pith. sign in
Pith Number

pith:EB6I22WJ

pith:2026:EB6I22WJTAWIDAP7DUUAWZ343J
not attested not anchored not stored refs resolved

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

Alex Carbajal, Asma Jodeiri Akbarfam, Caleb Faultersack, Jonahtan Vasquez, Shereen Ismail

AI-assisted bots use micro-pacing delays to evade 97.47% of standard volumetric IDS thresholds while ICS port targeting nearly doubles.

arxiv:2605.14209 v1 · 2026-05-14 · cs.CR · cs.NI

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{EB6I22WJTAWIDAP7DUUAWZ343J}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Our simulated anomaly-based IDS demonstrates that these evasion techniques enable 97.47% of modern bot traffic to bypass standard volumetric thresholds undetected. Compensatory sensitivity tuning triggers a 68.10% false-positive rate.

C2weakest assumption

The assumption that the Merit ORION darknet dataset is representative of reconnaissance traffic that would actually reach and target operational ICS/IIoT devices, and that the simulated IDS accurately models real-world deployment conditions and thresholds.

C3one line summary

Darknet analysis shows ICS bot traffic doubling from 0.82% to 1.51% over four years, with micro-pacing enabling 97.47% evasion of standard volumetric IDS thresholds.

References

21 extracted · 21 resolved · 1 Pith anchors

[1] Analysis of a 2012
[2] Spatial temporal anal- ysis of 40,000,000,000,000 internet darkspace packets, 2021
[3] Analyzing Unsolicited Internet Traffic: Measuring IoT Security Threats via Network Telescopes 2026 · arXiv:2605.02795
[4] 2025 bad bot report, 2025
[5] Guide to operational technology (ot) security, 2023

Formal links

2 machine-checked theorem links

Receipt and verification
First computed 2026-05-17T23:39:10.947736Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

207c8d6ac9982c8181ff1d280b677cda507eba214a8f02003845a49b62aef0e8

Aliases

arxiv: 2605.14209 · arxiv_version: 2605.14209v1 · doi: 10.48550/arxiv.2605.14209 · pith_short_12: EB6I22WJTAWI · pith_short_16: EB6I22WJTAWIDAP7 · pith_short_8: EB6I22WJ
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/EB6I22WJTAWIDAP7DUUAWZ343J \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 207c8d6ac9982c8181ff1d280b677cda507eba214a8f02003845a49b62aef0e8
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "da6b2c9d4b4ab01fbf66caa28b8154da6c4572617507713d6a9528f9699db008",
    "cross_cats_sorted": [
      "cs.NI"
    ],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-14T00:07:20Z",
    "title_canon_sha256": "e704716f3744eee90aecc70d1a8b79f69361a06607fc3e3753e274f1db4bd660"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.14209",
    "kind": "arxiv",
    "version": 1
  }
}