Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring
Ashim Mahara
TL;DR
This paper introduces a detection framework that uses large language models to assess permission risks and identify malicious OAuth apps in real-time within Microsoft Graph environments.
Contribution
It presents a novel unified framework combining permission corpus construction, LLM-based risk scoring, and real-time detection for malicious OAuth apps.
Findings
Effective identification of malicious OAuth apps.
High accuracy in risk scoring using LLMs.
Real-time detection capability demonstrated.
Abstract
This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpam and Phishing Detection · Authorship Attribution and Profiling · Advanced Graph Neural Networks