pith. sign in
Pith Number

pith:HIOSBNNS

pith:2026:HIOSBNNSI537TDN2T7DKX3XM3D
not attested not anchored not stored refs resolved

CLOUDBURST: Cloud-Layer Observations Using Beacons for Unified Real-time Surveillance and Threat Attribution

Abraham Itzhak Weinberg

IAM Canary Roles achieve the highest Cloud Attribution Score for surveillance and threat attribution in cloud environments.

arxiv:2605.12976 v1 · 2026-05-13 · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{HIOSBNNSI537TDN2T7DKX3XM3D}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

IAM Canary Roles achieve the highest CAS (mean 0.450) and Detection Resistance (DR = 0.873), making them the most deployable vector; S3 Presigned URLs achieve the highest detection resistance (DR = 0.890) surviving all three cloud-native scanner models.

C2weakest assumption

The 205 simulated callbacks and three attacker sophistication levels accurately represent real-world attacker behavior and the detection capabilities of commercial cloud scanners such as AWS Macie and Prisma Cloud.

C3one line summary

CLOUDBURST defines the first formal taxonomy for cloud passive beacons and a CAS metric, finding IAM roles most effective while showing rapid attribution decay from infrastructure churn.

References

17 extracted · 17 resolved · 2 Pith anchors

[1] Evaluating advanced cybersecurity technologies for cloud environments, 2025 2025
[2] Cyber deception: Taxonomy, state of the art, frameworks, trends, and open challenges.IEEE Communications Surveys & Tutorials, 2025 2025
[3] Securing your network with honey- pot, canerytokens and docker on aws 2023
[4] Loris Degioanni and Leonardo Grasso.Practical Cloud Native Security with Falco. " O’Reilly Media, Inc.", 2022 2022
[5] Verizon 2024 data breach investigations report.The Verizon DBIR Team 2024
Receipt and verification
First computed 2026-05-18T03:09:08.711483Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

3a1d20b5b24777f98dba9fc6abeeecd8d3113875dcd8fd2340f02b983476316f

Aliases

arxiv: 2605.12976 · arxiv_version: 2605.12976v1 · doi: 10.48550/arxiv.2605.12976 · pith_short_12: HIOSBNNSI537 · pith_short_16: HIOSBNNSI537TDN2 · pith_short_8: HIOSBNNS
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/HIOSBNNSI537TDN2T7DKX3XM3D \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 3a1d20b5b24777f98dba9fc6abeeecd8d3113875dcd8fd2340f02b983476316f
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "d8e093a5ed8f71491c98ca9e0d54b3da22af0a0579070b6496bc9e18375786ac",
    "cross_cats_sorted": [],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-13T04:14:21Z",
    "title_canon_sha256": "366f5dae889574f78f76944ddea3b1540a82e42614a4d70c3baa6ea67fe93a96"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.12976",
    "kind": "arxiv",
    "version": 1
  }
}