{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:LCV245SGJJY6JP2NTK5C2CIZSG","short_pith_number":"pith:LCV245SG","canonical_record":{"source":{"id":"1906.09084","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2019-06-21T11:50:29Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"e1df1152271e2fd0ad5d14195a9175f1a7cf7007ed557dc36c3b9d0f1beb3c93","abstract_canon_sha256":"138bf84f6ea38657b20726049e80f073a2d6b986f46f481bd18e01670fb8ace0"},"schema_version":"1.0"},"canonical_sha256":"58abae76464a71e4bf4d9aba2d0919919879237d2a1c6cbf004f5da6e7e3bb51","source":{"kind":"arxiv","id":"1906.09084","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1906.09084","created_at":"2026-05-17T23:42:44Z"},{"alias_kind":"arxiv_version","alias_value":"1906.09084v1","created_at":"2026-05-17T23:42:44Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1906.09084","created_at":"2026-05-17T23:42:44Z"},{"alias_kind":"pith_short_12","alias_value":"LCV245SGJJY6","created_at":"2026-05-18T12:33:21Z"},{"alias_kind":"pith_short_16","alias_value":"LCV245SGJJY6JP2N","created_at":"2026-05-18T12:33:21Z"},{"alias_kind":"pith_short_8","alias_value":"LCV245SG","created_at":"2026-05-18T12:33:21Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:LCV245SGJJY6JP2NTK5C2CIZSG","target":"record","payload":{"canonical_record":{"source":{"id":"1906.09084","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2019-06-21T11:50:29Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"e1df1152271e2fd0ad5d14195a9175f1a7cf7007ed557dc36c3b9d0f1beb3c93","abstract_canon_sha256":"138bf84f6ea38657b20726049e80f073a2d6b986f46f481bd18e01670fb8ace0"},"schema_version":"1.0"},"canonical_sha256":"58abae76464a71e4bf4d9aba2d0919919879237d2a1c6cbf004f5da6e7e3bb51","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:42:44.613210Z","signature_b64":"viIFQSvSUjlc8ibQefSNGeCBdQ5y49suPt0awdENSgVVAk3hWedkE0dHnV/mjhE1iUUemLeoY7Cb4kH3368uAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"58abae76464a71e4bf4d9aba2d0919919879237d2a1c6cbf004f5da6e7e3bb51","last_reissued_at":"2026-05-17T23:42:44.612677Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:42:44.612677Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1906.09084","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:42:44Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"/ZuqW0Av+rd3P3qlb/CLvqGbl7SqUHsUh2lTg50SXTkA/+4vP8A1XjhlIV4sZsXRjDwnkNYH4xk9xNYRV2rECQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-05T03:30:21.208918Z"},"content_sha256":"155e53ec46ee9633ef7bee7b4c0a0a978d0981b110d2be8158b4502fe3fe0fad","schema_version":"1.0","event_id":"sha256:155e53ec46ee9633ef7bee7b4c0a0a978d0981b110d2be8158b4502fe3fe0fad"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:LCV245SGJJY6JP2NTK5C2CIZSG","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Joint Detection of Malicious Domains and Infected Clients","license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Lukas Machlica, Paul Prasse, Rene Knaebel, Tobias Scheffer, Tomas Pevny","submitted_at":"2019-06-21T11:50:29Z","abstract_excerpt":"Detection of malware-infected computers and detection of malicious web domains based on their encrypted HTTPS traffic are challenging problems, because only addresses, timestamps, and data volumes are observable. The detection problems are coupled, because infected clients tend to interact with malicious domains. Traffic data can be collected at a large scale, and antivirus tools can be used to identify infected clients in retrospect. Domains, by contrast, have to be labeled individually after forensic analysis. We explore transfer learning based on sluice networks; this allows the detection m"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1906.09084","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:42:44Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JR1nmpzTd9ZJhED0Z8sxlYaWGN7LcxDIJXix/ZUyhH1s1mgP9F9u/V1PQnLG1q6Bu9v1VN2BFoeS1ZCbNmSyBg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-05T03:30:21.209268Z"},"content_sha256":"9fff3a997182615614aab21dbfaaaf86d365f7b1884e45fb9549ba1e347ebc55","schema_version":"1.0","event_id":"sha256:9fff3a997182615614aab21dbfaaaf86d365f7b1884e45fb9549ba1e347ebc55"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/LCV245SGJJY6JP2NTK5C2CIZSG/bundle.json","state_url":"https://pith.science/pith/LCV245SGJJY6JP2NTK5C2CIZSG/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/LCV245SGJJY6JP2NTK5C2CIZSG/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-05T03:30:21Z","links":{"resolver":"https://pith.science/pith/LCV245SGJJY6JP2NTK5C2CIZSG","bundle":"https://pith.science/pith/LCV245SGJJY6JP2NTK5C2CIZSG/bundle.json","state":"https://pith.science/pith/LCV245SGJJY6JP2NTK5C2CIZSG/state.json","well_known_bundle":"https://pith.science/.well-known/pith/LCV245SGJJY6JP2NTK5C2CIZSG/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:LCV245SGJJY6JP2NTK5C2CIZSG","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"138bf84f6ea38657b20726049e80f073a2d6b986f46f481bd18e01670fb8ace0","cross_cats_sorted":["cs.CR","stat.ML"],"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2019-06-21T11:50:29Z","title_canon_sha256":"e1df1152271e2fd0ad5d14195a9175f1a7cf7007ed557dc36c3b9d0f1beb3c93"},"schema_version":"1.0","source":{"id":"1906.09084","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1906.09084","created_at":"2026-05-17T23:42:44Z"},{"alias_kind":"arxiv_version","alias_value":"1906.09084v1","created_at":"2026-05-17T23:42:44Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1906.09084","created_at":"2026-05-17T23:42:44Z"},{"alias_kind":"pith_short_12","alias_value":"LCV245SGJJY6","created_at":"2026-05-18T12:33:21Z"},{"alias_kind":"pith_short_16","alias_value":"LCV245SGJJY6JP2N","created_at":"2026-05-18T12:33:21Z"},{"alias_kind":"pith_short_8","alias_value":"LCV245SG","created_at":"2026-05-18T12:33:21Z"}],"graph_snapshots":[{"event_id":"sha256:9fff3a997182615614aab21dbfaaaf86d365f7b1884e45fb9549ba1e347ebc55","target":"graph","created_at":"2026-05-17T23:42:44Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Detection of malware-infected computers and detection of malicious web domains based on their encrypted HTTPS traffic are challenging problems, because only addresses, timestamps, and data volumes are observable. The detection problems are coupled, because infected clients tend to interact with malicious domains. Traffic data can be collected at a large scale, and antivirus tools can be used to identify infected clients in retrospect. Domains, by contrast, have to be labeled individually after forensic analysis. We explore transfer learning based on sluice networks; this allows the detection m","authors_text":"Lukas Machlica, Paul Prasse, Rene Knaebel, Tobias Scheffer, Tomas Pevny","cross_cats":["cs.CR","stat.ML"],"headline":"","license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2019-06-21T11:50:29Z","title":"Joint Detection of Malicious Domains and Infected Clients"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1906.09084","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:155e53ec46ee9633ef7bee7b4c0a0a978d0981b110d2be8158b4502fe3fe0fad","target":"record","created_at":"2026-05-17T23:42:44Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"138bf84f6ea38657b20726049e80f073a2d6b986f46f481bd18e01670fb8ace0","cross_cats_sorted":["cs.CR","stat.ML"],"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2019-06-21T11:50:29Z","title_canon_sha256":"e1df1152271e2fd0ad5d14195a9175f1a7cf7007ed557dc36c3b9d0f1beb3c93"},"schema_version":"1.0","source":{"id":"1906.09084","kind":"arxiv","version":1}},"canonical_sha256":"58abae76464a71e4bf4d9aba2d0919919879237d2a1c6cbf004f5da6e7e3bb51","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"58abae76464a71e4bf4d9aba2d0919919879237d2a1c6cbf004f5da6e7e3bb51","first_computed_at":"2026-05-17T23:42:44.612677Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:42:44.612677Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"viIFQSvSUjlc8ibQefSNGeCBdQ5y49suPt0awdENSgVVAk3hWedkE0dHnV/mjhE1iUUemLeoY7Cb4kH3368uAQ==","signature_status":"signed_v1","signed_at":"2026-05-17T23:42:44.613210Z","signed_message":"canonical_sha256_bytes"},"source_id":"1906.09084","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:155e53ec46ee9633ef7bee7b4c0a0a978d0981b110d2be8158b4502fe3fe0fad","sha256:9fff3a997182615614aab21dbfaaaf86d365f7b1884e45fb9549ba1e347ebc55"],"state_sha256":"199b6fdceb054392a4fa4acf2c09b581be6a3b3682c6af897b8e9fef16097f9c"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ST2vSNzK6tEgM5ur7YBilhQtUe2yjZ+hGU6d6t3+RZShdC8kODSdTKuaWhbiBLADMuEMBugRNEL9VMlbPDnwDQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-05T03:30:21.211467Z","bundle_sha256":"b3632fb9d9421dfd909021baec70fe5bc4251dac172c4a2e46fa1ab2068f7c0b"}}