{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T17:10:47Z","timestamp":1774717847716,"version":"3.50.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,4]],"date-time":"2025-01-04T00:00:00Z","timestamp":1735948800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,4]],"date-time":"2025-01-04T00:00:00Z","timestamp":1735948800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["23K11108"],"award-info":[{"award-number":["23K11108"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["23K11108"],"award-info":[{"award-number":["23K11108"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1007\/s10207-024-00966-1","type":"journal-article","created":{"date-parts":[[2025,1,4]],"date-time":"2025-01-04T05:51:10Z","timestamp":1735969870000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Real-time open-file backup system with machine-learning detection model for ransomware"],"prefix":"10.1007","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-0594-4620","authenticated-orcid":false,"given":"Kosuke","family":"Higuchi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5956-3455","authenticated-orcid":false,"given":"Ryotaro","family":"Kobayashi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,4]]},"reference":[{"key":"966_CR1","unstructured":"CyberEdge Group: Report Defense Cyberthreat 2023. https:\/\/cyberedgegroup.com\/cdr\/ (2023). Accessed 29 July 2024"},{"key":"966_CR2","doi-asserted-by":"crossref","unstructured":"Caroscio, E., Paul, J., Murray, J., Bhunia, S.: Analyzing the ransomware attack on D.C. metropolitan police department by Babuk. In: Proceedings of the 2022 International Systems Conference (SysCon), pp 1\u20138 (2022)","DOI":"10.1109\/SysCon53536.2022.9773935"},{"key":"966_CR3","doi-asserted-by":"crossref","unstructured":"Alwashali, A. A. M. A., Rahman, N. A. A., Ismail, N.: A Survey of ransomware as a service (RaaS) and methods to mitigate the attack. In: Proceedings of the 14th International Conference on Developments in eSystems Engineering (DeSE), pp 92\u201396 (2021)","DOI":"10.1109\/DeSE54285.2021.9719456"},{"key":"966_CR4","unstructured":"Allianz: Allianz Commercial Cyber Security Trends 2023. https:\/\/commercial.allianz.com\/news-and-insights\/reports\/cyber-security-trends-2023.html (2023). Accessed 29 July 2024"},{"key":"966_CR5","doi-asserted-by":"publisher","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","volume":"8","author":"\u00d6 Aslan","year":"2020","unstructured":"Aslan, \u00d6., Samet, R.: A comprehensive review on malware detection approaches. IEEE Access. 8, 6249\u20136271 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2019.2963724","journal-title":"IEEE Access."},{"issue":"3","key":"966_CR6","doi-asserted-by":"publisher","first-page":"143","DOI":"10.3390\/bdcc7030143","volume":"7","author":"A Amjad","year":"2023","unstructured":"Amjad, A., Algarni, A.: Ransomware detection using machine learning: a survey. Big Data Cognit Comput. 7(3), 143 (2023). https:\/\/doi.org\/10.3390\/bdcc7030143","journal-title":"Big Data Cognit Comput."},{"key":"966_CR7","doi-asserted-by":"publisher","unstructured":"Zhuravchak, D., Dudykevych, V.: Real-time ransomware detection by using eBPF and natural language processing and machine learning. In: Proceedings of the 2023 IEEE 5th International Conference on Advanced Information and Communication Technologies (AICT), pp 1-4 (2023). https:\/\/doi.org\/10.1109\/AICT61584.2023.10452697","DOI":"10.1109\/AICT61584.2023.10452697"},{"issue":"2","key":"966_CR8","first-page":"136","volume":"19","author":"S Kok","year":"2019","unstructured":"Kok, S., Abdullah, A., Jhanjhi, N., Supramaniam, M.: Ransomware, threat and detection techniques: a review. Int. J. Comput. Sci. Netw. Secur. 19(2), 136 (2019)","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"key":"966_CR9","doi-asserted-by":"publisher","unstructured":"Fujinoki, H., Manukonda, L.: Proactive damage prevention from zero-day ransomwares. In: Proceedings of the 2023 5th International Conference on Computer Communication and the Internet (ICCCI), pp 133-141 (2023). https:\/\/doi.org\/10.1109\/ICCCI59363.2023.10210183","DOI":"10.1109\/ICCCI59363.2023.10210183"},{"issue":"9","key":"966_CR10","first-page":"86","volume":"4","author":"SB Surati","year":"2017","unstructured":"Surati, S.B., Prajapati, G.I.: A review on ransomware detection & prevention. Int. J. Res. Sci. Innov. (IJRSI) 4(9), 86\u201391 (2017)","journal-title":"Int. J. Res. Sci. Innov. (IJRSI)"},{"key":"966_CR11","unstructured":"Trend Micro: Rethinking Tactics: 2022 Annual Cybersecurity Roundup. https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/threat-reports (2022). Accessed 29 July 2024"},{"key":"966_CR12","doi-asserted-by":"publisher","unstructured":"Kosuke, H., Ryotaro, K.: Real-time defense system using ebpf for machine learning-based ransomware detection method. In: Proceedings of the 2023 Eleventh International Symposium on Computing and Networking Workshops (CANDARW), pp 213-219 (2023). https:\/\/doi.org\/10.1109\/CANDARW60564.2023.00043","DOI":"10.1109\/CANDARW60564.2023.00043"},{"key":"966_CR13","doi-asserted-by":"crossref","unstructured":"Irshad, A., Maurya, R., Dutta, M. K., Burget, R., Uher, V.: Feature optimization for run time analysis of malware in windows operating system using machine learning approach. In: Proceedings of the 42nd International Conference on Telecommunications and Signal Processing (TSP), pp 255\u2013260 (2019)","DOI":"10.1109\/TSP.2019.8768808"},{"key":"966_CR14","doi-asserted-by":"crossref","unstructured":"Shaukat, K. S., Ribeiro, J. V.: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: Proceedings of the 10th International Conference on Communication System & Networks (COMSNETS), pp 356\u2013368 (2018)","DOI":"10.1109\/COMSNETS.2018.8328219"},{"key":"966_CR15","doi-asserted-by":"crossref","unstructured":"Almousa, M., Osawere, J., Anwar, M.: Identification of ransomware families by analyzing network traffic using machine learning techniques. In: Proceedings of the Third International Conference on Transdisciplinary AI (TransAI), pp 19\u201324 (2021)","DOI":"10.1109\/TransAI51903.2021.00012"},{"key":"966_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118299","author":"E Berrueta","year":"2022","unstructured":"Berrueta, E., Morato, D., Maga\u00f1a, E., Izal, M.: Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic. Expert Syst. Appl. (2022). https:\/\/doi.org\/10.1016\/j.eswa.2022.118299","journal-title":"Expert Syst. Appl."},{"key":"966_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2019.113022","volume":"143","author":"M Wadkar","year":"2022","unstructured":"Wadkar, M., Troia, F.D., Stamp, M.: Detecting malware evolution using support vector machines. Expert Syst. Appl. 143, 113022 (2022)","journal-title":"Expert Syst. Appl."},{"key":"966_CR18","doi-asserted-by":"crossref","unstructured":"Bokolo, B., Jinad, R., Liu, Q.: A comparison study to detect malware using deep learning and machine learning techniques. In: Proceedings of the 6th International Conference on Big Data and Artificial Intelligence (BDAI), pp 1\u20136 (2023)","DOI":"10.1109\/BDAI59165.2023.10256957"},{"key":"966_CR19","doi-asserted-by":"crossref","unstructured":"Maniath, S., Ashok, A., Poornachandran, P., Sujadevi, V. G., Sankar, P. A. U., Jan, S.: Deep learning LSTM based ransomware detection. In: Proceedings of the 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE), pp 442\u2013446 (2017)","DOI":"10.1109\/RDCAPE.2017.8358312"},{"key":"966_CR20","doi-asserted-by":"crossref","unstructured":"Tsunewaki, K., Kimura, T., Cheng, J.: LSTM-based ransomware detection using API call information. In: Proceedings of the International Conference on Consumer Electronics, pp 211\u2013212 (2022)","DOI":"10.1109\/ICCE-Taiwan55306.2022.9869122"},{"issue":"1","key":"966_CR21","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/TDSC.2016.2536605","volume":"15","author":"A Saracino","year":"2018","unstructured":"Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Depend. Secure Comput. 15(1), 83\u201397 (2018). https:\/\/doi.org\/10.1109\/TDSC.2016.2536605","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"966_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108010","volume":"191","author":"L Caviglione","year":"2021","unstructured":"Caviglione, L., Mazurczyk, W., Repetto, M., Schaffhauser, A., Zuppelli, M.: Kernel-level tracing for detecting stegomalware and covert channels in Linux environments. Comput. Netw. 191, 108010 (2021). https:\/\/doi.org\/10.1016\/j.comnet.2021.108010","journal-title":"Comput. Netw."},{"key":"966_CR23","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","volume":"73","author":"JA G\u00f3mez-Hern\u00e1ndez","year":"2018","unstructured":"G\u00f3mez-Hern\u00e1ndez, J.A., \u00c1lvarez-Gonz\u00e1lez, L., Garc\u00eda-Teodoro, P.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389\u2013398 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.019","journal-title":"Comput. Secur."},{"key":"966_CR24","doi-asserted-by":"crossref","unstructured":"Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Proceedings of the 21st International Symposium on Research in Attacks, Intrusions and Defenses, pp 114\u2013136 (2018)","DOI":"10.1007\/978-3-030-00470-5_6"},{"key":"966_CR25","doi-asserted-by":"crossref","unstructured":"Zhuravchak, D., Ustyianovych, T., Dudykevych, V., Venny, B., Ruda, K.: Ransomware prevention system design based on file symbolic linking honeypots. In: Proceedings of the 11th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), pp 284\u2013287 (2021)","DOI":"10.1109\/IDAACS53288.2021.9660913"},{"key":"966_CR26","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1016\/j.compeleceng.2019.07.014","volume":"78","author":"S Lee","year":"2019","unstructured":"Lee, S., Kim, H.K., Kim, K.: Ransomware protection using the moving target defense perspective. Comput. Electr. Eng. 78, 288\u2013299 (2019). https:\/\/doi.org\/10.1016\/j.compeleceng.2019.07.014","journal-title":"Comput. Electr. Eng."},{"issue":"4","key":"966_CR27","doi-asserted-by":"publisher","first-page":"79","DOI":"10.3390\/computers8040079","volume":"8","author":"SH Kok","year":"2019","unstructured":"Kok, S.H., Abdullah, A., Jhanjhi, N., Supramaniam, M.: Prevention of crypto-ransomware using a pre-encryption detection algorithm. Computers 8(4), 79 (2019). https:\/\/doi.org\/10.3390\/computers8040079","journal-title":"Computers"},{"key":"966_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2016\/2946735","volume":"2016","author":"S Song","year":"2016","unstructured":"Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on android platform. Mob. Inf. Syst. 2016, 1\u20139 (2016). https:\/\/doi.org\/10.1155\/2016\/2946735","journal-title":"Mob. Inf. Syst."},{"key":"966_CR29","doi-asserted-by":"publisher","unstructured":"Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using SDN. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp 1-6 (2018). https:\/\/doi.org\/10.1145\/3180465.3180467","DOI":"10.1145\/3180465.3180467"},{"key":"966_CR30","unstructured":"Jung, J., Jeon, C., Wolotsky, M., Yun, I., Kim, T.: AVPASS: leaking and bypassing antivirus detection model automatically. In: Black Hat USA - Briefings, Las Vegas, NV, USA (2017)"},{"key":"966_CR31","doi-asserted-by":"publisher","unstructured":"Monika, Zavarsky, P., Lindskog, D.: Experimental analysis of ransomware on windows and android platforms: evolution and characterization. In: Procedia Computer Science 94, 465-472 (2016). https:\/\/doi.org\/10.1016\/j.procs.2016.08.072","DOI":"10.1016\/j.procs.2016.08.072"},{"key":"966_CR32","unstructured":"Draios. https:\/\/github.com\/draios\/sysdig(2014). Accessed 25 Oct 2024"},{"key":"966_CR33","unstructured":"Falcosecurity. https:\/\/github.com\/falcosecurity\/falco(2016). Accessed 25 Oct 2024"},{"key":"966_CR34","unstructured":"What is eBPF? An introduction and deep dive into the eBPF technology. https:\/\/ebpf.io\/what-is-ebpf (2023). Accessed 25 Mar 2023"},{"key":"966_CR35","unstructured":"BCC - tools for BPF-based linux IO analysis, networking, monitoring, and more. https:\/\/github.com\/iovisor\/bcc (2023). Accessed 25 Mar 2023"},{"key":"966_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301330","author":"SR Davies","year":"2022","unstructured":"Davies, S.R., Macfarlane, R., Buchanan, W.J.: NapierOne: a modern mixed file data set alternative to Govdocs1. Forensic Sci. Int. Digit. Investig. (2022). https:\/\/doi.org\/10.1016\/j.fsidi.2021.301330","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"966_CR37","doi-asserted-by":"publisher","unstructured":"Alzahrani, S., Xiao, Y., Sun, W.: An analysis of conti ransomware leaked source codes. IEEE Access 10, 100178\u2013100193 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3207757","DOI":"10.1109\/ACCESS.2022.3207757"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00966-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00966-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00966-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:19:21Z","timestamp":1739337561000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00966-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,4]]},"references-count":37,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["966"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00966-1","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,4]]},"assertion":[{"value":"4 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"54"}}