{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T11:28:38Z","timestamp":1763724518699,"version":"3.40.3"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030657444"},{"type":"electronic","value":"9783030657451"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65745-1_23","type":"book-chapter","created":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:03:25Z","timestamp":1608278605000},"page":"388-407","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["ESCAPADE: Encryption-Type-Ransomware: System Call Based Pattern Detection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2149-2641","authenticated-orcid":false,"given":"Christopher Jun-Wen","family":"Chew","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4955-3058","authenticated-orcid":false,"given":"Vimal","family":"Kumar","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1366-9411","authenticated-orcid":false,"given":"Panos","family":"Patros","sequence":"additional","affiliation":[]},{"given":"Robi","family":"Malik","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,19]]},"reference":[{"key":"23_CR1","unstructured":"Abrams, L.: Confirmed: garmin received decryptor for WastedLocker ransomware (2020). https:\/\/www.bleepingcomputer.com\/news\/security\/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware\/"},{"key":"23_CR2","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","volume":"74","author":"BAS Al-rimy","year":"2018","unstructured":"Al-rimy, B.A.S., Maarof, M.A., Shaid, S.Z.M.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput. Secur. 74, 144\u2013166 (2018)","journal-title":"Comput. Secur."},{"key":"23_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-319-26362-5_18","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"N Andronio","year":"2015","unstructured":"Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382\u2013404. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26362-5_18"},{"key":"23_CR4","unstructured":"APKPure: Benign dataset (nd). https:\/\/apkpure.com\/"},{"key":"23_CR5","unstructured":"Avast: Avast blog (2020). https:\/\/blog.avast.com\/"},{"key":"23_CR6","unstructured":"Chebyshev, V.: Mobile malware evolution 2018. SecureList, 16 March 2019. https:\/\/securelist.com\/mobile-malware-evolution-2018\/89689\/statistics"},{"issue":"5","key":"23_CR7","doi-asserted-by":"publisher","first-page":"1286","DOI":"10.1109\/TIFS.2017.2787905","volume":"13","author":"J Chen","year":"2017","unstructured":"Chen, J., Wang, C., Zhao, Z., Chen, K., Du, R., Ahn, G.J.: Uncovering the face of Android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13(5), 1286\u20131300 (2017)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"2","key":"23_CR8","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"issue":"2","key":"23_CR9","doi-asserted-by":"publisher","first-page":"998","DOI":"10.1109\/COMST.2014.2386139","volume":"17","author":"P Faruki","year":"2014","unstructured":"Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutor. 17(2), 998\u20131022 (2014)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"23_CR10","first-page":"66","volume":"22","author":"P Faruki","year":"2015","unstructured":"Faruki, P., Laxmi, V., Bharmal, A., Gaur, M.S., Ganmoor, V.: AndroSimilar: robust signature for detecting variants of Android malware. J. Inf. Secur. Appl. 22, 66\u201380 (2015)","journal-title":"J. Inf. Secur. Appl."},{"issue":"4","key":"23_CR11","first-page":"2277","volume":"3","author":"S Gadhiya","year":"2013","unstructured":"Gadhiya, S., Bhavsar, K.: Techniques for malware analysis. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(4), 2277\u20133128 (2013)","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng."},{"issue":"02","key":"23_CR12","first-page":"56","volume":"5","author":"E Gandotra","year":"2014","unstructured":"Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5(02), 56 (2014)","journal-title":"J. Inf. Secur."},{"issue":"1","key":"23_CR13","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/s11416-008-0092-2","volume":"6","author":"A Gazet","year":"2010","unstructured":"Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77\u201390 (2010). https:\/\/doi.org\/10.1007\/s11416-008-0092-2","journal-title":"J. Comput. Virol."},{"key":"23_CR14","unstructured":"Google: Android security 2018 year in review (2019). https:\/\/source.android.com\/security\/reports\/Google_Android_Security2018_Report_Final.pdf"},{"key":"23_CR15","unstructured":"Google: Android Debug Bridge (adb) (2020). https:\/\/developer.android.com\/studio\/command-line\/adb"},{"key":"23_CR16","unstructured":"Google: UI\/application exerciser monkey (2020). https:\/\/developer.android.com\/studio\/test\/monkey"},{"key":"23_CR17","unstructured":"Goud, N., et al.: Black Rose Lucy ransomware attack on Android devices, April 2020. https:\/\/www.cybersecurity-insiders.com\/black-rose-lucy-ransomware-attack-on-android-devices\/"},{"key":"23_CR18","unstructured":"Hou, O.: A look at Google Bouncer [blog post], 20 July 2012. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/a-look-at-google-bouncer\/"},{"key":"23_CR19","doi-asserted-by":"crossref","unstructured":"Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for Android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 1011\u20131015. IEEE (2011)","DOI":"10.1109\/CIS.2011.226"},{"key":"23_CR20","doi-asserted-by":"crossref","unstructured":"Kanwal, M., Thakur, S.: An app based on static analysis for Android ransomware. In: 2017 International Conference on Computing, Communication and Automation (ICCCA), pp. 813\u2013818. IEEE (2017)","DOI":"10.1109\/CCAA.2017.8229907"},{"key":"23_CR21","unstructured":"Kok, S., Abdullah, A., Jhanjhi, N., Supramaniam, M.: Ransomware, threat and detection techniques: a review. Int. J. Comput. Sci. Netw. Secur. 19(2), 136 (2019)"},{"key":"23_CR22","unstructured":"Koodous: Malicious dataset (nd). https:\/\/koodous.com\/"},{"key":"23_CR23","unstructured":"Lance, W.: CovidLock ransomware exploits coronavirus with malicious Android app. TechRepublic, 17 March 2020. https:\/\/www.techrepublic.com\/article\/covidlock-ransomware-exploits-coronavirus-with-malicious-android-app\/"},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark Android malware datasets and classification. In: 2018 International Carnahan Conference on Security Technology (ICCST), pp. 1\u20137. IEEE (2018)","DOI":"10.1109\/CCST.2018.8585560"},{"key":"23_CR25","unstructured":"Levin, D.V.: Strace (2020). https:\/\/strace.io\/"},{"key":"23_CR26","doi-asserted-by":"publisher","first-page":"340","DOI":"10.1016\/j.cose.2013.08.010","volume":"39","author":"YD Lin","year":"2013","unstructured":"Lin, Y.D., Lai, Y.C., Chen, C.H., Tsai, H.C.: Identifying Android malicious repackaged applications by thread-grained system call sequences. Comput. Secur. 39, 340\u2013350 (2013)","journal-title":"Comput. Secur."},{"key":"23_CR27","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3\u201317. IEEE (2014)","DOI":"10.1109\/BADGERS.2014.7"},{"key":"23_CR28","unstructured":"Lockheimer, H.: Android and security [blog post], 2 February 2012. https:\/\/googlemobile.blogspot.com\/2012\/02\/android-and-security.html"},{"key":"23_CR29","unstructured":"Malwarebytes: CTNT report cybercrime tactics and techniques: Ransomware retrospective (2020). https:\/\/resources.malwarebytes.com\/files\/2019\/08\/CTNT-2019-Ransomware_August_FINAL.pdf"},{"key":"23_CR30","unstructured":"Mana, O., Hazum, A., Melnykov, B., Kuperman, L.: Lucy\u2019s back: ransomware goes mobile, April 2020. https:\/\/research.checkpoint.com\/2020\/lucys-back-ransomware-goes-mobile\/"},{"key":"23_CR31","unstructured":"Micro, T.: Behind the Android menace: Malicious apps\u2013TrendLabs security intelligence blog. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/infographic-behind-the-android-menace-malicious-apps"},{"key":"23_CR32","unstructured":"Micro, T.: The sprawling reach of complex threats (2020). https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/threat-reports\/roundup\/the-sprawling-reach-of-complex-threats"},{"key":"23_CR33","doi-asserted-by":"crossref","unstructured":"Mohammad, A.H.: Ransomware evolution, growth and recommendation for detection. Modern Appl. Sci. 14(3), (2020)","DOI":"10.5539\/mas.v14n3p68"},{"key":"23_CR34","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421\u2013430. IEEE (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"23_CR35","unstructured":"Ninja, S.: How malware detects virtualized environment (and its countermeasures) (2016). https:\/\/resources.infosecinstitute.com\/how-malware-detects-virtualized-environment"},{"issue":"5","key":"23_CR36","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1049\/iet-net.2017.0207","volume":"7","author":"P O\u2019Kane","year":"2018","unstructured":"O\u2019Kane, P., Sezer, S., Carlin, D.: Evolution of ransomware. IET Netw. 7(5), 321\u2013327 (2018)","journal-title":"IET Netw."},{"issue":"1","key":"23_CR37","first-page":"10","volume":"13","author":"R Richardson","year":"2017","unstructured":"Richardson, R., North, M.M.: Ransomware: evolution, mitigation and prevention. Int. Manag. Rev. 13(1), 10 (2017)","journal-title":"Int. Manag. Rev."},{"key":"23_CR38","unstructured":"Lipovsk\u00fd, R., Luk\u00e1\u0161 \u0160tefanko, G.B.: Labour party is latest victim of Blackbaud ransomware attack (2016). https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2016\/02\/Rise_of_Android_Ransomware.pdf"},{"key":"23_CR39","unstructured":"Scroxton, A.: Labour party is latest victim of Blackbaud ransomware attack (2020). https:\/\/www.computerweekly.com\/news\/252487002\/Labour-Party-is-latest-victim-of-Blackbaud-ransomware-attack"},{"key":"23_CR40","unstructured":"Shivang, D.: CovidLock: Android ransomware walkthrough and unlocking routine, 16 March 2020. https:\/\/www.zscaler.com\/blogs\/research\/covidlock-android-ransomware-walkthrough-and-unlocking-routine"},{"key":"23_CR41","doi-asserted-by":"crossref","unstructured":"Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on Android platform. Mob. Inf. Syst. 2016 (2016)","DOI":"10.1155\/2016\/2946735"},{"key":"23_CR42","unstructured":"Sood, G.: virustotal: R Client for the virustotal API (2017). r package version 0.2.1"},{"key":"23_CR43","unstructured":"Sophos: The state of ransomware 2020 (2020). https:\/\/www.sophos.com\/en-us\/medialibrary\/Gated-Assets\/white-papers\/sophos-the-state-of-ransomware-2020-wp.pdf"},{"key":"23_CR44","doi-asserted-by":"crossref","unstructured":"Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23145"},{"issue":"1","key":"23_CR45","first-page":"103","volume":"4","author":"D Uppal","year":"2014","unstructured":"Uppal, D., Mehra, V., Verma, V.: Basic survey on malware analysis, tools and techniques. Int. J. Comput. Sci. Appl. (IJCSA) 4(1), 103 (2014)","journal-title":"Int. J. Comput. Sci. Appl. (IJCSA)"},{"key":"23_CR46","unstructured":"WeLiveSecurity: WeLiveSecurity (2020). https:\/\/www.welivesecurity.com\/"},{"key":"23_CR47","doi-asserted-by":"crossref","unstructured":"Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party Android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, pp. 317\u2013326. ACM (2012)","DOI":"10.1145\/2133601.2133640"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65745-1_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:48:32Z","timestamp":1608281312000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-65745-1_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030657444","9783030657451"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65745-1_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,75","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic the event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}