{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T10:18:52Z","timestamp":1779099532613,"version":"3.51.4"},"reference-count":68,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2020,6,14]],"date-time":"2020-06-14T00:00:00Z","timestamp":1592092800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,6,14]],"date-time":"2020-06-14T00:00:00Z","timestamp":1592092800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1812599"],"award-info":[{"award-number":["1812599"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2021,4]]},"DOI":"10.1007\/s10796-020-10017-4","type":"journal-article","created":{"date-parts":[[2020,6,14]],"date-time":"2020-06-14T03:24:37Z","timestamp":1592105077000},"page":"299-315","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":73,"title":["DeepRan: Attention-based BiLSTM and CRF for Ransomware Early Detection and Classification"],"prefix":"10.1007","volume":"23","author":[{"given":"Krishna Chandra","family":"Roy","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0130-5901","authenticated-orcid":false,"given":"Qian","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,6,14]]},"reference":[{"key":"10017_CR1","unstructured":"Siegel, B. (2019). Ransomware payments rise as public sector is targeted, new variants enter the market, 11. https:\/\/securityboulevard.com\/2019\/11\/ransomware-payments-rise-as-public-sector-is-targeted-new-variants-enter-the-market\/."},{"key":"10017_CR2","unstructured":"Challita, A. (2018). The four most popular methods hackers use to spread ransomware, 08. https:\/\/www.itproportal.com\/features\/the-four-most-popular-methods-hackers-use-to-spread-ransomware\/."},{"key":"10017_CR3","unstructured":"Dobran, B. (2019). 27 terrifying ransomware statistics & facts you need to read, 01. https:\/\/phoenixnap.com\/blog\/ransomware-statistics-facts."},{"key":"10017_CR4","unstructured":"Davis, J. (2019). 71% of ransomware attacks targeted small businesses in 2018, 03. https:\/\/healthitsecurity.com\/news\/71-of-ransomware-attacks-targeted-small-businesses-in-2018."},{"key":"10017_CR5","unstructured":"Shi, F. (2019). Threat spotlight: Government ransomware attacks, 08. https:\/\/blog.barracuda.com\/2019\/08\/28\/threat-spotlight-government-ransomware-attacks\/."},{"key":"10017_CR6","unstructured":"Cook, S. (2019). 2017-2019 ransomware statistics and facts, 06. https:\/\/www.comparitech.com\/antivirus\/ransomware-statistics\/."},{"key":"10017_CR7","unstructured":"Andone, D. (2019). 3 alabama hospitals are accepting patients again after a ransomware attack on its computers, 10. https:\/\/www.cnn.com\/2019\/10\/11\/us\/alabama-hospital-ransomware-attack\/index.html."},{"key":"10017_CR8","unstructured":"Cimpanu, C. (2019). Second florida city pays giant ransom to ransomware gang in a week, 06. https:\/\/www.zdnet.com\/article\/second-florida-city-pays-giant-ransom-to-ransomware-gang-in-a-week\/."},{"key":"10017_CR9","unstructured":"Bridges, R.A., Iannacone, M.D., Goodall, J.R., & Beaver, J.M. (2018). How do information security workers use host data? a summary of interviews with security analysts, arXiv:1812.02867."},{"key":"10017_CR10","doi-asserted-by":"crossref","unstructured":"Turcotte, M.J., Kent, A.D., & Hash, C. (2017). Unified host and network data set, ArXiv e-prints.","DOI":"10.1142\/9781786345646_001"},{"key":"10017_CR11","unstructured":"Windows Logging Service. (2020). https:\/\/www.federallabs.org\/successes\/success-stories\/windows-logging-service."},{"key":"10017_CR12","unstructured":"Campus, K.C.N.S. (2017). Windows logging service, 08. https:\/\/kcnsc.doe.gov\/docs\/default-source\/kcnsc-software\/windows-logging-service-summary_073117.pdf?sfvrsn= 26b745c4_2."},{"key":"10017_CR13","unstructured":"Olbrich, C. (2016). A close look at ransomware by the example of vipasana, 10. https:\/\/www.boxcryptor.com\/en\/blog\/post\/a-close-look-at-ransomware-vipasana-part-i\/."},{"key":"10017_CR14","unstructured":"Meskauskas, T. (2019). Xorist ransomware removal instructions, 4. https:\/\/www.pcrisk.com\/removal-guides\/9905-xorist-ransomware."},{"key":"10017_CR15","unstructured":"Detailed technical analysis of xorist ransomware (ransomware report), 05. (2018). https:\/\/www.howtoremoveit.info\/technical-analysis-report-xorist-ransomware\/."},{"key":"10017_CR16","unstructured":"Teslacrypt ransomware attacks. (2020). https:\/\/usa.kaspersky.com\/resource-center\/threats\/teslacrypt."},{"key":"10017_CR17","unstructured":"INTELLIGENCE, D.S.C.T.U.T. (2015). Teslacrypt ransomware, 05. https:\/\/www.secureworks.com\/research\/teslacrypt-ransomware-threat-analysis."},{"key":"10017_CR18","unstructured":"Meskauskas, T. (2017). Fantom ransomware, 06. https:\/\/www.pcrisk.com\/removal-guides\/10418-fantom-ransomware."},{"key":"10017_CR19","unstructured":"Morparia, J. (2016). Ransom.jigsaw, 08. https:\/\/www.symantec.com\/security-center\/writeup\/2016-041123-3256-99."},{"key":"10017_CR20","unstructured":"Kiguolis, L. (2019). Remove jigsaw ransomware \/ virus (removal instructions), 11. https:\/\/www.2-spyware.com\/remove-jigsaw-ransomware-virus.html."},{"key":"10017_CR21","unstructured":"Perlroth, N., & Boeing possibly hit by \u2019wannacry\u2019 malware attack. (2018). [Online] Available: https:\/\/www.nytimes.com\/2018\/03\/28\/technology\/boeing-wannacry-malware.html."},{"key":"10017_CR22","unstructured":"Team, S.R. (2017). Petya ransomware outbreak: Here\u2019s what you need to know, 10. https:\/\/www.symantec.com\/blogs\/threat-intelligence\/petya-ransomware-wiper."},{"key":"10017_CR23","unstructured":"Meskauskas, T. (2018). Goldeneye ransomware removal instructions, 07. https:\/\/www.pcrisk.com\/removal-guides\/10733-goldeneye-ransomware."},{"key":"10017_CR24","unstructured":"Sponchioni, R. (2016). Ransom.goldeneye, 07. https:\/\/www.symantec.com\/security-center\/writeup\/2016-120715-1834-99."},{"key":"10017_CR25","unstructured":"Labs, M. (2017). Goldeneye ransomware \u2013 the petya\/mischa combo rebranded, 07. https:\/\/blog.malwarebytes.com\/threat-analysis\/2016\/12\/goldeneye-ransomware-the-petyamischa-combo-rebranded\/."},{"key":"10017_CR26","unstructured":"Anand Ajjan, D.P. (2018). Btcware ransomware, 04. https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/factsheets\/sophos-btcware-ransomware-wpna.pdf."},{"key":"10017_CR27","unstructured":"Threat Spotlight. (2017). Defray Ransomeware Hits Healthcare and Education. (accessed 16 Aug 2018). [Online]. Available: https:\/\/threatvector.cylance.com\/en_us\/home\/threat-spotlight-defray-ransomware-hits-healthcare-and-education.html."},{"key":"10017_CR28","unstructured":"Crowe, J. (2017). Alert: Defray ransomware launching extremely personalized attacks, 08. https:\/\/blog.barkly.com\/defray-ransomware-highly-targeted-campaigns."},{"key":"10017_CR29","unstructured":"This Ransomware Demands Nude instead of Bitcoin - Motherboard. (2017). (accessed 24 Aug 2018). [Online]. Available: https:\/\/motherboard.vice.com\/en_us\/article\/yw3w47\/this-ransomware-demands-nudes-instead-of-bitcoin."},{"key":"10017_CR30","unstructured":"Arghire, I. (2018). \u2019redeye\u2019 ransomware destroys files, rewrites mbr, 6. https:\/\/www.securityweek.com\/redeye-ransomware-destroys-files-rewrites-mbr."},{"key":"10017_CR31","unstructured":"Abrams, L. (2018). New saturn ransomware actively infecting victims, 2. https:\/\/www.bleepingcomputer.com\/news\/security\/new-saturn-ransomware-actively-infecting-victims\/."},{"key":"10017_CR32","unstructured":"McAfee. (2019). Threat landscape dashboard scarab - ransomware, 06. https:\/\/www.mcafee.com\/enterprise\/en-us\/threat-center\/threat-landscape-dashboard\/ransomware-details.scarab-ransomware.html."},{"key":"10017_CR33","unstructured":"Hioureas, V. (2018). Scarab ransomware: new variant changes tactics, 1. https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/01\/scarab-ransomware-new-variant-changes-tactics\/."},{"key":"10017_CR34","unstructured":"Salvio, J. (2018). Gandcrab v4.0 analysis: New shell, same old menace. https:\/\/www.fortinet.com\/blog\/threat-research\/gandcrab-v4-0-analysis--new-shell--same-old-menace.html."},{"key":"10017_CR35","unstructured":"Mundo, A., & Gandcrab ransomware puts the pinch on victims, 07. (2018). https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/gandcrab-ransomware-puts-the-pinch-on-victims\/."},{"key":"10017_CR36","unstructured":"Itay Cohen, B.H. (2018). Ryuk ransomware: A targeted campaign break-down, 08. https:\/\/research.checkpoint.com\/ryuk-ransomware-targeted-campaign-break\/."},{"key":"10017_CR37","unstructured":"Infoblox. (2019). Ryuk ransomware cyber report. https:\/\/www.infoblox.com\/wp-content\/uploads\/threat-intelligence-report-ryuk-ransomeware-cyber-report.pdf."},{"key":"10017_CR38","unstructured":"Fakterman, T. (2019). Sodinokibi: The crown prince of ransomware, 08. https:\/\/www.cybereason.com\/blog\/the-sodinokibi-ransomware-attack."},{"key":"10017_CR39","unstructured":"Nocturnus, C. (2019). Sodinokibi: The crown prince of ransomware 08. https:\/\/www.cybereason.com\/blog\/the-sodinokibi-ransomware-attacks."},{"key":"10017_CR40","doi-asserted-by":"crossref","unstructured":"Brown, A., Tuor, A., Hutchinson, B., & Nichols, N. (2018). Recurrent neural network attention mechanisms for interpretable system log anomaly detection. In Proceedings of the First Workshop on Machine Learning for Computing Systems. ACM, pp. 1.","DOI":"10.1145\/3217871.3217872"},{"key":"10017_CR41","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1016\/j.eswa.2016.10.065","volume":"72","author":"T Chen","year":"2017","unstructured":"Chen, T., Xu, R., He, Y., & Wang, X. (2017). Improving sentiment analysis via sentence type classification using bilstm-crf and cnn. Expert Systems with Applications, 72, 221\u2013230.","journal-title":"Expert Systems with Applications"},{"issue":"8","key":"10017_CR42","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural computation, 9(8), 1735\u20131780.","journal-title":"Neural computation"},{"key":"10017_CR43","unstructured":"Huang, Z., Xu, W., & Yu, K. (2015). Bidirectional lstm-crf models for sequence tagging, arXiv:1508.01991."},{"key":"10017_CR44","doi-asserted-by":"crossref","unstructured":"Zhang, X., Xu, Y., Lin, Q., Qiao, B., Zhang, H., Dang, Y., Xie, C., Yang, X., Cheng, Q., Li, Z., & et al. (2019). Robust log-based anomaly detection on unstable log data. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, pp. 807\u2013817.","DOI":"10.1145\/3338906.3338931"},{"key":"10017_CR45","doi-asserted-by":"crossref","unstructured":"Ma, X., & Hovy, E. (2016). End-to-end sequence labeling via bi-directional lstm-cnns-crf, arXiv:1603.01354.","DOI":"10.18653\/v1\/P16-1101"},{"issue":"5","key":"10017_CR46","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1016\/0306-4573(88)90021-0","volume":"24","author":"G Salton","year":"1988","unstructured":"Salton, G., & Buckley, C. (1988). Term-weighting approaches in automatic text retrieval. Information processing & management, 24(5), 513\u2013523.","journal-title":"Information processing & management"},{"key":"10017_CR47","doi-asserted-by":"crossref","unstructured":"Chen, Q., & Bridges, R.A. (2017). Automated behavioral analysis of malware: A case study of wannacry ransomware. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA). IEEE, pp. 454\u2013460.","DOI":"10.1109\/ICMLA.2017.0-119"},{"key":"10017_CR48","doi-asserted-by":"crossref","unstructured":"Chen, Q., Islam, S.R., Haswell, H., & Bridges, R.A. (2019). Automated ransomware behavior analysis: Pattern extraction and early detection. In International Conference on Science of Cyber Security, pp. 199\u2013214. Berlin: Springer.","DOI":"10.1007\/978-3-030-34637-9_15"},{"key":"10017_CR49","unstructured":"FOG Project. (2020). A free open-source network computer cloning and management solution, https:\/\/fogproject.org\/."},{"key":"10017_CR50","unstructured":"Pytorch: From research to production. (2020). https:\/\/pytorch.org\/."},{"issue":"7553","key":"10017_CR51","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436\u2013444.","journal-title":"Nature"},{"key":"10017_CR52","unstructured":"Schalkoff, R.J. (1997). Artificial neural networks. McGraw-Hill Higher Education."},{"issue":"5","key":"10017_CR53","doi-asserted-by":"publisher","first-page":"1114","DOI":"10.3390\/s19051114","volume":"19","author":"L Fernandez Maimo","year":"2019","unstructured":"Fernandez Maimo, L., Huertas Celdran, A., Perales Gomez, A.L., Clemente, G., F\u00e9lix, J., Weimer, J., & Lee, I. (2019). Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors, 19(5), 1114.","journal-title":"Sensors"},{"key":"10017_CR54","unstructured":"Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., & Khayami, R. (2017). Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence, IEEE transactions on emerging topics in computing."},{"key":"10017_CR55","doi-asserted-by":"crossref","unstructured":"Takeuchi, Y., Sakai, K., & Fukumoto, S. (2018). Detecting ransomware using support vector machines. In Proceedings of the 47th International Conference on Parallel Processing Companion. ACM, pp. 1.","DOI":"10.1145\/3229710.3229726"},{"issue":"6","key":"10017_CR56","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3344382","volume":"52","author":"RA Bridges","year":"2019","unstructured":"Bridges, R.A., Glass-Vanderlan, T.R., Iannacone, M.D., Vincent, M.S., & Chen, Q. (2019). A survey of intrusion detection systems leveraging host data. ACM Computing Surveys (CSUR), 52(6), 1\u201335.","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"10017_CR57","unstructured":"Lou, J.G., Fu, Q., Yang, S., Xu, Y., & Li, J. (2010). Mining invariants from console logs for system problem detection. In USENIX Annual Technical Conference. pp. 23\u201325."},{"key":"10017_CR58","doi-asserted-by":"crossref","unstructured":"Xu, W., Huang, L., Fox, A., Patterson, D., & Jordan, M.I. (2009). Detecting large-scale system problems by mining console logs. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. ACM, pp. 117\u2013132.","DOI":"10.1145\/1629575.1629587"},{"key":"10017_CR59","doi-asserted-by":"crossref","unstructured":"Liang, Y., Zhang, Y., Xiong, H., & Sahoo, R. (2007). Failure prediction in ibm bluegene\/l event logs. In Seventh IEEE International Conference on Data Mining (ICDM 2007). IEEE, pp. 583\u2013 588.","DOI":"10.1109\/ICDM.2007.46"},{"key":"10017_CR60","doi-asserted-by":"crossref","unstructured":"Zhang, K., Xu, J., Min, M.R., Jiang, G., Pelechrinis, K., & Zhang, H. (2016). Automated it system failure prediction: A deep learning approach. In 2016 IEEE International Conference on Big Data (Big Data). IEEE, pp.1291\u20131300.","DOI":"10.1109\/BigData.2016.7840733"},{"key":"10017_CR61","doi-asserted-by":"crossref","unstructured":"Ahmadian, M. M., & Shahriari, H. R. (2016). 2entfox: A framework for high survivable ransomwares detection. In 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC). IEEE, pp. 79\u201384.","DOI":"10.1109\/ISCISC.2016.7736455"},{"key":"10017_CR62","unstructured":"Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., & Kirda, E. (2016). {UNVEIL},: A large-scale, automated approach to detecting ransomware. In 25th {USENIX} Security Symposium ({USENIX} Security 16), pp. 757\u2013772."},{"issue":"7","key":"10017_CR63","doi-asserted-by":"publisher","first-page":"3065","DOI":"10.1007\/s11227-016-1825-5","volume":"73","author":"JK Lee","year":"2017","unstructured":"Lee, J.K., Moon, S.Y., & Park, J.H. (2017). Cloudrps: a cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7), 3065\u20133084.","journal-title":"The Journal of Supercomputing"},{"key":"10017_CR64","doi-asserted-by":"crossref","unstructured":"Verma, M.E., & Bridges, R.A. (2018). Defining a metric space of host logs and operational use cases. In 2018 IEEE International Conference on Big Data (Big Data), pp. 5068\u20135077.","DOI":"10.1109\/BigData.2018.8622083"},{"key":"10017_CR65","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.jnca.2018.09.013","volume":"124","author":"D Morato","year":"2018","unstructured":"Morato, D., Berrueta, E., Maga\u00f1aa, E., & Izal, M. (2018). Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications, 124, 14\u201332.","journal-title":"Journal of Network and Computer Applications"},{"key":"10017_CR66","unstructured":"Hardy, W., Chen, L., Hou, S., Ye, Y., & Li, X. (2016). Dl4md: a deep learning framework for intelligent malware detection. In Proceedings of the International Conference on Data Mining (DMIN). The Steering Committee of The World Congress in Computer Science, Computer, p. 61."},{"key":"10017_CR67","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1016\/j.future.2018.07.045","volume":"90","author":"S Homayoun","year":"2019","unstructured":"Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., Khayami, R., Choo, K.K.R., & Newton, D.E. (2019). Drthis: Deep ransomware threat hunting and intelligence system at the fog layer. Future Generation Computer Systems, 90, 94\u2013104.","journal-title":"Future Generation Computer Systems"},{"key":"10017_CR68","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1016\/j.cose.2018.05.010","volume":"77","author":"M Rhode","year":"2018","unstructured":"Rhode, M., Burnap, P., & Jones, K. (2018). Early-stage malware prediction using recurrent neural networks. Computers & Security, 77, 578\u2013594.","journal-title":"Computers & Security"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-020-10017-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-020-10017-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-020-10017-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,13]],"date-time":"2021-06-13T23:07:01Z","timestamp":1623625621000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-020-10017-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,14]]},"references-count":68,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,4]]}},"alternative-id":["10017"],"URL":"https:\/\/doi.org\/10.1007\/s10796-020-10017-4","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,14]]},"assertion":[{"value":"14 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}