{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T13:00:47Z","timestamp":1743080447205,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030891367"},{"type":"electronic","value":"9783030891374"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-89137-4_18","type":"book-chapter","created":{"date-parts":[[2021,10,10]],"date-time":"2021-10-10T22:42:46Z","timestamp":1633905766000},"page":"252-267","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["RansomLens: Understanding Ransomware via Causality Analysis on System Provenance Graph"],"prefix":"10.1007","author":[{"given":"Rui","family":"Mei","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Han-Bing","family":"Yan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhi-Hui","family":"Han","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,10,10]]},"reference":[{"key":"18_CR1","unstructured":"The State of Ransomware (2020). https:\/\/www.sophos.com\/en-us\/medialibrary\/Gated-Assets\/white-papers\/sophos-the-state-of-ransomware-2020-wp.pdf. Accessed 16 Apr 2021"},{"key":"18_CR2","unstructured":"DARPA Transparent Computing. https:\/\/www.darpa.mil\/program\/transparent-computing. Accessed 30 Dec 2020"},{"key":"18_CR3","unstructured":"Ransomware: Attack Techniques and Countermeasures. https:\/\/www.secjuice.com\/attack-techniques-countermeasures-ransomware\/. Accessed 28 Apr 2021"},{"key":"18_CR4","unstructured":"Chen, L., Sahita, R., Parikh, J., Marino, M.: STAMINA: scalable deep learning approach for malware classification. https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/ai\/documents\/stamina-scalable-deep-learning-whitepaper.pdf. Accessed 20 Mar 2021"},{"key":"18_CR5","doi-asserted-by":"crossref","unstructured":"Piskozub, M., Spolaor, R., Martinovic, I.: Malalert: detecting malware in large-scale network traffic using statistical features. In: ACM SIGMETRICS Performance Evaluation Review, pp. 151\u2013154. ACM (2019)","DOI":"10.1145\/3308897.3308961"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Ding, J., Chen, Z., Zhao, Y., Su, H., Guo, Y., Sun, E.: MGeT: malware gene-based malware dynamic analyses. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, pp. 96\u2013101. ACM (2017)","DOI":"10.1145\/3058060.3058065"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in android malware detection. In: Proceedings of the 2014 ACM Conference on SIGCOMM, pp. 371\u2013372. ACM (2014)","DOI":"10.1145\/2619239.2631434"},{"key":"18_CR8","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/978-3-319-50127-7_11","volume-title":"AI 2016: Advances in Artificial Intelligence","author":"B Kolosnjaji","year":"2016","unstructured":"Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Kang, B.H., Bai, Q. (eds.) AI 2016. LNCS (LNAI), vol. 9992, pp. 137\u2013149. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-50127-7_11"},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"HaddadPajouh, H., Dehghantanha, A., Khayami, R., Choo, K.K.R.: A deep recurrent neural network based approach for internet of things malware threat hunting. In: Taufer, M., Cambria, E., Abramson, D. (eds.) Future Generation Computer Systems, vol. 85, pp. 88\u201396. ScienceDirect (2018)","DOI":"10.1016\/j.future.2018.03.007"},{"key":"18_CR10","unstructured":"Hardy, W., Chen, L., Hou, S., Ye, Y., Li, X.: DL4MD: a deep learning framework for intelligent malware detection. In: Proceedings of the International Conference on Data Science (ICDATA), pp. 61\u201367. CSREA Press (2016)"},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Caselli, M., Zambon, E., Kargl, F.: Sequence-aware intrusion detection in industrial control systems. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp. 13\u201324. ACM (2015)","DOI":"10.1145\/2732198.2732200"},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Dong, B., Chen, Z., Wang, H., Tang, L. A., Zhang, K., Lin, Y., et al.: Efficient discovery of abnormal event sequences in enterprise security systems. In: Proceedings of the 2017 ACM on Conference on Information and Knowledge Management, pp. 707\u2013715. ACM (2017)","DOI":"10.1145\/3132847.3132854"},{"key":"18_CR13","unstructured":"Siddiqui, M. A., Fern, A., Wright, R., Theriault, A., Archer, D. W., Maxwell, W.: Detecting cyberattack entities from audit data via multi-view anomaly detection with feedback. In: Workshops at the 32th AAAI Conference on Artificial Intelligence, pp. 277\u2013284. OpenReview (2018)"},{"key":"18_CR14","doi-asserted-by":"crossref","unstructured":"Hassan, W. U., Noureddine, M. A., Datta, P., Bates, A.: OmegaLog: high-fidelity attack investigation via transparent multi-layer log analysis. In: Network and Distributed System Security Symposium (NDSS). The Internet Society (2020)","DOI":"10.14722\/ndss.2020.24270"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Yang, R., Ma, S., Xu, H., Zhang, X., Chen, Y.: UISCOPE: accurate, instrumentation-free, and visible attack investigation for GUI applications. In: Network and Distributed Systems Symposium (NDSS). The Internet Society (2020)","DOI":"10.14722\/ndss.2020.24329"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: Proceedings of the 9th ACM Symposium on Operating Systems Principles, pp. 223\u2013236. ACM (2003)","DOI":"10.1145\/1165389.945467"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Unicorn: runtime provenance-based detector for advanced persistent threats. In: Network and Distributed Systems Symposium (NDSS). The Internet Society (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"Hossain, M.N., Sheikhi, S., Sekar, R.: Combating dependence explosion in forensic analysis using alternative tag propagation semantics. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1139\u20131155. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00064"},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.N.: HOLMES: real-time apt detection through correlation of suspicious information flows. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1137\u20131152. IEEE (2019)","DOI":"10.1109\/SP.2019.00026"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Soliman, H.M.: An optimization approach to graph partitioning for detecting persistent attacks in enterprise networks. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1\u20136. IEEE (2020)","DOI":"10.1109\/ISNCC49221.2020.9297233"},{"key":"18_CR21","unstructured":"Zhao, J., Yan, Q., Liu, X., Li, B., Zuo, G.: Cyber threat intelligence modeling based on heterogeneous graph convolutional network. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pp. 241\u2013256. USENIX Association (2020)"},{"key":"18_CR22","unstructured":"VirusTotal API v3 Overview. https:\/\/developers.virustotal.com\/v3.0\/reference. Accessed 10 Jan 2021"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, S., Caballero, J.: AVCLASS2: massive malware tag extraction from AV labels. In: Annual Computer Security Applications Conference (ACSAC), pp. 42\u201353. ACM (2020)","DOI":"10.1145\/3427228.3427261"},{"key":"18_CR24","unstructured":"Event tracing for windows. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/etw\/about-event-tracing. Accessed 10 Mar 2021"},{"key":"18_CR25","unstructured":"Linux auditd. https:\/\/linux.die.net\/man\/8\/. Accessed 25 Dec 2020"},{"key":"18_CR26","unstructured":"SilkETW. https:\/\/github.com\/fireeye\/SilkETW. Accessed 1 Apr 2021"},{"key":"18_CR27","doi-asserted-by":"crossref","unstructured":"Wang, Q., Hassan, W.U., Li, D., Jee, K., Yu, X., Zou, K., et al.: You are what you do: hunting stealthy malware via data provenance analysis. In: Network and Distributed Systems Symposium (NDSS). The Internet Society (2020)","DOI":"10.14722\/ndss.2020.24167"}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-89137-4_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T21:32:44Z","timestamp":1638394364000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-89137-4_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030891367","9783030891374"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-89137-4_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"10 October 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Shanghai","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 August 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/scisec.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}