Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring

cs.CR arXiv:2512.15781
View PDF arXiv JSON

Abstract

This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity.

PDF Viewer