{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T02:56:07Z","timestamp":1775271367160,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":31,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819777365","type":"print"},{"value":"9789819777372","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-7737-2_12","type":"book-chapter","created":{"date-parts":[[2024,9,13]],"date-time":"2024-09-13T10:03:10Z","timestamp":1726221790000},"page":"213-233","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["File System Shield (FSS): A Pass-Through Strategy Against Unwanted Encryption in\u00a0Network File Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0487-0615","authenticated-orcid":false,"given":"Arash","family":"Mahboubi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6353-8359","authenticated-orcid":false,"given":"Seyit","family":"Camtepe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9969-7682","authenticated-orcid":false,"given":"Keyvan","family":"Ansari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5145-9220","authenticated-orcid":false,"given":"Marcin","family":"Paw\u0142owski","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3349-8645","authenticated-orcid":false,"given":"Pawe\u0142","family":"Morawiecki","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9559-809X","authenticated-orcid":false,"given":"Jarek","family":"Duda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1917-6466","authenticated-orcid":false,"given":"Josef","family":"Pieprzyk","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,13]]},"reference":[{"key":"12_CR1","unstructured":"Al-rimy, B.A.S., Maarof, M.A., Prasetyo, Y.A., Shaid, S.Z.M., Ariffin, A.F.M.: Zero-day aware decision fusion-based model for crypto-ransomware early detection. Int. J. Integr. Eng. 10(6) (2018)"},{"key":"12_CR2","doi-asserted-by":"publisher","unstructured":"Baek, S., Jung, Y., Mohaisen, A., Lee, S., Nyang, D.: SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 875\u2013884 (2018). https:\/\/doi.org\/10.1109\/ICDCS.2018.00089","DOI":"10.1109\/ICDCS.2018.00089"},{"key":"12_CR3","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-319-73951-9_6","volume-title":"Cyber Threat Intelligence","author":"J Baldwin","year":"2018","unstructured":"Baldwin, J., Dehghantanha, A.: Leveraging support vector machine for opcode density based detection of crypto-ransomware. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds.) Cyber Threat Intelligence. AIS, vol. 70, pp. 107\u2013136. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-73951-9_6"},{"key":"12_CR4","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-981-15-3817-9_4","volume-title":"Secure Knowledge Management In Artificial Intelligence Era","author":"CV Bijitha","year":"2020","unstructured":"Bijitha, C.V., Sukumaran, R., Nath, H.V.: A survey on ransomware detection techniques. In: Sahay, S.K., Goel, N., Patil, V., Jadliwala, M. (eds.) SKM 2019. CCIS, vol. 1186, pp. 55\u201368. Springer, Singapore (2020). https:\/\/doi.org\/10.1007\/978-981-15-3817-9_4"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"Cabaj, K., Gregorczyk, M., Mazurczyk, W.: Software-defined networking-based crypto ransomware detection using http traffic characteristics. Comput. Electr. Eng. 66, 353\u2013368 (2018). https:\/\/doi.org\/10.1016\/j.compeleceng.2017.10.012, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0045790617333542","DOI":"10.1016\/j.compeleceng.2017.10.012"},{"issue":"6","key":"12_CR6","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MNET.2016.1600110NM","volume":"30","author":"K Cabaj","year":"2016","unstructured":"Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14\u201320 (2016). https:\/\/doi.org\/10.1109\/MNET.2016.1600110NM","journal-title":"IEEE Netw."},{"key":"12_CR7","doi-asserted-by":"publisher","first-page":"3859","DOI":"10.1109\/TIFS.2021.3096026","volume":"16","author":"S Camtepe","year":"2021","unstructured":"Camtepe, S., et al.: Compcrypt-lightweight ANS-based compression and encryption. IEEE Trans. Inf. Forensics Secur. 16, 3859\u20133873 (2021). https:\/\/doi.org\/10.1109\/TIFS.2021.3096026","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"12_CR8","doi-asserted-by":"publisher","unstructured":"Chen, Q., Bridges, R.A.: Automated behavioral analysis of malware: a case study of wannacry ransomware. In: 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 454\u2013460 (2017). https:\/\/doi.org\/10.1109\/ICMLA.2017.0-119","DOI":"10.1109\/ICMLA.2017.0-119"},{"key":"12_CR9","doi-asserted-by":"publisher","unstructured":"Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 336\u2013347. Association for Computing Machinery, New York (2016). https:\/\/doi.org\/10.1145\/2991079.2991110","DOI":"10.1145\/2991079.2991110"},{"key":"12_CR10","doi-asserted-by":"publisher","unstructured":"Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using SDN. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. SDN-NFV Sec 2018, pp. 1\u20136. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3180465.3180467","DOI":"10.1145\/3180465.3180467"},{"key":"12_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-319-93411-2_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"ZA Gen\u00e7","year":"2018","unstructured":"Gen\u00e7, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234\u2013255. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93411-2_11"},{"key":"12_CR12","doi-asserted-by":"publisher","unstructured":"G\u00f3mez-Hern\u00e1ndez, J., \u00c1lvarez Gonz\u00e1lez, L., Garc\u00eda-Teodoro, P.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389\u2013398 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.019, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404817302560","DOI":"10.1016\/j.cose.2017.11.019"},{"key":"12_CR13","doi-asserted-by":"publisher","unstructured":"Harikrishnan, N., Soman, K.: Detecting ransomware using GURLS. In: 2018 Second International Conference on Advances in Electronics, Computers and Communications (ICAECC), pp.\u00a01\u20136 (2018). https:\/\/doi.org\/10.1109\/ICAECC.2018.8479444","DOI":"10.1109\/ICAECC.2018.8479444"},{"key":"12_CR14","doi-asserted-by":"publisher","unstructured":"Homayoun, S., et al.: DRTHIS: deep ransomware threat hunting and intelligence system at the fog layer. Futur. Gener. Comput. Syst. 90, 94\u2013104 (2019). https:\/\/doi.org\/10.1016\/j.future.2018.07.045, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167739X17328467","DOI":"10.1016\/j.future.2018.07.045"},{"key":"12_CR15","doi-asserted-by":"publisher","unstructured":"Honda, T., Mukaiyama, K., Shirai, T., Ohki, T., Nishigaki, M.: Ransomware detection considering user\u2019s document editing. In: 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), pp. 907\u2013914 (2018). https:\/\/doi.org\/10.1109\/AINA.2018.00133","DOI":"10.1109\/AINA.2018.00133"},{"key":"12_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"304","DOI":"10.1007\/978-3-540-88682-2_24","volume-title":"Computer Vision \u2013 ECCV 2008","author":"H Jegou","year":"2008","unstructured":"Jegou, H., Douze, M., Schmid, C.: Hamming embedding and weak geometric consistency for large scale image search. In: Forsyth, D., Torr, P., Zisserman, A. (eds.) ECCV 2008. LNCS, vol. 5302, pp. 304\u2013317. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-88682-2_24"},{"issue":"20","key":"12_CR17","doi-asserted-by":"publisher","first-page":"6731","DOI":"10.1007\/s00500-018-3257-z","volume":"22","author":"S Jung","year":"2018","unstructured":"Jung, S., Won, Y.: Ransomware detection method based on context-aware entropy analysis. Soft Comput. 22(20), 6731\u20136740 (2018). https:\/\/doi.org\/10.1007\/s00500-018-3257-z","journal-title":"Soft Comput."},{"key":"12_CR18","unstructured":"Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 757\u2013772. USENIX Association, Austin (2016). https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/kharaz"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-20550-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Kharraz","year":"2015","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the Gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3\u201324. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_1"},{"key":"12_CR20","doi-asserted-by":"publisher","first-page":"110205","DOI":"10.1109\/ACCESS.2019.2931136","volume":"7","author":"K Lee","year":"2019","unstructured":"Lee, K., Lee, S.Y., Yim, K.: Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access 7, 110205\u2013110215 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2931136","journal-title":"IEEE Access"},{"key":"12_CR21","unstructured":"Li, Y., Sundaramurthy, S.C., Bardas, A.G., Ou, X., Caragea, D., Hu, X., Jang, J.: Experimental study of fuzzy hashing in malware clustering analysis. In: 8th Workshop on Cyber Security Experimentation and Test (CSET 15). USENIX Association, Washington, D.C. (2015). https:\/\/www.usenix.org\/conference\/cset15\/workshop-program\/presentation\/li"},{"key":"12_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-030-67550-9_5","volume-title":"Mobile, Secure, and Programmable Networking","author":"A Mahboubi","year":"2021","unstructured":"Mahboubi, A., Ansari, K., Camtepe, S.: Using process mining to identify file system metrics impacted by ransomware execution. In: Bouzefrane, S., Laurent, M., Boumerdassi, S., Renault, E. (eds.) MSPN 2020. LNCS, vol. 12605, pp. 57\u201371. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-67550-9_5"},{"issue":"2","key":"12_CR23","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1109\/LCA.2018.2883431","volume":"17","author":"D Min","year":"2018","unstructured":"Min, D., et al.: Amoeba: an autonomous backup and recovery SSD for ransomware attack defense. IEEE Comput. Archit. Lett. 17(2), 245\u2013248 (2018). https:\/\/doi.org\/10.1109\/LCA.2018.2883431","journal-title":"IEEE Comput. Archit. Lett."},{"key":"12_CR24","doi-asserted-by":"publisher","unstructured":"Morato, D., Berrueta, E., Maga\u00f1a, E., Izal, M.: Ransomware early detection by the analysis of file sharing traffic. J. Netw. Comput. Appl. 124, 14\u201332 (2018). https:\/\/doi.org\/10.1016\/j.jnca.2018.09.013, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S108480451830300X","DOI":"10.1016\/j.jnca.2018.09.013"},{"key":"12_CR25","unstructured":"Nelson, M., Gailly, J.L.: The Data Compression Book, vol.\u00a02. M &t Books, New York (1996)"},{"key":"12_CR26","doi-asserted-by":"publisher","unstructured":"Netto, D.F., Shony, K.M., Lalson, E.R.: An integrated approach for detecting ransomware using static and dynamic analysis. In: 2018 International CET Conference on Control, Communication, and Computing (IC4), pp. 410\u2013414 (2018). https:\/\/doi.org\/10.1109\/CETIC4.2018.8531017","DOI":"10.1109\/CETIC4.2018.8531017"},{"key":"12_CR27","doi-asserted-by":"publisher","unstructured":"Paik, J.Y., Choi, J.H., Jin, R., Wang, J., Cho, E.S.: A storage-level detection mechanism against crypto-ransomware. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 2258\u20132260. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3243734.3278491","DOI":"10.1145\/3243734.3278491"},{"key":"12_CR28","doi-asserted-by":"publisher","unstructured":"Ramesh, G., Menen, A.: Automated dynamic approach for detecting ransomware using finite-state machine. Decis. Support Syst. 138, 113400 (2020). https:\/\/doi.org\/10.1016\/j.dss.2020.113400, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S016792362030155X","DOI":"10.1016\/j.dss.2020.113400"},{"key":"12_CR29","doi-asserted-by":"publisher","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312 (2016). https:\/\/doi.org\/10.1109\/ICDCS.2016.46","DOI":"10.1109\/ICDCS.2016.46"},{"key":"12_CR30","doi-asserted-by":"publisher","unstructured":"Takeuchi, Y., Sakai, K., Fukumoto, S.: Detecting ransomware using support vector machines. In: Proceedings of the 47th International Conference on Parallel Processing Companion, ICPP 2018. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3229710.3229726","DOI":"10.1145\/3229710.3229726"},{"key":"12_CR31","unstructured":"Vangoor, B.K.R., Tarasov, V., Zadok, E.: To FUSE or not to FUSE: performance of user-space file systems. In: 15th USENIX Conference on File and Storage Technologies (FAST 2017), pp. 59\u201372. USENIX Association, Santa Clara (2017). https:\/\/www.usenix.org\/conference\/fast17\/technical-sessions\/presentation\/vangoor"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-7737-2_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,13]],"date-time":"2024-09-13T10:04:58Z","timestamp":1726221898000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-7737-2_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819777365","9789819777372"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-7737-2_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"13 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IWSEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kyoto","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwsec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iwsec.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}