{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T08:46:56Z","timestamp":1769849216412,"version":"3.49.0"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2023,6,8]],"date-time":"2023-06-08T00:00:00Z","timestamp":1686182400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,6,8]],"date-time":"2023-06-08T00:00:00Z","timestamp":1686182400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2024,4]]},"DOI":"10.1007\/s10586-023-04043-5","type":"journal-article","created":{"date-parts":[[2023,6,8]],"date-time":"2023-06-08T15:02:06Z","timestamp":1686236526000},"page":"1867-1881","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Ransomware early detection using deep reinforcement learning on portable executable header"],"prefix":"10.1007","volume":"27","author":[{"given":"XiZhen","family":"Deng","sequence":"first","affiliation":[]},{"given":"MingCan","family":"Cen","sequence":"additional","affiliation":[]},{"given":"M.","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Meiqu","family":"Lu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,6,8]]},"reference":[{"key":"4043_CR1","unstructured":"Teymourlouei, H.: Preventative measures in cyber & ransomware attacks for home & small businesses\u2019 data. In: Proceedings of the international conference on scientific computing (CSC), pp. 87\u201393 (2018)"},{"key":"4043_CR2","doi-asserted-by":"crossref","unstructured":"Ganta, V.G., Harish, G.V., Kumar, V.P., Rao, G.R.K.: Ransomware detection in executable files using machine learning. In: Proceedings of the IEEE 2020 international conference on recent trends on electronics, information, communication & technology (RTEICT), pp. 282\u2013286 (2020)","DOI":"10.1109\/RTEICT49044.2020.9315672"},{"issue":"4","key":"4043_CR3","doi-asserted-by":"publisher","first-page":"2597","DOI":"10.1007\/s11277-020-07166-9","volume":"112","author":"J Hwang","year":"2020","unstructured":"Hwang, J., Kim, J., Lee, S., Kim, K.: Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wirel. Pers. Commun. 112(4), 2597\u20132609 (2020)","journal-title":"Wirel. Pers. Commun."},{"key":"4043_CR4","unstructured":"Tencent: Ransomware attack white paper: characteristics, trends and solutions (2021)"},{"key":"4043_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10489-022-03244-6","volume":"52","author":"U Zahoora","year":"2022","unstructured":"Zahoora, U., Rajarajan, M., Pan, Z., Khan, A.: Zero-day ransomware attack detection using deep contractive autoencoder and voting based ensemble classifier. Appl. Intell. 52, 1\u201320 (2022)","journal-title":"Appl. Intell."},{"issue":"1","key":"4043_CR6","doi-asserted-by":"publisher","first-page":"8","DOI":"10.3390\/su14010008","volume":"14","author":"A Kapoor","year":"2021","unstructured":"Kapoor, A., Gupta, A., Gupta, R., Tanwar, S., Sharma, G., Davidson, I.E.: Ransomware detection, avoidance, and mitigation scheme: a review and future directions. Sustainability 14(1), 8 (2021)","journal-title":"Sustainability"},{"issue":"18","key":"4043_CR7","doi-asserted-by":"publisher","first-page":"5422","DOI":"10.1002\/cpe.5422","volume":"32","author":"SI Bae","year":"2020","unstructured":"Bae, S.I., Lee, G.B., Im, E.G.: Ransomware detection using machine learning algorithms. Concurr. Comput. 32(18), 5422 (2020)","journal-title":"Concurr. Comput."},{"key":"4043_CR8","doi-asserted-by":"crossref","unstructured":"Bijitha, C., Sukumaran, R., Nath, H.V.: A survey on ransomware detection techniques. In: Secure knowledge management in artificial intelligence era: 8th international conference, SKM 2019, Goa, India, December 21\u201322, 2019, Proceedings 8, pp. 55\u2013 68. Springer (2020)","DOI":"10.1007\/978-981-15-3817-9_4"},{"key":"4043_CR9","doi-asserted-by":"crossref","unstructured":"Medhat, M., Gaber, S., Abdelbaki, N.: A new static-based framework for ransomware detection. In: 2018 IEEE 16th intl conf on dependable, autonomic and secure computing, 16th intl conf on pervasive intelligence and computing, 4th intl conf on big data intelligence and computing and cyber science and technology congress (DASC\/PiCom\/DataCom\/CyberSciTech), pp. 710\u2013 715 (2018)","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00124"},{"key":"4043_CR10","unstructured":"Feng, Y., Liu, C., Liu, B.: Poster: A new approach to detecting ransomware with deception. In: Proceedings of the 38th IEEE symposium on security and privacy (2017)"},{"key":"4043_CR11","doi-asserted-by":"crossref","unstructured":"Ahmadian, M.M., Shahriari, H.R.: 2entfox: a framework for high survivable ransomwares detection. In: 2016 13th International Iranian society of cryptology conference on information security and cryptology (ISCISC), pp. 79\u201384 (2016)","DOI":"10.1109\/ISCISC.2016.7736455"},{"key":"4043_CR12","doi-asserted-by":"crossref","unstructured":"Van\u00a0Hasselt, H., Guez, A., Silver, D.: Deep reinforcement learning with double q-learning. In: Proceedings of the AAAI conference on artificial intelligence. (2016)","DOI":"10.1609\/aaai.v30i1.10295"},{"key":"4043_CR13","unstructured":"Pieter, A.: Explained: YARA rules. https:\/\/blog.malwarebytes.com\/security-world\/technology\/2017\/09\/explained-yara-rules (2017). Accessed 5 Dec 2021"},{"key":"4043_CR14","doi-asserted-by":"crossref","unstructured":"Vinayakumar, R., Soman, K., Velan, K.S., Ganorkar, S.: Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 Proceedings of the IEEE international conference on advances in computing, communications and informatics (ICACCI) (ICACCI), pp. 259\u2013265 (2017)","DOI":"10.1109\/ICACCI.2017.8125850"},{"issue":"5","key":"4043_CR15","doi-asserted-by":"publisher","first-page":"1286","DOI":"10.1109\/TIFS.2017.2787905","volume":"13","author":"J Chen","year":"2017","unstructured":"Chen, J., Wang, C., Zhao, Z., Chen, K., Du, R., Ahn, G.-J.: Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13(5), 1286\u20131300 (2017)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"4043_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2020.113400","volume":"138","author":"G Ramesh","year":"2020","unstructured":"Ramesh, G., Menen, A.: Automated dynamic approach for detecting ransomware using finite-state machine. Decis. Support Syst. 138, 113400 (2020)","journal-title":"Decis. Support Syst."},{"issue":"3","key":"4043_CR17","first-page":"586","volume":"49","author":"C-Q Chen","year":"2021","unstructured":"Chen, C.-Q., Cuo, C., Cui, Y.-H., Shen, G.-W., Jiang, C.-H.: Ransomware early detection method based on short API sequence. Acta Electonica Sin. 49(3), 586 (2021)","journal-title":"Acta Electonica Sin."},{"key":"4043_CR18","unstructured":"Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: $$\\{$$UNVEIL$$\\}$$: A $$\\{$$Large-Scale$$\\}$$, automated approach to detecting ransomware. In: Proceedings of the 25th USENIX security symposium (USENIX Security 16), pp. 757\u2013772 (2016)"},{"key":"4043_CR19","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.future.2018.07.052","volume":"90","author":"H Zhang","year":"2019","unstructured":"Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A.K.: Classification of ransomware families with machine learning based on n-gram of opcodes. Future Gener. Comput. Syst. 90, 211\u2013221 (2019)","journal-title":"Future Gener. Comput. Syst."},{"key":"4043_CR20","doi-asserted-by":"publisher","first-page":"708","DOI":"10.1016\/j.future.2019.09.025","volume":"110","author":"B Zhang","year":"2020","unstructured":"Zhang, B., Xiao, W., Xiao, X., Sangaiah, A.K., Zhang, W., Zhang, J.: Ransomware classification using patch-based CNN and self-attention network on embedded n-grams of opcodes. Future Gener. Comput. Syst. 110, 708\u2013720 (2020)","journal-title":"Future Gener. Comput. Syst."},{"issue":"4","key":"4043_CR21","first-page":"31","volume":"20","author":"C-Q Chen","year":"2020","unstructured":"Chen, C.-Q., Cuo, C., Shen, G.-W.: A ransomware classification method based on visualization. Netinfo Secur. 20(4), 31\u201339 (2020)","journal-title":"Netinfo Secur."},{"key":"4043_CR22","doi-asserted-by":"crossref","unstructured":"Baldwin, J., Dehghantanha, A.: Leveraging support vector machine for opcode density based detection of crypto-ransomware. Cyber Threat Intell. 107\u2013136 (2018)","DOI":"10.1007\/978-3-319-73951-9_6"},{"issue":"1","key":"4043_CR23","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/s40031-020-00499-w","volume":"102","author":"S Sharma","year":"2021","unstructured":"Sharma, S., Singh, S.: Texture-based automated classification of ransomware. J. Inst. Eng. (India) Ser. B 102(1), 131\u2013142 (2021)","journal-title":"J. Inst. Eng. (India) Ser. B"},{"key":"4043_CR24","volume":"60","author":"T Rezaei","year":"2021","unstructured":"Rezaei, T., Manavi, F., Hamzeh, A.: A PE header-based method for malware detection using clustering and deep embedding techniques. J. Inf. Secur. Appl. 60, 102876 (2021)","journal-title":"J. Inf. Secur. Appl."},{"issue":"3","key":"4043_CR25","first-page":"10","volume":"16","author":"D Vidyarthi","year":"2019","unstructured":"Vidyarthi, D., Kumar, C., Rakshit, S., Chansarkar, S.: Static malware analysis to identify ransomware properties. Int. J. Comput. Sci. Issues (IJCSI) 16(3), 10\u201317 (2019)","journal-title":"Int. J. Comput. Sci. Issues (IJCSI)"},{"key":"4043_CR26","doi-asserted-by":"crossref","unstructured":"Manavi, F., Hamzeh, A.: Static detection of ransomware using LSTM network and PE header. In: Proceedings of the 26th international computer conference, computer Society of Iran (CSICC), pp. 1\u20135 (2021).","DOI":"10.1109\/CSICC52343.2021.9420580"},{"key":"4043_CR27","unstructured":"Ashraf, A., Aziz, A., Zahoora, U., Rajarajan, M., Khan, A.: Ransomware analysis using feature engineering and deep neural networks. arXiv:1910.00286 (2019)"},{"key":"4043_CR28","volume-title":"Cuckoo malware analysis","author":"D Oktavianto","year":"2013","unstructured":"Oktavianto, D., Muhardianto, I.: Cuckoo malware analysis. Packt Publishing Ltd., Birmingham (2013)"},{"key":"4043_CR29","unstructured":"Microsoft: PE Format. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/pe-format (2022). Accessed 7 June 2022"},{"key":"4043_CR30","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1016\/j.future.2023.02.014","volume":"144","author":"C Liu","year":"2023","unstructured":"Liu, C., Lu, J., Feng, W., Du, E., Di, L., Song, Z.: Mobipcr: efficient, accurate, and strict ML-based mobile malware detection. Future Gener. Comput. Syst. 144, 140\u2013150 (2023)","journal-title":"Future Gener. Comput. Syst."},{"key":"4043_CR31","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.future.2022.08.002","volume":"137","author":"K Kong","year":"2022","unstructured":"Kong, K., Zhang, Z., Guo, C., Han, J., Long, G.: PMMSA: security analysis system for android wearable applications based on permission matching and malware similarity analysis. Future Gener. Comput. Syst. 137, 349\u2013362 (2022)","journal-title":"Future Gener. Comput. Syst."},{"issue":"4","key":"4043_CR32","doi-asserted-by":"publisher","first-page":"800","DOI":"10.3390\/jcp2040041","volume":"2","author":"U-E-H Tayyab","year":"2022","unstructured":"Tayyab, U.-E.-H., Khan, F.B., Durad, M.H., Khan, A., Lee, Y.S.: A survey of the recent trends in deep learning based malware detection. J. Cybersecur. Priv. 2(4), 800\u2013829 (2022)","journal-title":"J. Cybersecur. Priv."},{"key":"4043_CR33","unstructured":"Tamar, A., Mannor, S., Xu, H.: Scaling up robust mdps using function approximation. In: International conference on machine learning, pp. 181\u2013189 (2014)"},{"key":"4043_CR34","doi-asserted-by":"crossref","unstructured":"Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. IJCAI (2018)","DOI":"10.24963\/ijcai.2018\/775"},{"key":"4043_CR35","doi-asserted-by":"publisher","first-page":"867","DOI":"10.1007\/s10796-020-10083-8","volume":"23","author":"H Rathore","year":"2021","unstructured":"Rathore, H., Sahay, S.K., Nikam, P., Sewak, M.: Robust android malware detection system against adversarial attacks using q-learning. Inf. Syst. Front. 23, 867\u2013882 (2021)","journal-title":"Inf. Syst. Front."},{"issue":"2","key":"4043_CR36","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1080\/23742917.2018.1495375","volume":"2","author":"S Dowling","year":"2018","unstructured":"Dowling, S., Schukat, M., Barrett, E.: Improving adaptive honeypot functionality with efficient reinforcement learning parameters for automated malware. J. Cyber Secur. Technol. 2(2), 75\u201391 (2018)","journal-title":"J. Cyber Secur. Technol."},{"issue":"1\u20132","key":"4043_CR37","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1016\/S0004-3702(98)00023-X","volume":"101","author":"LP Kaelbling","year":"1998","unstructured":"Kaelbling, L.P., Littman, M.L., Cassandra, A.R.: Planning and acting in partially observable stochastic domains. Artif. Intell. 101(1\u20132), 99\u2013134 (1998)","journal-title":"Artif. Intell."},{"issue":"7540","key":"4043_CR38","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1038\/nature14236","volume":"518","author":"V Mnih","year":"2015","unstructured":"Mnih, V., Kavukcuoglu, K., Silver, D., Rusu, A.A., Veness, J., Bellemare, M.G., Graves, A., Riedmiller, M., Fidjeland, A.K., Ostrovski, G., et al.: Human-level control through deep reinforcement learning. Nature 518(7540), 529\u2013533 (2015)","journal-title":"Nature"},{"key":"4043_CR39","doi-asserted-by":"crossref","unstructured":"Continella, A., Guagnelli, A., Zingaro, G., De\u00a0Pasquale, G., Barenghi, A., Zanero, S., Maggi, F.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd annual conference on computer security applications, pp. 336\u2013 347 (2016)","DOI":"10.1145\/2991079.2991110"},{"issue":"11","key":"4043_CR40","first-page":"2579","volume":"9","author":"L Van der Maaten","year":"2008","unstructured":"Van der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9(11), 2579 (2008)","journal-title":"J. Mach. Learn. Res."},{"key":"4043_CR41","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-021-00414-x","volume":"18","author":"F Manavi","year":"2022","unstructured":"Manavi, F., Hamzeh, A.: A novel approach for ransomware detection based on PE header using graph embedding. J. Comput. Virol. Hack. Tech. 18, 1\u201312 (2022)","journal-title":"J. Comput. Virol. Hack. Tech."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-023-04043-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-023-04043-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-023-04043-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,2]],"date-time":"2024-04-02T17:28:58Z","timestamp":1712078938000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-023-04043-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,8]]},"references-count":41,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,4]]}},"alternative-id":["4043"],"URL":"https:\/\/doi.org\/10.1007\/s10586-023-04043-5","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,8]]},"assertion":[{"value":"23 August 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 May 2023","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 May 2023","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 June 2023","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declared no potential conflicts of interest with respect to the research, authorship, and\/or publication of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Written informed consent for publication of this paper was obtained from the Guangxi Normal University and all authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}