{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T14:27:15Z","timestamp":1774448835266,"version":"3.50.1"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030578770","type":"print"},{"value":"9783030578787","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-57878-7_13","type":"book-chapter","created":{"date-parts":[[2020,8,28]],"date-time":"2020-08-28T14:03:04Z","timestamp":1598623384000},"page":"254-274","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["The Naked Sun: Malicious Cooperation Between Benign-Looking Processes"],"prefix":"10.1007","author":[{"given":"Fabio","family":"De Gaspari","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dorjan","family":"Hitaj","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giulio","family":"Pagnotta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lorenzo","family":"De Carli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luigi V.","family":"Mancini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,29]]},"reference":[{"key":"13_CR1","unstructured":"Introducing the malwarebytes anti-ransomware beta (2016). https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2016\/01\/introducing-the-malwarebytes-anti-ransomware-beta\/"},{"key":"13_CR2","unstructured":"Cerber starts evading machine learning (2017). https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/cerber-starts-evading-machine-learning\/"},{"key":"13_CR3","unstructured":"I\/o request packets (2017). https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/gettingstarted\/i-o-request-packets"},{"key":"13_CR4","unstructured":"\u201cPetya-like\u201d Ransomware Analysis, June 2017. https:\/\/www.nyotron.com\/wp-content\/uploads\/2017\/06\/NARC-Report-Petya-like-062017-for-Web.pdf"},{"key":"13_CR5","unstructured":"Atlanta spent \\$2.6m to recover from a \\$52,000 ransomware scare (2018). https:\/\/www.wired.com\/story\/atlanta-spent-26m-recover-from-ransomware-scare\/"},{"key":"13_CR6","unstructured":"Wannacry analysis and cracking, November 2018. https:\/\/medium.com\/@codingkarma\/wannacry-analysis-and-cracking-6175b8cd47d4"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Wannacry cyber attack cost the nhs \u00a392m as 19,000 appointments cancelled (2018). https:\/\/www.telegraph.co.uk\/technology\/2018\/10\/11\/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled\/","DOI":"10.1016\/S1361-3723(18)30102-7"},{"key":"13_CR8","unstructured":"Malwarebytes anti-ransomware for business (2019). https:\/\/www.malwarebytes.com\/ business\/solutions\/ransomware\/"},{"key":"13_CR9","unstructured":"Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: USENIX Security Symposium (2016)"},{"key":"13_CR10","unstructured":"Anderson, H.S., Kharkar, A., Filar, B.: Evading Machine Learning Malware Detection, p. 6 (2017)"},{"key":"13_CR11","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-642-40994-3_25","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"B Biggio","year":"2013","unstructured":"Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., \u017delezn\u00fd, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 387\u2013402. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40994-3_25"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: ACSAC (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Dang, H., Huang, Y., Chang, E.C.: Evading classifiers by morphing in the dark. In: CCS (2017)","DOI":"10.1145\/3133956.3133978"},{"key":"13_CR14","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: IEEE S&P (2010)","DOI":"10.1109\/SP.2010.11"},{"key":"13_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/978-3-030-03638-6_24","volume-title":"Secure IT Systems","author":"ZA Gen\u00e7","year":"2018","unstructured":"Gen\u00e7, Z.A., Lenzini, G., Ryan, P.Y.A.: Next generation cryptographic ransomware. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 385\u2013401. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03638-6_24"},{"key":"13_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-030-22038-9_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"ZA Gen\u00e7","year":"2019","unstructured":"Gen\u00e7, Z.A., Lenzini, G., Sgandurra, D.: On deception-based protection against cryptographic ransomware. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 219\u2013239. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22038-9_11"},{"key":"13_CR17","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. Computing Research Repository, ArXiv (2014)"},{"key":"13_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-319-66399-9_4","volume-title":"Computer Security \u2013 ESORICS 2017","author":"K Grosse","year":"2017","unstructured":"Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62\u201379. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_4"},{"key":"13_CR19","unstructured":"Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: BotHunter: detecting malware infection through IDS-driven dialog correlation. In: USENIX (2007)"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Babar: runtime provenance-based detector for advanced persistent threats. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"13_CR21","unstructured":"Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms. arXiv:1705.08131 [cs], May 2017"},{"key":"13_CR22","unstructured":"Hu, W., Tan, Y.: Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. arXiv:1702.05983 [cs], February 2017"},{"key":"13_CR23","unstructured":"Ispoglou, K.K., Payer, M.: Malwash: washing malware to evade dynamic analysis. In: USENIX WOOT (2016)"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: RAID (2017)","DOI":"10.1007\/978-3-319-66332-6_5"},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Kirda, E.: Unveil: a large-scale, automated approach to detecting ransomware (keynote). In: SANER (2017)","DOI":"10.1109\/SANER.2017.7884603"},{"issue":"1","key":"13_CR26","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1109\/18.61115","volume":"37","author":"J Lin","year":"1991","unstructured":"Lin, J.: Divergence measures based on the Shannon entropy. IEEE Trans. Inf. Theory 37(1), 145\u2013151 (1991)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"13_CR27","doi-asserted-by":"crossref","unstructured":"Manzoor, E., Milajerdi, S.M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: KDD (2016)","DOI":"10.1145\/2939672.2939783"},{"key":"13_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"532","DOI":"10.1007\/978-3-319-48965-0_32","volume-title":"Cryptology and Network Security","author":"F Mbol","year":"2016","unstructured":"Mbol, F., Robert, J.-M., Sadighian, A.: An efficient approach to detect torrentlocker ransomware in computer systems. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 532\u2013541. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48965-0_32"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-030-00470-5_6","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"S Mehnaz","year":"2018","unstructured":"Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 114\u2013136. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_6"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.: HOLMES: real-time APT detection through correlation of suspicious information flows. In: IEEE S&P (2019)","DOI":"10.1109\/SP.2019.00026"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Moore, C.: Detecting ransomware with honeypot techniques. In: CCC (2016)","DOI":"10.1109\/CCC.2016.14"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: ACSAC (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Moussaileb, R., Bouget, B., Palisse, A., Le Bouder, H., Cuppens, N., Lanet, J.L.: Ransomware\u2019s early mitigation mechanisms. In: ARES (2018)","DOI":"10.1145\/3230833.3234691"},{"key":"13_CR34","doi-asserted-by":"crossref","unstructured":"OKane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. In: IEEE S&P (2011)","DOI":"10.1109\/MSP.2011.98"},{"key":"13_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-319-70290-2_12","volume-title":"Secure IT Systems","author":"A Palisse","year":"2017","unstructured":"Palisse, A., Durand, A., Le Bouder, H., Le\u00a0Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevi\u010dius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192\u2013208. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70290-2_12"},{"key":"13_CR36","unstructured":"Pavithran, J., Patnaik, M., Rebeiro, C.: D-time: distributed threadless independent malware execution for runtime obfuscation. In: USENIX WOOT (2019)"},{"key":"13_CR37","doi-asserted-by":"crossref","unstructured":"Rosenberg, I., Shabtai, A., Rokach, L., Elovici, Y.: Generic black-box end-to-end attack against state of the art API call based malware classifiers. In: RAID (2018)","DOI":"10.1007\/978-3-030-00470-5_23"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: ICDCS (2016)","DOI":"10.1109\/ICDCS.2016.46"},{"key":"13_CR39","doi-asserted-by":"crossref","unstructured":"\u0160rndic, N., Laskov, P.: Practical evasion of a learning-based classifier: a case study. In: IEEE S&P (2014)","DOI":"10.1109\/SP.2014.20"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers: a case study on pdf malware classifiers. In: Networks and Distributed Systems Symposium (2016)","DOI":"10.14722\/ndss.2016.23115"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-57878-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T19:07:01Z","timestamp":1619204821000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-57878-7_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030578770","9783030578787"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-57878-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"29 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.google.com\/di.uniroma1.it\/ACNS2020","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"214","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"46","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.7","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to COVID-19 pandemy the confernce was helt virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}