{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2025:FN7CFKU7SHK7BC5DNEDPUM3PW5","short_pith_number":"pith:FN7CFKU7","schema_version":"1.0","canonical_sha256":"2b7e22aa9f91d5f08ba36906fa336fb77a3c915b9e0a65f5553873aaf2d5e60a","source":{"kind":"arxiv","id":"2507.22447","version":1},"attestation_state":"computed","paper":{"title":"Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"JingJing Guo, Liangliang Song, Lin Chen, Xin Wang, Yanbin Wang, Ye Tian, Zhenhuang Hu, Zhihong Liang","submitted_at":"2025-07-30T07:46:49Z","abstract_excerpt":"With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and JavaScript's inherent language characteristics, particularly its nested closure structures and syntactic flexibility. In this work, we propose DeCoda, a hybrid defense framework that combines large language model (LLM)-based deobfuscation with code graph learning: (1) We first construct a sophisticated "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2507.22447","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-07-30T07:46:49Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"98370c29848d4a20795e14e79d64bf86200c3669215100989b3740732f885c5e","abstract_canon_sha256":"82f08d6c623ea34f2821a668a87ac6916a3c0dbfb07e3cad1ecb5b8de0a2f40b"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T11:45:42.387244Z","signature_b64":"ZeV5csUfmTpRyKygP7B3/AX61ksv7QMThrDgXp8plU60wfS5BKxpc2Jd68PFzBRjHA+EkbyY0W6UDV5FkSEaDA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"2b7e22aa9f91d5f08ba36906fa336fb77a3c915b9e0a65f5553873aaf2d5e60a","last_reissued_at":"2026-07-05T11:45:42.386720Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T11:45:42.386720Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"JingJing Guo, Liangliang Song, Lin Chen, Xin Wang, Yanbin Wang, Ye Tian, Zhenhuang Hu, Zhihong Liang","submitted_at":"2025-07-30T07:46:49Z","abstract_excerpt":"With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and JavaScript's inherent language characteristics, particularly its nested closure structures and syntactic flexibility. In this work, we propose DeCoda, a hybrid defense framework that combines large language model (LLM)-based deobfuscation with code graph learning: (1) We first construct a sophisticated "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2507.22447","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2507.22447/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2507.22447","created_at":"2026-07-05T11:45:42.386784+00:00"},{"alias_kind":"arxiv_version","alias_value":"2507.22447v1","created_at":"2026-07-05T11:45:42.386784+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2507.22447","created_at":"2026-07-05T11:45:42.386784+00:00"},{"alias_kind":"pith_short_12","alias_value":"FN7CFKU7SHK7","created_at":"2026-07-05T11:45:42.386784+00:00"},{"alias_kind":"pith_short_16","alias_value":"FN7CFKU7SHK7BC5D","created_at":"2026-07-05T11:45:42.386784+00:00"},{"alias_kind":"pith_short_8","alias_value":"FN7CFKU7","created_at":"2026-07-05T11:45:42.386784+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":2,"internal_anchor_count":0,"sample":[{"citing_arxiv_id":"2605.06910","citing_title":"Benchmarking Large Language Models for IoC Recovery under Adversarial Code Obfuscation and Encryption","ref_index":10,"is_internal_anchor":false},{"citing_arxiv_id":"2604.15951","citing_title":"Integrating Graphs, Large Language Models, and Agents: Reasoning and Retrieval","ref_index":104,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5","json":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5.json","graph_json":"https://pith.science/api/pith-number/FN7CFKU7SHK7BC5DNEDPUM3PW5/graph.json","events_json":"https://pith.science/api/pith-number/FN7CFKU7SHK7BC5DNEDPUM3PW5/events.json","paper":"https://pith.science/paper/FN7CFKU7"},"agent_actions":{"view_html":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5","download_json":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5.json","view_paper":"https://pith.science/paper/FN7CFKU7","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2507.22447&json=true","fetch_graph":"https://pith.science/api/pith-number/FN7CFKU7SHK7BC5DNEDPUM3PW5/graph.json","fetch_events":"https://pith.science/api/pith-number/FN7CFKU7SHK7BC5DNEDPUM3PW5/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5/action/timestamp_anchor","attest_storage":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5/action/storage_attestation","attest_author":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5/action/author_attestation","sign_citation":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5/action/citation_signature","submit_replication":"https://pith.science/pith/FN7CFKU7SHK7BC5DNEDPUM3PW5/action/replication_record"}},"created_at":"2026-07-05T11:45:42.386784+00:00","updated_at":"2026-07-05T11:45:42.386784+00:00"}