{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T14:00:52Z","timestamp":1774533652793,"version":"3.50.1"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030004699","type":"print"},{"value":"9783030004705","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_6","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:43:19Z","timestamp":1536216199000},"page":"114-136","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":87,"title":["RWGuard: A Real-Time Detection System Against Cryptographic Ransomware"],"prefix":"10.1007","author":[{"given":"Shagufta","family":"Mehnaz","sequence":"first","affiliation":[]},{"given":"Anand","family":"Mudgerikar","sequence":"additional","affiliation":[]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"key":"6_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-319-26362-5_18","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"N Andronio","year":"2015","unstructured":"Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382\u2013404. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-26362-5_18"},{"key":"6_CR2","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-642-05284-2_4","volume-title":"Security and Privacy in Communication Networks","author":"BM Bowen","year":"2009","unstructured":"Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting inside attackers using decoy documents. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 51\u201370. Springer, Heidelberg (2009). \nhttps:\/\/doi.org\/10.1007\/978-3-642-05284-2_4"},{"issue":"1","key":"6_CR3","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001). \nhttps:\/\/doi.org\/10.1023\/A:1010933404324","journal-title":"Mach. Learn."},{"key":"6_CR4","unstructured":"Cabaj, K., Gregorczyk, M., Mazurczyk, W.: Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. CoRR abs\/1611.08294 (2016)"},{"key":"6_CR5","doi-asserted-by":"publisher","unstructured":"Calvet, J., Fernandez, J.M., Marion, J.Y.: Aligot: cryptographic function identification in obfuscated binary programs. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 169\u2013182. ACM, New York (2012). \nhttps:\/\/doi.org\/10.1145\/2382196.2382217","DOI":"10.1145\/2382196.2382217"},{"key":"6_CR6","doi-asserted-by":"publisher","unstructured":"Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 336\u2013347. ACM, New York (2016). \nhttps:\/\/doi.org\/10.1145\/2991079.2991110","DOI":"10.1145\/2991079.2991110"},{"key":"6_CR7","unstructured":"CryptoStopper: \nwww.watchpointdata.com\/cryptostopper\/"},{"key":"6_CR8","unstructured":"Fox-Brewster, T.: Petya or notpetya: why the latest ransomware is deadlier than wannacry. FORBES, June 2017. \nhttps:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/06\/27\/petya-notpetya-ransomware-is-more-powerful-than-wannacry"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Huang, D.Y., et al.: Tracking ransomware end-to-end. In: Proceedings of the 2018 IEEE Conference on Security and Privacy, SP 2018 (2018)","DOI":"10.1109\/SP.2018.00047"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Huang, J., Xu, J., Xing, X., Liu, P., Qureshi, M.K.: Flashguard: leveraging intrinsic flash properties to defend against encryption ransomware. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 2231\u20132244. ACM, New York (2017)","DOI":"10.1145\/3133956.3134035"},{"key":"6_CR11","unstructured":"Microsoft Inc.: File system minifilter drivers, May 2014. \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff540402(v=vs.85).aspx"},{"key":"6_CR12","unstructured":"Jayanthi, A.: First known ransomware attack in 1989 also targeted healthcare. Beckers Hospital Review, May 2016. \nhttp:\/\/www.beckershospitalreview.com\/healthcare-information-technology\/first-known-ransomware-attack-in-1989-also-targeted-healthcare.html"},{"key":"6_CR13","unstructured":"Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: Unveil: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 757\u2013772. USENIX Association, Austin (2016)"},{"key":"6_CR14","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-319-66332-6_5","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kharraz","year":"2017","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) Research in Attacks, Intrusions, and Defenses. LNCS, pp. 98\u2013119. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-66332-6_5"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-20550-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Kharraz","year":"2015","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3\u201324. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-20550-2_1"},{"key":"6_CR16","doi-asserted-by":"publisher","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS, pp. 599\u2013611. ACM, New York (2017). \nhttps:\/\/doi.org\/10.1145\/3052973.3053035","DOI":"10.1145\/3052973.3053035"},{"key":"6_CR17","unstructured":"Kryptel: \nhttps:\/\/www.kryptel.com\/products\/kryptel.php"},{"issue":"7","key":"6_CR18","doi-asserted-by":"publisher","first-page":"3065","DOI":"10.1145\/3052973.3053035","volume":"73","author":"JK Lee","year":"2017","unstructured":"Lee, J.K., Moon, S.Y., Park, J.H.: CloudRPS: a cloud analysis based enhanced ransomware prevention system. J. Supercomput. 73(7), 3065\u20133084 (2017). \nhttps:\/\/doi.org\/10.1145\/3052973.3053035","journal-title":"J. Supercomput."},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Lee, J., Lee, J., Hong, J.: How to make efficient decoy files for ransomware detection? In: Proceedings of the International Conference on Research in Adaptive and Convergent Systems, pp. 208\u2013212. ACM, New York (2017)","DOI":"10.1145\/3129676.3129713"},{"key":"6_CR20","doi-asserted-by":"publisher","unstructured":"Lestringant, P., Guih\u00e9ry, F., Fouque, P.A.: Automated identification of cryptographic primitives in binary code with data flow graph isomorphism. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS, pp. 203\u2013214. ACM, New York (2015). \nhttps:\/\/doi.org\/10.1145\/2714576.2714639","DOI":"10.1145\/2714576.2714639"},{"issue":"1","key":"6_CR21","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1109\/18.61115","volume":"37","author":"J Lin","year":"2006","unstructured":"Lin, J.: Divergence measures based on the shannon entropy. IEEE Trans. Inf. Theor. 37(1), 145\u2013151 (2006). \nhttps:\/\/doi.org\/10.1109\/18.61115","journal-title":"IEEE Trans. Inf. Theor."},{"key":"6_CR22","unstructured":"Malc0de: \nhttp:\/\/malc0de.com\/rss"},{"key":"6_CR23","unstructured":"Malware, O.: \nhttp:\/\/openmalware.org"},{"key":"6_CR24","unstructured":"Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers Inc. (1993)"},{"key":"6_CR25","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-642-15506-2_15","volume-title":"Advances in Digital Forensics VI","author":"V Roussev","year":"2010","unstructured":"Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207\u2013226. Springer, Heidelberg (2010). \nhttps:\/\/doi.org\/10.1007\/978-3-642-15506-2_15"},{"key":"6_CR26","doi-asserted-by":"publisher","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312, June 2016. \nhttps:\/\/doi.org\/10.1109\/ICDCS.2016.46","DOI":"10.1109\/ICDCS.2016.46"},{"key":"6_CR27","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits. Limitations and use for detection, ArXiv e-prints, September 2016"},{"key":"6_CR28","unstructured":"VirusTotal: \nhttps:\/\/www.virustotal.com"},{"key":"6_CR29","unstructured":"VXVault: \nhttp:\/\/vxvault.siri-urz.net\/URL_List.php"},{"key":"6_CR30","unstructured":"Wong, J.C., Solon, O.: Massive ransomware cyber-attack hits nearly 100 countries around the world. Theguardian, May. \nhttps:\/\/www.theguardian.com\/technology\/2017\/may\/12\/global-cyber-attack-ransomware-nsa-uk-nhs"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Xu, D., Ming, J., Wu, D.: Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In: Proceedings 2017 IEEE Symposium on Security and Privacy, pp. 129\u2013140, May 2017","DOI":"10.1109\/SP.2017.56"},{"key":"6_CR32","unstructured":"Zelster: \nhttps:\/\/zeltser.com\/malware-sample-sources\/"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:47:01Z","timestamp":1536216421000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}