{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T07:15:15Z","timestamp":1766733315335,"version":"3.40.3"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030629731"},{"type":"electronic","value":"9783030629748"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-62974-8_12","type":"book-chapter","created":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T13:10:38Z","timestamp":1606223438000},"page":"199-216","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Why Current Statistical Approaches to Ransomware Detection Fail"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0969-2464","authenticated-orcid":false,"given":"Jamie","family":"Pont","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1830-1587","authenticated-orcid":false,"given":"Budi","family":"Arief","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6432-5328","authenticated-orcid":false,"given":"Julio","family":"Hernandez-Castro","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,25]]},"reference":[{"key":"12_CR1","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","volume":"74","author":"BAS Al-rimy","year":"2018","unstructured":"Al-rimy, B.A.S., Maarof, M.A., Shaid, S.Z.M.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput. Secur. 74, 144\u2013166 (2018)","journal-title":"Comput. Secur."},{"key":"12_CR2","unstructured":"Constantin, L.: More targeted, sophisticated and costly: Why ransomware might be your biggest threat (February 2020). https:\/\/www.csoonline.com\/article\/3518864\/more-targeted-sophisticated-and-costly-why-ransomware-might-be-your-biggest-threat.html"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of 32nd Annual Conference on Computer Security Applications, pp. 336\u2013347 (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"12_CR4","unstructured":"Digital Corpora: (2018). https:\/\/digitalcorpora.org"},{"key":"12_CR5","unstructured":"Esparza, J.M., Blueliv: spanish consultancy everis suffers bitpaymer ransomware attack: a brief analysis (November 2019). https:\/\/www.blueliv.com\/cyber-security-and-cyber-threat-intelligence-blog-blueliv\/research\/everis-bitpaymer-ransomware-attack-analysis-dridex\/"},{"issue":"302","key":"12_CR6","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1080\/14786440009463897","volume":"50","author":"FRSK Pearson","year":"1900","unstructured":"Pearson, F.R.S.K.: X. on the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling. London Edinb. Dublin Philos. Mag. J. Sci. 50(302), 157\u2013175 (1900). https:\/\/doi.org\/10.1080\/14786440009463897","journal-title":"London Edinb. Dublin Philos. Mag. J. Sci."},{"key":"12_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/978-3-030-03638-6_24","volume-title":"Secure IT Systems","author":"ZA Gen\u00e7","year":"2018","unstructured":"Gen\u00e7, Z.A., Lenzini, G., Ryan, P.Y.A.: Next generation cryptographic ransomware. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 385\u2013401. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03638-6_24"},{"issue":"3","key":"12_CR8","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1109\/MCSE.2007.55","volume":"9","author":"JD Hunter","year":"2007","unstructured":"Hunter, J.D.: Matplotlib: a 2d graphics environment. Comput. Sci. Eng. 9(3), 90\u201395 (2007). https:\/\/doi.org\/10.1109\/MCSE.2007.55","journal-title":"Comput. Sci. Eng."},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Hurley-Smith, D., Patsakis, C., Hernandez-Castro, J.: On the unbearable lightness of FIPS 140\u20132 randomness tests. IEEE Trans. Inf. Forensics Secur. (2020)","DOI":"10.1109\/TIFS.2020.2988505"},{"key":"12_CR10","unstructured":"Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 757\u2013772 (2016)"},{"key":"12_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-319-66332-6_5","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kharraz","year":"2017","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98\u2013119. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66332-6_5"},{"key":"12_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-20550-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Kharraz","year":"2015","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3\u201324. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_1"},{"key":"12_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"532","DOI":"10.1007\/978-3-319-48965-0_32","volume-title":"Cryptology and Network Security","author":"F Mbol","year":"2016","unstructured":"Mbol, F., Robert, J.-M., Sadighian, A.: An efficient approach to detect TorrentLocker ransomware in computer systems. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 532\u2013541. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48965-0_32"},{"key":"12_CR14","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-030-36802-9_20","volume-title":"Neural Information Processing","author":"T McIntosh","year":"2019","unstructured":"McIntosh, T., Jang-Jaccard, J., Watters, P., Susnjak, T.: The inadequacy of entropy-based ransomware detection. In: Gedeon, T., Wong, K.W., Lee, M. (eds.) ICONIP 2019. CCIS, vol. 1143, pp. 181\u2013189. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-36802-9_20"},{"key":"12_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-030-00470-5_6","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"S Mehnaz","year":"2018","unstructured":"Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 114\u2013136. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_6"},{"key":"12_CR16","unstructured":"Micro, T.: Ransomware (September 2016). https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/ransomware"},{"key":"12_CR17","unstructured":"Microsoft: kernel-mode driver architecture design guide (June 2017). https:\/\/docs.microsoft.com\/en-gb\/windows-hardware\/drivers\/kernel\/"},{"key":"12_CR18","unstructured":"OpenSSL Software Foundation: Openssl. https:\/\/www.openssl.org"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-319-70290-2_12","volume-title":"Secure IT Systems","author":"A Palisse","year":"2017","unstructured":"Palisse, A., Durand, A., Le Bouder, H., Le\u00a0Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevi\u010dius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192\u2013208. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70290-2_12"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/978-3-030-35055-0_9","volume-title":"Secure IT Systems","author":"J Pont","year":"2019","unstructured":"Pont, J., Abu Oun, O., Brierley, C., Arief, B., Hernandez-Castro, J.: A roadmap for improving the impact of anti-ransomware research. In: Askarov, A., Hansen, R.R., Rafnsson, W. (eds.) NordSec 2019. LNCS, vol. 11875, pp. 137\u2013154. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35055-0_9"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312. IEEE (2016)","DOI":"10.1109\/ICDCS.2016.46"},{"issue":"3","key":"12_CR22","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","volume":"27","author":"CE Shannon","year":"1948","unstructured":"Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379\u2013423 (1948)","journal-title":"Bell Syst. Tech. J."},{"key":"12_CR23","unstructured":"Stat Trek: Chi-square test for independence (2020). https:\/\/stattrek.com\/chi-square-test\/independence.aspx"},{"key":"12_CR24","unstructured":"Tidy, J.: How a ransomware attack cost one firm \u00a345m (June 2019). https:\/\/www.bbc.co.uk\/news\/business-48661152"},{"key":"12_CR25","unstructured":"W3Techs: Usage statistics of webp for websites (2020). https:\/\/w3techs.com\/technologies\/details\/im-webp"},{"key":"12_CR26","unstructured":"Walker, J.: Ent (2008). https:\/\/www.fourmilab.ch\/random\/"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-62974-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:08:09Z","timestamp":1607299689000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-62974-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030629731","9783030629748"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-62974-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"25 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bali","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Indonesia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2020.petra.ac.id\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}