{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2014:CNOWANJ3OPJQQ5KYNFVOL77FYI","short_pith_number":"pith:CNOWANJ3","canonical_record":{"source":{"id":"1411.5005","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-11-18T20:36:07Z","cross_cats_sorted":[],"title_canon_sha256":"c2610168608e5bc0a916ea82577a86727c4f5e745bb2283c3cbddb02b870003d","abstract_canon_sha256":"29085187fd20b099565999ed0017228105b93413117151ee0b714618bae5e397"},"schema_version":"1.0"},"canonical_sha256":"135d60353b73d3087558696ae5ffe5c22fd26bcb9a1fd15f901adb6bfa1349ab","source":{"kind":"arxiv","id":"1411.5005","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1411.5005","created_at":"2026-05-18T02:32:52Z"},{"alias_kind":"arxiv_version","alias_value":"1411.5005v2","created_at":"2026-05-18T02:32:52Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1411.5005","created_at":"2026-05-18T02:32:52Z"},{"alias_kind":"pith_short_12","alias_value":"CNOWANJ3OPJQ","created_at":"2026-05-18T12:28:22Z"},{"alias_kind":"pith_short_16","alias_value":"CNOWANJ3OPJQQ5KY","created_at":"2026-05-18T12:28:22Z"},{"alias_kind":"pith_short_8","alias_value":"CNOWANJ3","created_at":"2026-05-18T12:28:22Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2014:CNOWANJ3OPJQQ5KYNFVOL77FYI","target":"record","payload":{"canonical_record":{"source":{"id":"1411.5005","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-11-18T20:36:07Z","cross_cats_sorted":[],"title_canon_sha256":"c2610168608e5bc0a916ea82577a86727c4f5e745bb2283c3cbddb02b870003d","abstract_canon_sha256":"29085187fd20b099565999ed0017228105b93413117151ee0b714618bae5e397"},"schema_version":"1.0"},"canonical_sha256":"135d60353b73d3087558696ae5ffe5c22fd26bcb9a1fd15f901adb6bfa1349ab","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T02:32:52.856934Z","signature_b64":"VepaCLIwrvea7q41yeZ8ZTYWuZ9cRTCE4l7VLNityzZiyHfvThW0q+DxrhxIC8xvOMkYpcwQWtMp1P9bkyT1Bw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"135d60353b73d3087558696ae5ffe5c22fd26bcb9a1fd15f901adb6bfa1349ab","last_reissued_at":"2026-05-18T02:32:52.856278Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T02:32:52.856278Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1411.5005","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T02:32:52Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"tDUROCMl/C6rNt+Io0eIfK8Pbxv7H1pMrvcIuiRnenDrgH6O05knWFJQoqMBECf0D6LAIwtdd566OpojDj1MBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T16:59:05.253776Z"},"content_sha256":"301b857e7798f0a5ee74928a8b719d218ea63e865a96b1c1a6a4977974738a09","schema_version":"1.0","event_id":"sha256:301b857e7798f0a5ee74928a8b719d218ea63e865a96b1c1a6a4977974738a09"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2014:CNOWANJ3OPJQQ5KYNFVOL77FYI","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Alina Oprea, Sang Chin, Sumayah Alrwais, Ting-Fang Yen, Zhou Li","submitted_at":"2014-11-18T20:36:07Z","abstract_excerpt":"Recent years have seen the rise of more sophisticated attacks including advanced persistent threats (APTs) which pose severe risks to organizations and governments by targeting confidential proprietary information. Additionally, new malware strains are appearing at a higher rate than ever before. Since many of these malware are designed to evade existing security products, traditional defenses deployed by most enterprises today, e.g., anti-virus, firewalls, intrusion detection systems, often fail at detecting infections at an early stage.\n  We address the problem of detecting early-stage infec"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1411.5005","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T02:32:52Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ToiNDCDqi0yFhi1HFOcOWwP36lPpncWiIyBzNKQZbwAA27xznZsDQwuYYziNh9z/zz3wxVf+zT2IoQWpb9OxAg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T16:59:05.254126Z"},"content_sha256":"15dc0bad4b8c7eee8fc3ddaf3f9350a02a4e3e45e89e7b728041700f33c86a26","schema_version":"1.0","event_id":"sha256:15dc0bad4b8c7eee8fc3ddaf3f9350a02a4e3e45e89e7b728041700f33c86a26"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI/bundle.json","state_url":"https://pith.science/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-03T16:59:05Z","links":{"resolver":"https://pith.science/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI","bundle":"https://pith.science/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI/bundle.json","state":"https://pith.science/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI/state.json","well_known_bundle":"https://pith.science/.well-known/pith/CNOWANJ3OPJQQ5KYNFVOL77FYI/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2014:CNOWANJ3OPJQQ5KYNFVOL77FYI","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"29085187fd20b099565999ed0017228105b93413117151ee0b714618bae5e397","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-11-18T20:36:07Z","title_canon_sha256":"c2610168608e5bc0a916ea82577a86727c4f5e745bb2283c3cbddb02b870003d"},"schema_version":"1.0","source":{"id":"1411.5005","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1411.5005","created_at":"2026-05-18T02:32:52Z"},{"alias_kind":"arxiv_version","alias_value":"1411.5005v2","created_at":"2026-05-18T02:32:52Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1411.5005","created_at":"2026-05-18T02:32:52Z"},{"alias_kind":"pith_short_12","alias_value":"CNOWANJ3OPJQ","created_at":"2026-05-18T12:28:22Z"},{"alias_kind":"pith_short_16","alias_value":"CNOWANJ3OPJQQ5KY","created_at":"2026-05-18T12:28:22Z"},{"alias_kind":"pith_short_8","alias_value":"CNOWANJ3","created_at":"2026-05-18T12:28:22Z"}],"graph_snapshots":[{"event_id":"sha256:15dc0bad4b8c7eee8fc3ddaf3f9350a02a4e3e45e89e7b728041700f33c86a26","target":"graph","created_at":"2026-05-18T02:32:52Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Recent years have seen the rise of more sophisticated attacks including advanced persistent threats (APTs) which pose severe risks to organizations and governments by targeting confidential proprietary information. Additionally, new malware strains are appearing at a higher rate than ever before. Since many of these malware are designed to evade existing security products, traditional defenses deployed by most enterprises today, e.g., anti-virus, firewalls, intrusion detection systems, often fail at detecting infections at an early stage.\n  We address the problem of detecting early-stage infec","authors_text":"Alina Oprea, Sang Chin, Sumayah Alrwais, Ting-Fang Yen, Zhou Li","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-11-18T20:36:07Z","title":"Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1411.5005","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:301b857e7798f0a5ee74928a8b719d218ea63e865a96b1c1a6a4977974738a09","target":"record","created_at":"2026-05-18T02:32:52Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"29085187fd20b099565999ed0017228105b93413117151ee0b714618bae5e397","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-11-18T20:36:07Z","title_canon_sha256":"c2610168608e5bc0a916ea82577a86727c4f5e745bb2283c3cbddb02b870003d"},"schema_version":"1.0","source":{"id":"1411.5005","kind":"arxiv","version":2}},"canonical_sha256":"135d60353b73d3087558696ae5ffe5c22fd26bcb9a1fd15f901adb6bfa1349ab","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"135d60353b73d3087558696ae5ffe5c22fd26bcb9a1fd15f901adb6bfa1349ab","first_computed_at":"2026-05-18T02:32:52.856278Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T02:32:52.856278Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"VepaCLIwrvea7q41yeZ8ZTYWuZ9cRTCE4l7VLNityzZiyHfvThW0q+DxrhxIC8xvOMkYpcwQWtMp1P9bkyT1Bw==","signature_status":"signed_v1","signed_at":"2026-05-18T02:32:52.856934Z","signed_message":"canonical_sha256_bytes"},"source_id":"1411.5005","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:301b857e7798f0a5ee74928a8b719d218ea63e865a96b1c1a6a4977974738a09","sha256:15dc0bad4b8c7eee8fc3ddaf3f9350a02a4e3e45e89e7b728041700f33c86a26"],"state_sha256":"4484eb21ec59d279b83522b05adc67e219e32de9b0732e28984d08100b164e64"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"lrwmxsWzFN3DCJUF2MRea5cgL/p0b+3Oewt6JvvZCKSf5rY552FvV0nsq7qcoEv3Ol60vuphFOjrhRNcrUF7Dg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-03T16:59:05.256124Z","bundle_sha256":"95a324d3e49fbf1f5f09fb4b12213d154c26867593e61f9893bfae9910fb2b06"}}