b69b4f8455972efaea95f717c46519d890b","target":"graph","created_at":"2026-05-17T23:54:17Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"The growth in the number of Android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware), calling for new analysis approaches. We represent binaries using their graph properties of the Control Flow Graph (CFG) structure and conduct an in-depth analysis of malicious graphs extracted from the Android and IoT malware to understand their differences. Using 2,874 and 2,891 malware binaries corresponding to IoT and Android samples, we analyze both general characteristics and graph algorithmic properties. Using the CFG as an abstract str","authors_text":"Afsah Anwar, Aminollah Khormali, Aziz Mohaisen, DaeHun Nyang, Hisham Alasmary, Jeman Park, Jinchun Choi","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-02-11T15:50:20Z","title":"Analyzing, Comparing, and Detecting Emerging Malware: A Graph-based Approach"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1902.03955","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:532856333ba8f3893826d4a28189808b35c8638a13ab153483fcf66d19c5c8a3","target":"record","created_at":"2026-05-17T23:54:17Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"ef5448fc47ffe680a417a2645733ba3488abe594a0f4e612a55f26dbf7bee0de","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-02-11T15:50:20Z","title_canon_sha256":"dc19aa1fd75d7b99903650554d66997e809e38c80e37bd6a658ba288fff888e3"},"schema_version":"1.0","source":{"id":"1902.03955","kind":"arxiv","version":1}},"canonical_sha256":"1011ac65d4d6cc1b6ac92a152c9566e7cfc9a1f02f8e725968b11d34f898042c","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1011ac65d4d6cc1b6ac92a152c9566e7cfc9a1f02f8e725968b11d34f898042c","first_computed_at":"2026-05-17T23:54:17.495717Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:54:17.495717Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"xVBIU0/RcRanvdvcGXCx6/8Do+j7vlQx6Y/MDIONkCdK6Fx+d4kZZp08Puq8dmRNAR0oUMTFBbWv93nbgFfIDA==","signature_status":"signed_v1","signed_at":"2026-05-17T23:54:17.496400Z","signed_message":"canonical_sha256_bytes"},"source_id":"1902.03955","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:532856333ba8f3893826d4a28189808b35c8638a13ab153483fcf66d19c5c8a3","sha256:1fb02ec18f860f4f8099a099f8c78b69b4f8455972efaea95f717c46519d890b"],"state_sha256":"0ca746a12f0288bb176bc7e91b55359c2f52c7bd2a76929f372ee0aaeb7dd237"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"GFIiOS7DAPjcQsNdkcMdEHO1RZahCpwj8118CM6ezVSLqkkjZBOVfWZ2yyUwqHAcDsm9sVC5Hb63168amvt+Bw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-04T08:40:12.961975Z","bundle_sha256":"7b67312f534688adc419afc99fdebb01efc096bdec2d68859033dd30d0db712d"}}