{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2016:P5USI7QORF6BGESY2DBAQZ27WS","short_pith_number":"pith:P5USI7QO","canonical_record":{"source":{"id":"1611.07392","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-11-22T16:23:39Z","cross_cats_sorted":["cs.DC"],"title_canon_sha256":"025d267ae030b9fead52af5252201a25af67876768e7fbf17cf1026f529ca641","abstract_canon_sha256":"c62eeda14513e0d7b740124cf1c92e41c59dd0cd56f548e034b21da929a95f83"},"schema_version":"1.0"},"canonical_sha256":"7f69247e0e897c131258d0c208675fb48876bf6ad6f78c8d7b4d13f922d26ba7","source":{"kind":"arxiv","id":"1611.07392","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1611.07392","created_at":"2026-05-18T00:57:24Z"},{"alias_kind":"arxiv_version","alias_value":"1611.07392v1","created_at":"2026-05-18T00:57:24Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1611.07392","created_at":"2026-05-18T00:57:24Z"},{"alias_kind":"pith_short_12","alias_value":"P5USI7QORF6B","created_at":"2026-05-18T12:30:36Z"},{"alias_kind":"pith_short_16","alias_value":"P5USI7QORF6BGESY","created_at":"2026-05-18T12:30:36Z"},{"alias_kind":"pith_short_8","alias_value":"P5USI7QO","created_at":"2026-05-18T12:30:36Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2016:P5USI7QORF6BGESY2DBAQZ27WS","target":"record","payload":{"canonical_record":{"source":{"id":"1611.07392","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-11-22T16:23:39Z","cross_cats_sorted":["cs.DC"],"title_canon_sha256":"025d267ae030b9fead52af5252201a25af67876768e7fbf17cf1026f529ca641","abstract_canon_sha256":"c62eeda14513e0d7b740124cf1c92e41c59dd0cd56f548e034b21da929a95f83"},"schema_version":"1.0"},"canonical_sha256":"7f69247e0e897c131258d0c208675fb48876bf6ad6f78c8d7b4d13f922d26ba7","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:57:24.112803Z","signature_b64":"QDXN5A6I3OizS3n1eEyvFyZgnuveOJsurYW1VdzWNadiKqu2pNgTmuJH6/TVLnuk9EE0lnbMZH/Mj1RFE2/hDw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"7f69247e0e897c131258d0c208675fb48876bf6ad6f78c8d7b4d13f922d26ba7","last_reissued_at":"2026-05-18T00:57:24.112022Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:57:24.112022Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1611.07392","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:57:24Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"+E+dth22SLRJJuGwB+IJRe467a6HuB2uyIfOUyZ1Whfc7dyhFDhVg6EZEOzUzq7hMb/Y9aGgld2jN1qG3lQ7CA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-29T15:09:21.897488Z"},"content_sha256":"382e994a41e105d288ee15354024d2b473b99685cfe26c12b5727cdb80893f7b","schema_version":"1.0","event_id":"sha256:382e994a41e105d288ee15354024d2b473b99685cfe26c12b5727cdb80893f7b"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2016:P5USI7QORF6BGESY2DBAQZ27WS","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Call Trace and Memory Access Pattern based Runtime Insider Threat Detection for Big Data Platforms","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.DC"],"primary_cat":"cs.CR","authors_text":"Nagarajan Ranganathan, Santosh Aditham, Srinivas Katkoori","submitted_at":"2016-11-22T16:23:39Z","abstract_excerpt":"Big data platforms such as Hadoop and Spark are being widely adopted both by academia and industry. In this paper, we propose a runtime intrusion detection technique that understands and works according to the properties of such distributed compute platforms. The proposed method is based on runtime analysis of system and library calls and memory access patterns of tasks running on the datanodes (slaves). First, the primary datanode of a big data system creates a behavior profile for every task it executes. A behavior profile includes (a) trace of the system & library calls made, and (b) sequen"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1611.07392","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:57:24Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"R0wPsUq6PayUHW63PRaqMATUZzam5q6kayNwzmysAxIsSxUi+ooS+YH6XK5xTdaa+d5rij1o0UapZZe2XosADg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-29T15:09:21.897837Z"},"content_sha256":"72a6f0282375299b482ac728901e11ca039fca2d7ee5ea7d561d0845a7616b84","schema_version":"1.0","event_id":"sha256:72a6f0282375299b482ac728901e11ca039fca2d7ee5ea7d561d0845a7616b84"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/P5USI7QORF6BGESY2DBAQZ27WS/bundle.json","state_url":"https://pith.science/pith/P5USI7QORF6BGESY2DBAQZ27WS/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/P5USI7QORF6BGESY2DBAQZ27WS/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-29T15:09:21Z","links":{"resolver":"https://pith.science/pith/P5USI7QORF6BGESY2DBAQZ27WS","bundle":"https://pith.science/pith/P5USI7QORF6BGESY2DBAQZ27WS/bundle.json","state":"https://pith.science/pith/P5USI7QORF6BGESY2DBAQZ27WS/state.json","well_known_bundle":"https://pith.science/.well-known/pith/P5USI7QORF6BGESY2DBAQZ27WS/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2016:P5USI7QORF6BGESY2DBAQZ27WS","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"c62eeda14513e0d7b740124cf1c92e41c59dd0cd56f548e034b21da929a95f83","cross_cats_sorted":["cs.DC"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-11-22T16:23:39Z","title_canon_sha256":"025d267ae030b9fead52af5252201a25af67876768e7fbf17cf1026f529ca641"},"schema_version":"1.0","source":{"id":"1611.07392","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1611.07392","created_at":"2026-05-18T00:57:24Z"},{"alias_kind":"arxiv_version","alias_value":"1611.07392v1","created_at":"2026-05-18T00:57:24Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1611.07392","created_at":"2026-05-18T00:57:24Z"},{"alias_kind":"pith_short_12","alias_value":"P5USI7QORF6B","created_at":"2026-05-18T12:30:36Z"},{"alias_kind":"pith_short_16","alias_value":"P5USI7QORF6BGESY","created_at":"2026-05-18T12:30:36Z"},{"alias_kind":"pith_short_8","alias_value":"P5USI7QO","created_at":"2026-05-18T12:30:36Z"}],"graph_snapshots":[{"event_id":"sha256:72a6f0282375299b482ac728901e11ca039fca2d7ee5ea7d561d0845a7616b84","target":"graph","created_at":"2026-05-18T00:57:24Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Big data platforms such as Hadoop and Spark are being widely adopted both by academia and industry. In this paper, we propose a runtime intrusion detection technique that understands and works according to the properties of such distributed compute platforms. The proposed method is based on runtime analysis of system and library calls and memory access patterns of tasks running on the datanodes (slaves). First, the primary datanode of a big data system creates a behavior profile for every task it executes. A behavior profile includes (a) trace of the system & library calls made, and (b) sequen","authors_text":"Nagarajan Ranganathan, Santosh Aditham, Srinivas Katkoori","cross_cats":["cs.DC"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-11-22T16:23:39Z","title":"Call Trace and Memory Access Pattern based Runtime Insider Threat Detection for Big Data Platforms"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1611.07392","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:382e994a41e105d288ee15354024d2b473b99685cfe26c12b5727cdb80893f7b","target":"record","created_at":"2026-05-18T00:57:24Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"c62eeda14513e0d7b740124cf1c92e41c59dd0cd56f548e034b21da929a95f83","cross_cats_sorted":["cs.DC"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-11-22T16:23:39Z","title_canon_sha256":"025d267ae030b9fead52af5252201a25af67876768e7fbf17cf1026f529ca641"},"schema_version":"1.0","source":{"id":"1611.07392","kind":"arxiv","version":1}},"canonical_sha256":"7f69247e0e897c131258d0c208675fb48876bf6ad6f78c8d7b4d13f922d26ba7","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"7f69247e0e897c131258d0c208675fb48876bf6ad6f78c8d7b4d13f922d26ba7","first_computed_at":"2026-05-18T00:57:24.112022Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:57:24.112022Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"QDXN5A6I3OizS3n1eEyvFyZgnuveOJsurYW1VdzWNadiKqu2pNgTmuJH6/TVLnuk9EE0lnbMZH/Mj1RFE2/hDw==","signature_status":"signed_v1","signed_at":"2026-05-18T00:57:24.112803Z","signed_message":"canonical_sha256_bytes"},"source_id":"1611.07392","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:382e994a41e105d288ee15354024d2b473b99685cfe26c12b5727cdb80893f7b","sha256:72a6f0282375299b482ac728901e11ca039fca2d7ee5ea7d561d0845a7616b84"],"state_sha256":"7257579ed880d0a152dc28d83073013f8d1f1b54668fe8e9228928ca24117225"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"kbV6Qw5iKNWcVqjh0sk9Ww5jUxrI0lgRBBJzhgFueyp6u8crAIZpbbBCCPTinaq/iQEdUAMDe25NRpyOQI4RDg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-29T15:09:21.900278Z","bundle_sha256":"d75f2ad847d5f054c094c7bdba5fd325bfff1671d7f048c23c9c840319a8061a"}}