{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T10:27:04Z","timestamp":1742984824554,"version":"3.40.3"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031748349"},{"type":"electronic","value":"9783031748356"}],"license":[{"start":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T00:00:00Z","timestamp":1728604800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T00:00:00Z","timestamp":1728604800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-74835-6_8","type":"book-chapter","created":{"date-parts":[[2024,10,10]],"date-time":"2024-10-10T06:01:53Z","timestamp":1728540113000},"page":"149-176","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["On Countering Ransomware Attacks Using Strategic Deception"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6070-5473","authenticated-orcid":false,"given":"Roshan Lal","family":"Neupane","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7522-5878","authenticated-orcid":false,"given":"Bishnu","family":"Bhusal","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5044-1674","authenticated-orcid":false,"given":"Kiran","family":"Neupane","sequence":"additional","affiliation":[]},{"given":"Preyea","family":"Regmi","sequence":"additional","affiliation":[]},{"given":"Tam","family":"Dinh","sequence":"additional","affiliation":[]},{"given":"Lilliana","family":"Marrero","sequence":"additional","affiliation":[]},{"given":"Sayed M.","family":"Saghaian N. E.","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1289-7922","authenticated-orcid":false,"given":"Venkata Sriram Siddhardh","family":"Nadendla","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7666-5389","authenticated-orcid":false,"given":"Prasad","family":"Calyam","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,11]]},"reference":[{"key":"8_CR1","unstructured":"Canarytokens. https:\/\/canarytokens.org\/generate. Accessed 16 Dec 2023"},{"key":"8_CR2","unstructured":"Deception-based Ransomware Defense. https:\/\/github.com\/bhusalb\/gt-ransomware-simulation. Accessed 20 May 2024"},{"key":"8_CR3","unstructured":"FBI Internet Crime Report 2022. https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2022_IC3Report.pdf. Accessed 20 May 2023"},{"key":"8_CR4","unstructured":"How Do Hackers Get Caught and Exposed?. https:\/\/www.metacompliance.com\/blog\/phishing-and-ransomware\/how-do-hackers-normally-get-caught. Accessed 20 Jan 2024"},{"key":"8_CR5","unstructured":"IBM: Average Cost of a Healthcare Data Breach Increases to Almost \\$11 Million. https:\/\/www.hipaajournal.com\/2023-cost-healthcare-data-breach\/. Accessed 20 Jan 2024"},{"key":"8_CR6","unstructured":"Kippo. https:\/\/github.com\/desaster\/kippo. Accessed 16 Dec 2023"},{"key":"8_CR7","unstructured":"Ransomware: In the Healthcare Sector. https:\/\/www.cisecurity.org\/insights\/blog\/ransomware-in-the-healthcare-sector. Accessed 20 Jan 2024"},{"key":"8_CR8","unstructured":"Spacesiren: A honeytoken manager. https:\/\/github.com\/spacesiren\/spacesiren. Accessed 16 Dec 2023"},{"key":"8_CR9","unstructured":"The Cost of Cybersecurity in Healthcare. https:\/\/www.cdw.com\/content\/cdw\/en\/articles\/security\/the-cost-of-cybersecurity-in-healthcare.html. Accessed 20 Jan 2024"},{"key":"8_CR10","unstructured":"The Latest 2023 Ransomware Statistics (2024). https:\/\/aag-it.com\/the-latest-ransomware-statistics\/. Accessed 20 Jan 2024"},{"issue":"1","key":"8_CR11","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1016\/S0899-8256(05)80015-6","volume":"8","author":"RJ Aumann","year":"1995","unstructured":"Aumann, R.J.: Backward induction and common knowledge of rationality. Games Econom. Behav. 8(1), 6\u201319 (1995)","journal-title":"Games Econom. Behav."},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Bercovitch, M., Renford, M., Hasson, L., Shabtai, A., Rokach, L., Elovici, Y.: HoneyGen: an automated honeytokens generator. In: Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics, pp. 131\u2013136. IEEE (2011)","DOI":"10.1109\/ISI.2011.5984063"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Cartwright, A., Cartwright, E.: The economics of ransomware attacks on integrated supply chain networks. Digit. Threats: Res. Pract. (2023)","DOI":"10.1145\/3579647"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Cartwright, E., Hernandez\u00a0Castro, J., Cartwright, A.: To pay or not: game theoretic models of ransomware. J. Cybersecur. 5(1), tyz009 (2019)","DOI":"10.1093\/cybsec\/tyz009"},{"issue":"5","key":"8_CR15","doi-asserted-by":"publisher","first-page":"e2312270","DOI":"10.1001\/jamanetworkopen.2023.12270","volume":"6","author":"C Dameff","year":"2023","unstructured":"Dameff, C., et al.: Ransomware attack associated with disruptions at adjacent emergency departments in the us. JAMA Netw. Open 6(5), e2312270\u2013e2312270 (2023)","journal-title":"JAMA Netw. Open"},{"key":"8_CR16","unstructured":"Feng, Y., Liu, C., Liu, B.: Poster: a new approach to detecting ransomware with deception. In: 38th IEEE symposium on security and privacy (2017)"},{"key":"8_CR17","doi-asserted-by":"publisher","first-page":"1433","DOI":"10.1109\/TIFS.2023.3240025","volume":"18","author":"GO Ganfure","year":"2023","unstructured":"Ganfure, G.O., Wu, C.F., Chang, Y.H., Shih, W.K.: RTrap: trapping and containing ransomware with machine learning. IEEE Trans. Inf. Forensics Secur. 18, 1433\u20131448 (2023)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"8_CR18","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","volume":"73","author":"JA G\u00f3mez-Hern\u00e1ndez","year":"2018","unstructured":"G\u00f3mez-Hern\u00e1ndez, J.A., \u00c1lvarez-Gonz\u00e1lez, L., Garc\u00eda-Teodoro, P.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389\u2013398 (2018)","journal-title":"Comput. Secur."},{"key":"8_CR19","unstructured":"Keijzer, N.: The new generation of ransomware: an in depth study of Ransomware-as-a-service. Master\u2019s thesis, University of Twente (2020)"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599\u2013611 (2017)","DOI":"10.1145\/3052973.3053035"},{"issue":"2","key":"8_CR21","first-page":"16","volume":"78","author":"HE Lapan","year":"1988","unstructured":"Lapan, H.E., Sandler, T.: To bargain or not to bargain: that is the question. Am. Econ. Rev. 78(2), 16\u201321 (1988)","journal-title":"Am. Econ. Rev."},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Li, Z., Liao, Q.: Game theory of data-selling ransomware. J. Cyber Secur. Mob. 65\u201396 (2021)","DOI":"10.13052\/jcsm2245-1439.1013"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Liu, S., Chen, X.: Mitigating data exfiltration ransomware through advanced decoy file strategies (2023)","DOI":"10.21203\/rs.3.rs-3750416\/v1"},{"issue":"7","key":"8_CR24","doi-asserted-by":"publisher","first-page":"2038","DOI":"10.1109\/TCAD.2021.3099084","volume":"41","author":"D Min","year":"2021","unstructured":"Min, D., Ko, Y., Walker, R., Lee, J., Kim, Y.: A content-based ransomware detection and backup solid-state drive for ransomware defense. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 41(7), 2038\u20132051 (2021)","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321\u2013326 (2007)","DOI":"10.1145\/1233341.1233399"},{"key":"8_CR26","unstructured":"Mphago, B., Bagwasi, O., Phofuetsile, B., Hlomani, H.: Deception in dynamic web application honeypots: case of Glastopf. In: Proceedings of the International Conference on Security and Management (SAM). p.\u00a0104. The Steering Committee of The World Congress in Computer Science, Computer\u00a0... (2015)"},{"key":"8_CR27","unstructured":"M\u00fcter, M., Freiling, F., Holz, T., Matthews, J.: A generic toolkit for converting web applications into high-interaction honeypots. Univ. Mannheim 280, 6\u20131 (2008)"},{"key":"8_CR28","unstructured":"Patyal, M., Sampalli, S., Ye, Q., Rahman, M.: Multi-layered defense architecture against ransomware. Int. J. Bus. Cyber Secur. 1(2) (2017)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Qin, X., Jiang, F., Cen, M., Doss, R.: Hybrid cyber defense strategies using honey-x: a survey. Comput. Netw. 109776 (2023)","DOI":"10.1016\/j.comnet.2023.109776"},{"key":"8_CR30","unstructured":"Reeder, J.R., Hall, C.T.: Cybersecurity\u2019s pearl harbor moment: lessons learned from the colonial pipeline ransomware attack (2021)"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"S\u0103ndescu, C., Rughini\u015f, R., Grigorescu, O.: HUNT: using honeytokens to understand and influence the execution of an attack. eLearn. Softw. Educ. 1 (2017)","DOI":"10.12753\/2066-026X-17-075"},{"key":"8_CR32","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-015-7774-8_4","volume-title":"A Simple Game Model of Kidnapping","author":"R Selten","year":"1988","unstructured":"Selten, R., Selten, R.: A Simple Game Model of Kidnapping. Springer, Heidelberg (1988)"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"Shaukat, S.K., Ribeiro, V.J.: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: 2018 10th International Conference on Communication Systems & Networks (COMSNETS), pp. 356\u2013363. IEEE (2018)","DOI":"10.1109\/COMSNETS.2018.8328219"},{"key":"8_CR34","doi-asserted-by":"publisher","first-page":"108346","DOI":"10.1016\/j.compeleceng.2022.108346","volume":"103","author":"S Sheen","year":"2022","unstructured":"Sheen, S., Asmitha, K., Venkatesan, S.: R-sentry: deception based ransomware detection using file access patterns. Comput. Electr. Eng. 103, 108346 (2022)","journal-title":"Comput. Electr. Eng."},{"key":"8_CR35","unstructured":"Spitzner, L.: Honeypots: Tracking Hackers, vol.\u00a01. Addison-Wesley Reading (2003)"},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"Subedi, K.P., Budhathoki, D.R., Chen, B., Dasgupta, D.: RDS3: ransomware defense strategy by using stealthily spare space. In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp.\u00a01\u20138. IEEE (2017)","DOI":"10.1109\/SSCI.2017.8280842"},{"key":"8_CR37","doi-asserted-by":"crossref","unstructured":"Tandon, A., Nayyar, A.: A comprehensive survey on ransomware attack: a growing havoc cyberthreat. In: Data Management, Analytics and Innovation: Proceedings of ICDMAI 2018, vol. 2, pp. 403\u2013420 (2019)","DOI":"10.1007\/978-981-13-1274-8_31"},{"key":"8_CR38","doi-asserted-by":"crossref","unstructured":"Wang, Z., Wu, X., Liu, C., Liu, Q., Zhang, J.: RansomTracer: exploiting cyber deception for ransomware tracing. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 227\u2013234. IEEE (2018)","DOI":"10.1109\/DSC.2018.00040"},{"key":"8_CR39","unstructured":"Wilson, D., Avery, J.: Mitigating data exfiltration in storage-as-a-service clouds. arXiv preprint arXiv:1606.08378 (2016)"},{"key":"8_CR40","unstructured":"Yin, T., Sarabi, A., Liu, M.: Deterrence, backup, or insurance: a game-theoretic analysis of ransomware. In: The Annual Workshop on the Economics of Information Security (WEIS) (2021)"},{"key":"8_CR41","doi-asserted-by":"crossref","unstructured":"Yuill, J., Zappe, M., Denning, D., Feer, F.: HoneyFiles: deceptive files for intrusion detection. In: 2004 Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116\u2013122. IEEE (2004)","DOI":"10.1109\/IAW.2004.1437806"},{"key":"8_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, C., Luo, F., Ranzi, G.: Multistage game theoretical approach for ransomware attack and defense. IEEE Trans. Serv. Comput. (2022)","DOI":"10.1109\/TSC.2022.3220736"},{"key":"8_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-030-90370-1_12","volume-title":"Decision and Game Theory for Security","author":"Y Zhao","year":"2021","unstructured":"Zhao, Y., Ge, Y., Zhu, Q.: Combating ransomware in internet of\u00a0things: a games-in-games approach for\u00a0cross-layer cyber defense and\u00a0security investment. In: Bo\u0161ansk\u00fd, B., Gonzalez, C., Rass, S., Sinha, A. (eds.) GameSec 2021. LNCS, vol. 13061, pp. 208\u2013228. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90370-1_12"}],"container-title":["Lecture Notes in Computer Science","Decision and Game Theory for Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-74835-6_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,10]],"date-time":"2024-10-10T06:03:06Z","timestamp":1728540186000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-74835-6_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,11]]},"ISBN":["9783031748349","9783031748356"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-74835-6_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,11]]},"assertion":[{"value":"11 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GameSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Decision and Game Theory for Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York City, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gamesec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.gamesec-conf.org\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}