{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:NY3B5BNKYXWGUVILARYLRBC7I2","short_pith_number":"pith:NY3B5BNK","canonical_record":{"source":{"id":"1903.10208","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CY","submitted_at":"2019-03-25T09:52:08Z","cross_cats_sorted":[],"title_canon_sha256":"a13b2fda8cb62465b61379a587ef14fa4ce75b7345e09a2edb7f68d29d0db1d2","abstract_canon_sha256":"041e9124b3b2fe8ec279ab56217f041d676b68fb57c50d93f60e0693dcb3f6a1"},"schema_version":"1.0"},"canonical_sha256":"6e361e85aac5ec6a550b0470b8845f469f3a1a64e8f64a879047de80e288cb02","source":{"kind":"arxiv","id":"1903.10208","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1903.10208","created_at":"2026-05-17T23:50:30Z"},{"alias_kind":"arxiv_version","alias_value":"1903.10208v1","created_at":"2026-05-17T23:50:30Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1903.10208","created_at":"2026-05-17T23:50:30Z"},{"alias_kind":"pith_short_12","alias_value":"NY3B5BNKYXWG","created_at":"2026-05-18T12:33:24Z"},{"alias_kind":"pith_short_16","alias_value":"NY3B5BNKYXWGUVIL","created_at":"2026-05-18T12:33:24Z"},{"alias_kind":"pith_short_8","alias_value":"NY3B5BNK","created_at":"2026-05-18T12:33:24Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:NY3B5BNKYXWGUVILARYLRBC7I2","target":"record","payload":{"canonical_record":{"source":{"id":"1903.10208","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CY","submitted_at":"2019-03-25T09:52:08Z","cross_cats_sorted":[],"title_canon_sha256":"a13b2fda8cb62465b61379a587ef14fa4ce75b7345e09a2edb7f68d29d0db1d2","abstract_canon_sha256":"041e9124b3b2fe8ec279ab56217f041d676b68fb57c50d93f60e0693dcb3f6a1"},"schema_version":"1.0"},"canonical_sha256":"6e361e85aac5ec6a550b0470b8845f469f3a1a64e8f64a879047de80e288cb02","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:50:30.311174Z","signature_b64":"wOQ8xXx80hY4KyZxRRe4b24O0x/3+vXYqYnra8ZByPdv5vqwcVv/JO6nzmAcwGtIvyGBKxFiAo3rBCmw/4PDCA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"6e361e85aac5ec6a550b0470b8845f469f3a1a64e8f64a879047de80e288cb02","last_reissued_at":"2026-05-17T23:50:30.310287Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:50:30.310287Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1903.10208","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:50:30Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"5YiDxF+VAJB04ycOS6ku7j9QxpA7AOVEk90vIsLpkXRmgMeHPxIsfpMDu43a9v+aVHzHMVZ6/aBylgwtlhoODA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-25T16:58:20.753292Z"},"content_sha256":"de42d8c169c246a5a5f8ca8bcc1f661d256f5ef94860261efe7444e047268314","schema_version":"1.0","event_id":"sha256:de42d8c169c246a5a5f8ca8bcc1f661d256f5ef94860261efe7444e047268314"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:NY3B5BNKYXWGUVILARYLRBC7I2","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Capturing the symptoms of malicious code in electronic documents by file's entropy signal combined with Machine learning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CY","authors_text":"Jiayong Liu, Liang Liu, Lingbo Qing, Luping Liu, Xiaohai He, Yong Fang","submitted_at":"2019-03-25T09:52:08Z","abstract_excerpt":"Abstract-Email cyber-attacks based on malicious documents have become the popular techniques in today's sophisticated attacks. In the past, persistent efforts have been made to detect such attacks. But there are still some common defects in the existing methods including unable to capture unknown attacks, high overhead of resource and time, and just can be used to detect specific formats of documents. In this study, a new Framework named ESRMD (Entropy signal Reflects the Malicious document) is proposed, which can detect malicious document based on the entropy distribution of the file. In esse"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1903.10208","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:50:30Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"GpfGt1UHRIyPoq/AMJ9tqw8lQLOGQCxUnpTam3Chwxc/0jalOGItDq9vltn/afDw8VEkemIwORTn9Tlxmi30CQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-25T16:58:20.753988Z"},"content_sha256":"8137c3f3c0c5106ae73205a46c859b82c802bdf96424f55bf91c8cccb9aefc21","schema_version":"1.0","event_id":"sha256:8137c3f3c0c5106ae73205a46c859b82c802bdf96424f55bf91c8cccb9aefc21"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/NY3B5BNKYXWGUVILARYLRBC7I2/bundle.json","state_url":"https://pith.science/pith/NY3B5BNKYXWGUVILARYLRBC7I2/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/NY3B5BNKYXWGUVILARYLRBC7I2/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-25T16:58:20Z","links":{"resolver":"https://pith.science/pith/NY3B5BNKYXWGUVILARYLRBC7I2","bundle":"https://pith.science/pith/NY3B5BNKYXWGUVILARYLRBC7I2/bundle.json","state":"https://pith.science/pith/NY3B5BNKYXWGUVILARYLRBC7I2/state.json","well_known_bundle":"https://pith.science/.well-known/pith/NY3B5BNKYXWGUVILARYLRBC7I2/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:NY3B5BNKYXWGUVILARYLRBC7I2","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"041e9124b3b2fe8ec279ab56217f041d676b68fb57c50d93f60e0693dcb3f6a1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CY","submitted_at":"2019-03-25T09:52:08Z","title_canon_sha256":"a13b2fda8cb62465b61379a587ef14fa4ce75b7345e09a2edb7f68d29d0db1d2"},"schema_version":"1.0","source":{"id":"1903.10208","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1903.10208","created_at":"2026-05-17T23:50:30Z"},{"alias_kind":"arxiv_version","alias_value":"1903.10208v1","created_at":"2026-05-17T23:50:30Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1903.10208","created_at":"2026-05-17T23:50:30Z"},{"alias_kind":"pith_short_12","alias_value":"NY3B5BNKYXWG","created_at":"2026-05-18T12:33:24Z"},{"alias_kind":"pith_short_16","alias_value":"NY3B5BNKYXWGUVIL","created_at":"2026-05-18T12:33:24Z"},{"alias_kind":"pith_short_8","alias_value":"NY3B5BNK","created_at":"2026-05-18T12:33:24Z"}],"graph_snapshots":[{"event_id":"sha256:8137c3f3c0c5106ae73205a46c859b82c802bdf96424f55bf91c8cccb9aefc21","target":"graph","created_at":"2026-05-17T23:50:30Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Abstract-Email cyber-attacks based on malicious documents have become the popular techniques in today's sophisticated attacks. In the past, persistent efforts have been made to detect such attacks. But there are still some common defects in the existing methods including unable to capture unknown attacks, high overhead of resource and time, and just can be used to detect specific formats of documents. In this study, a new Framework named ESRMD (Entropy signal Reflects the Malicious document) is proposed, which can detect malicious document based on the entropy distribution of the file. In esse","authors_text":"Jiayong Liu, Liang Liu, Lingbo Qing, Luping Liu, Xiaohai He, Yong Fang","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CY","submitted_at":"2019-03-25T09:52:08Z","title":"Capturing the symptoms of malicious code in electronic documents by file's entropy signal combined with Machine learning"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1903.10208","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:de42d8c169c246a5a5f8ca8bcc1f661d256f5ef94860261efe7444e047268314","target":"record","created_at":"2026-05-17T23:50:30Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"041e9124b3b2fe8ec279ab56217f041d676b68fb57c50d93f60e0693dcb3f6a1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CY","submitted_at":"2019-03-25T09:52:08Z","title_canon_sha256":"a13b2fda8cb62465b61379a587ef14fa4ce75b7345e09a2edb7f68d29d0db1d2"},"schema_version":"1.0","source":{"id":"1903.10208","kind":"arxiv","version":1}},"canonical_sha256":"6e361e85aac5ec6a550b0470b8845f469f3a1a64e8f64a879047de80e288cb02","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"6e361e85aac5ec6a550b0470b8845f469f3a1a64e8f64a879047de80e288cb02","first_computed_at":"2026-05-17T23:50:30.310287Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:50:30.310287Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"wOQ8xXx80hY4KyZxRRe4b24O0x/3+vXYqYnra8ZByPdv5vqwcVv/JO6nzmAcwGtIvyGBKxFiAo3rBCmw/4PDCA==","signature_status":"signed_v1","signed_at":"2026-05-17T23:50:30.311174Z","signed_message":"canonical_sha256_bytes"},"source_id":"1903.10208","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:de42d8c169c246a5a5f8ca8bcc1f661d256f5ef94860261efe7444e047268314","sha256:8137c3f3c0c5106ae73205a46c859b82c802bdf96424f55bf91c8cccb9aefc21"],"state_sha256":"ab308e327ca0a7d219999d573e23155687a7b045f7abc5e67bbc4995dc4af654"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"DNBjxSHFiLy3GvW4IJ5KIuHTSUhCHuNzv0Ha6bOsYmSJpn7FTzjSKvwzJHudn9HxtPXEc8o2aCVj/XgbErPuBA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-25T16:58:20.757730Z","bundle_sha256":"54ff71c66af9f180b3e14138b2fdb1d8f9b1ee0b6710d3f2654275beae9c5455"}}