{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,9]],"date-time":"2025-11-09T07:45:02Z","timestamp":1762674302250,"version":"3.37.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030220372"},{"type":"electronic","value":"9783030220389"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22038-9_11","type":"book-chapter","created":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:02:31Z","timestamp":1560106951000},"page":"219-239","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["On Deception-Based Protection Against Cryptographic Ransomware"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7198-7437","authenticated-orcid":false,"given":"Ziya Alper","family":"Gen\u00e7","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8229-3270","authenticated-orcid":false,"given":"Gabriele","family":"Lenzini","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5238-8068","authenticated-orcid":false,"given":"Daniele","family":"Sgandurra","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,6]]},"reference":[{"issue":"5","key":"11_CR1","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1109\/MSP.2004.71","volume":"2","author":"D Balfanz","year":"2004","unstructured":"Balfanz, D., Durfee, G., Smetters, D.K., Grinter, R.E.: In search of usable security: five lessons from the field. IEEE Secur. Priv. 2(5), 19\u201324 (2004)","journal-title":"IEEE Secur. Priv."},{"key":"11_CR2","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-642-05284-2_4","volume-title":"Security and Privacy in Communication Networks","author":"BM Bowen","year":"2009","unstructured":"Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting inside attackers using decoy documents. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 51\u201370. Springer, Heidelberg (2009). \n                      https:\/\/doi.org\/10.1007\/978-3-642-05284-2_4"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: PC, mobile, and web. In: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium, pp. 2:1\u20132:21. ACM, New York (2017)","DOI":"10.1145\/3150376.3150378"},{"issue":"6","key":"11_CR4","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MNET.2016.1600110NM","volume":"30","author":"K Cabaj","year":"2016","unstructured":"Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14\u201320 (2016)","journal-title":"IEEE Netw."},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 336\u2013347. ACM, New York (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"11_CR6","unstructured":"Council of European Union: Council regulation (EU) no 428\/2009 (2009). \n                      https:\/\/eur-lex.europa.eu\/legal-content\/EN\/ALL\/?uri=celex:32009R0428\n                      \n                    . Accessed 22 Feb 2019"},{"key":"11_CR7","unstructured":"CyberEdge: 2018 Cyberthreat Defense Report. Technical report, CyberEdge Group, LLC, March 2018. \n                      https:\/\/cyber-edge.com\/wp-content\/uploads\/2018\/03\/CyberEdge-2018-CDR.pdf"},{"key":"11_CR8","unstructured":"European Commission: Guidance note - Research involving dual-use items. \n                      http:\/\/ec.europa.eu\/research\/participants\/data\/ref\/h2020\/other\/hi\/guide_research-dual-use_en.pdf\n                      \n                    . Accessed 22 Feb 2019"},{"key":"11_CR9","unstructured":"Feng, Y., Liu, C., Liu, B.: Poster: a new approach to detecting ransomware with deception. In: 38th IEEE Symposium on Security and Privacy Workshops (2017)"},{"key":"11_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-319-93411-2_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"ZA Gen\u00e7","year":"2018","unstructured":"Gen\u00e7, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234\u2013255. Springer, Cham (2018). \n                      https:\/\/doi.org\/10.1007\/978-3-319-93411-2_11"},{"key":"11_CR11","unstructured":"Greenberg, A.: The untold story of NotPetya, the most devastating cyberattack in history, August 2018. \n                      https:\/\/www.wired.com\/story\/notpetya-cyberattack-ukraine-russia-code-crashed-the-world\/\n                      \n                    . Accessed 22 Feb 2019"},{"key":"11_CR12","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","volume":"73","author":"J.A. G\u00f3mez-Hern\u00e1ndez","year":"2018","unstructured":"G\u00f3mez-Hern\u00e1ndez, J.,\u00c1lvarez Gonz\u00e1lez, L., Garc\u00eda-Teodoro, P.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389\u2013398 (2018)","journal-title":"Computers & Security"},{"key":"11_CR13","unstructured":"Hunt, G., Brubacher, D.: Detours: binary interception of win32 functions. In: Proceedings of the 3rd Conference on USENIX Windows NT Symposium, WINSYM1999, vol. 3, p. 14. USENIX Association, Berkeley (1999)"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 2013, pp. 145\u2013160. ACM, New York (2013)","DOI":"10.1145\/2508859.2516671"},{"key":"11_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-319-66332-6_5","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kharraz","year":"2017","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98\u2013119. Springer, Cham (2017). \n                      https:\/\/doi.org\/10.1007\/978-3-319-66332-6_5"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599\u2013611. ACM (2017)","DOI":"10.1145\/3052973.3053035"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Lee, J., Lee, J., Hong, J.: How to make efficient decoy files for ransomware detection? In: Proceedings of the International Conference on Research in Adaptive and Convergent Systems, RACS 2017, pp. 208\u2013212. ACM, New York (2017)","DOI":"10.1145\/3129676.3129713"},{"key":"11_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-030-00470-5_6","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"S Mehnaz","year":"2018","unstructured":"Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 114\u2013136. Springer, Cham (2018). \n                      https:\/\/doi.org\/10.1007\/978-3-030-00470-5_6"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Moore, C.: Detecting ransomware with honeypot techniques. In: 2016 Cybersecurity and Cyberforensics Conference (CCC), pp. 77\u201381, August 2016","DOI":"10.1109\/CCC.2016.14"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Moussaileb, R., Bouget, B., Palisse, A., Le Bouder, H., Cuppens, N., Lanet, J.L.: Ransomware\u2019s early mitigation mechanisms. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, pp. 2:1\u20132:10. ACM (2018)","DOI":"10.1145\/3230833.3234691"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Rowe, N.C.: Measuring the effectiveness of honeypot counter-counterdeception. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS 2006), vol. 6, pp. 129c\u2013129c, January 2006","DOI":"10.1109\/HICSS.2006.269"},{"key":"11_CR22","unstructured":"Russinovich, M.E., Solomon, D.A., Ionescu, A.: Windows Internals. Pearson Education (2012)"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312, June 2016","DOI":"10.1109\/ICDCS.2016.46"},{"key":"11_CR24","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection. CoRR abs\/1609.03020 (2016). \n                      http:\/\/arxiv.org\/abs\/1609.03020"},{"key":"11_CR25","unstructured":"WatchPoint Data: Cryptostopper (2018). \n                      https:\/\/www.watchpointdata.com\/cryptostopper"},{"key":"11_CR26","unstructured":"Webroot: 2018 Webroot threat report mid-year update. Technical report, Webroot Inc., September 2018. \n                      https:\/\/www.webroot.com\/download_file\/2780"},{"key":"11_CR27","unstructured":"Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings of the IEEE Workshop on Information Assurance. United States Military Academy, West Point (2004)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22038-9_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:10:18Z","timestamp":1560107418000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-22038-9_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030220372","9783030220389"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22038-9_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Gothenburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.dimva2019.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"dimca2019.hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}