{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T01:55:30Z","timestamp":1769738130997,"version":"3.49.0"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,4,1]],"date-time":"2025-04-01T00:00:00Z","timestamp":1743465600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,4,1]],"date-time":"2025-04-01T00:00:00Z","timestamp":1743465600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"DOI":"10.1007\/s11227-025-07151-8","type":"journal-article","created":{"date-parts":[[2025,4,4]],"date-time":"2025-04-04T00:11:48Z","timestamp":1743725508000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Ransomware detection with CNN and deep learning based on multiple features of portable executable files"],"prefix":"10.1007","volume":"81","author":[{"given":"Chia-Cheng","family":"Yang","sequence":"first","affiliation":[]},{"given":"Jia-Ming","family":"Hsu","sequence":"additional","affiliation":[]},{"given":"Jenq-Shiou","family":"Leu","sequence":"additional","affiliation":[]},{"given":"Wen-Bin","family":"Hsieh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,1]]},"reference":[{"key":"7151_CR1","unstructured":"Incorporated TM (2020) A constant state of flux: Trend micro 2020 annual cybersecurity report [online]"},{"issue":"1","key":"7151_CR2","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1049\/ise2.12004","volume":"15","author":"Y Lemmou","year":"2021","unstructured":"Lemmou Y, Lanet JL, Souidi EM (2021) A behavioural in-depth analysis of ransomware infection. IET Inf Sec 15(1):38\u201358","journal-title":"IET Inf Sec"},{"key":"7151_CR3","unstructured":"T. M. Incorporated How organizations can protect against new cerber variations [online]"},{"key":"7151_CR4","unstructured":"Janus Agcaoili B. G. An analysis of the nefilim ransomware [online]"},{"issue":"1","key":"7151_CR5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11416-015-0261-z","volume":"13","author":"A Damodaran","year":"2017","unstructured":"Damodaran A, Di Troia F, Visaggio CA, Austin TH, Stamp M (2017) A comparison of static, dynamic, and hybrid analysis for malware detection. J Computer Virol Hack Tech 13(1):1\u201312","journal-title":"J Computer Virol Hack Tech"},{"key":"7151_CR6","first-page":"113","volume":"1","author":"M Akbanov","year":"2019","unstructured":"Akbanov M, Vassilakis VG, Logothetis MD (2019) WannaCry ransomware: analysis of infection, persistence, recovery prevention and propagation mechanisms. J Telecommun Inf Technol 1:113\u201324","journal-title":"J Telecommun Inf Technol"},{"key":"7151_CR7","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2020.102753","volume":"167","author":"YA Ahmed","year":"2020","unstructured":"Ahmed YA, Ko\u00e7er B, Huda S, Al-rimy BAS, Hassan MM (2020) A system call refinement-based enhanced minimum redundancy maximum relevance method for ransomware early detection. J Netw Comput Appl 167:102753","journal-title":"J Netw Comput Appl"},{"key":"7151_CR8","volume-title":"International Conference on Cloud Computing","author":"A McDole","year":"2020","unstructured":"McDole A, Abdelsalam M, Gupta M, Mittal S (2020) Analyzing CNN based behavioural malware detection techniques on cloud IAAS. In: International Conference on Cloud Computing, Springer"},{"key":"7151_CR9","doi-asserted-by":"crossref","unstructured":"He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition","DOI":"10.1109\/CVPR.2016.90"},{"issue":"10","key":"7151_CR10","first-page":"1995","volume":"3361","author":"Y LeCun","year":"1995","unstructured":"LeCun Y, Bengio Y et al (1995) Convolutional networks for images, speech, and time series. Handbook Brain Theory Neural Netw 3361(10):1995","journal-title":"Handbook Brain Theory Neural Netw"},{"key":"7151_CR11","unstructured":"Microsoft. Pe format [online]"},{"key":"7151_CR12","volume":"60","author":"T Rezaei","year":"2021","unstructured":"Rezaei T, Manavi F, Hamzeh A (2021) A pe header-based method for malware detection using clustering and deep embedding techniques. J Inf Sec Appl 60:102876","journal-title":"J Inf Sec Appl"},{"issue":"3","key":"7151_CR13","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1109\/3477.764879","volume":"29","author":"K Krishna","year":"1999","unstructured":"Krishna K, Murty MN (1999) Genetic k-means algorithm. IEEE Transa Syst, Man, Cybern Part B (Cybernetics) 29(3):433\u2013439","journal-title":"IEEE Transa Syst, Man, Cybern Part B (Cybernetics)"},{"key":"7151_CR14","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2019.113022","volume":"143","author":"M Wadkar","year":"2020","unstructured":"Wadkar M, Di Troia F, Stamp M (2020) Detecting malware evolution using support vector machines. Expert Syst Appl 143:113022","journal-title":"Expert Syst Appl"},{"key":"7151_CR15","doi-asserted-by":"crossref","unstructured":"Poudyal S, Subedi KP, Dasgupta D (2018) A framework for analyzing ransomware using machine learning. In: 2018 IEEE Symposium Series on Computational Intelligence (SSCI)","DOI":"10.1109\/SSCI.2018.8628743"},{"key":"7151_CR16","volume-title":"Leveraging support vector machine for opcode density based detection of crypto-ransomware. InCyber threat intelligence","author":"J Baldwin","year":"2018","unstructured":"Baldwin J, Dehghantanha A (2018) Leveraging support vector machine for opcode density based detection of crypto-ransomware. InCyber threat intelligence. Springer International Publishing, Cham"},{"key":"7151_CR17","volume-title":"2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)","author":"A Yewale","year":"2016","unstructured":"Yewale A, Singh M (2016) Malware detection based on opcode frequency. In: 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), IEEE"},{"key":"7151_CR18","first-page":"1","volume-title":"2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","author":"AI Elkhawas","year":"2018","unstructured":"Elkhawas AI, Abdelbaki N (2018) Malware detection using opcode trigram sequence with SVM. In: 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), IEEE, pp. 1\u20136"},{"issue":"4","key":"7151_CR19","first-page":"467","volume":"18","author":"PF Brown","year":"1992","unstructured":"Brown PF, Della Pietra VJ, Desouza PV, Lai JC, Mercer RL (1992) Class-based n-gram models of natural language. Comput Linguist 18(4):467\u2013480","journal-title":"Comput Linguist"},{"issue":"3","key":"7151_CR20","first-page":"273","volume":"20","author":"C Cortes","year":"1995","unstructured":"Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273\u2013297","journal-title":"Mach Learn"},{"key":"7151_CR21","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1016\/j.future.2018.07.052","volume":"90","author":"H Zhang","year":"2019","unstructured":"Zhang H, Xiao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based on n-gram of opcodes. Futur Gener Comput Syst 90:211\u2013221","journal-title":"Futur Gener Comput Syst"},{"key":"7151_CR22","unstructured":"Ramos J et al (2003) Using tf-idf to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning"},{"key":"7151_CR23","unstructured":"Poudyal S, Dasgupta D, Akhtar Z, Gupta K (2019) A multi-level ransomware detection framework using natural language processing and machine learning. In: 14th International Conference on Malicious and Unwanted Software\u201d MALCON, no. October 2015,"},{"key":"7151_CR24","doi-asserted-by":"crossref","first-page":"122532","DOI":"10.1109\/ACCESS.2021.3109260","volume":"9","author":"S Poudyal","year":"2021","unstructured":"Poudyal S, Dasgupta D (2021) Analysis of crypto-ransomware using ml-based multi-level profiling. IEEE Access 9:122532\u2013122547","journal-title":"IEEE Access"},{"issue":"18","key":"7151_CR25","doi-asserted-by":"crossref","first-page":"16134","DOI":"10.1109\/JIOT.2023.3267337","volume":"10","author":"Z Yu","year":"2023","unstructured":"Yu Z, Li S, Bai Y, Han W, Wu X, Tian Z (2023) Remsf: a robust ensemble model of malware detection based on semantic feature fusion. IEEE Int Things J 10(18):16134\u201316143","journal-title":"IEEE Int Things J"},{"key":"7151_CR26","doi-asserted-by":"crossref","first-page":"81017","DOI":"10.1109\/ACCESS.2024.3409937","volume":"12","author":"HH Al-Khshali","year":"2024","unstructured":"Al-Khshali HH, Ilyas M, Sohrab F, Gabbouj M (2024) Malware detection with subspace learning-based one-class classification. IEEE Access 12:81017\u201381029","journal-title":"IEEE Access"},{"key":"7151_CR27","doi-asserted-by":"crossref","unstructured":"Lucas K, Sharif M, Bauer L, Reiter MK, Shintre S (2021) Malware makeover: Breaking ml-based static analysis by modifying executable bytes. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","DOI":"10.1145\/3433210.3453086"},{"key":"7151_CR28","doi-asserted-by":"crossref","first-page":"270","DOI":"10.1109\/ICICIP.2014.7010353","volume-title":"Fifth International Conference on Intelligent Control and Information Processing","author":"Y Gao","year":"2014","unstructured":"Gao Y, Lu Z, Luo Y (2014) Survey on malware anti-analysis. In: Fifth International Conference on Intelligent Control and Information Processing. IEEE, pp. 270\u2013275"},{"issue":"5","key":"7151_CR29","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1109\/MSP.2008.126","volume":"6","author":"W Yan","year":"2008","unstructured":"Yan W, Zhang Z, Ansari N (2008) Revealing packed malware. IEEE seCurity PrivaCy 6(5):65\u20139","journal-title":"IEEE seCurity PrivaCy"},{"key":"7151_CR30","unstructured":"Redmon J, Farhadi A (2018) Yolov3: An incremental improvement, arXiv preprint arXiv:1804.02767"},{"key":"7151_CR31","unstructured":"Devlin J, Hang M-W, Lee K, Toutanova K (2019) Bert: Pre-training of deep bidirectional transformers for language understanding, arXiv preprint arXiv:1810.04805"},{"key":"7151_CR32","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101748","volume":"92","author":"D Vasan","year":"2020","unstructured":"Vasan D, Alazab M, Wassan S, Safaei B, Zheng Q (2020) Image-based malware classification using ensemble of cnn architectures (IMCEC). Computers Security 92:101748","journal-title":"Computers Security"},{"key":"7151_CR33","doi-asserted-by":"crossref","first-page":"708","DOI":"10.1016\/j.future.2019.09.025","volume":"110","author":"B Zhang","year":"2020","unstructured":"Zhang B, Xiao W, Xiao X, Sangaiah AK, Zhang W, Zhang J (2020) Ransomware classification using patch-based cnn and self-attention network on embedded n-grams of opcodes. Futur Gener Comput Syst 110:708\u2013720","journal-title":"Futur Gener Comput Syst"},{"issue":"2","key":"7151_CR34","first-page":"1057","volume":"9","author":"SL SD","year":"2019","unstructured":"SL SD, Jaidhar CD (2019) Windows malware detector using convolutional neural network based on visualization images. IEEE Transa Emerg Top Comput 9(2):1057\u20131069.","journal-title":"IEEE Transa Emerg Top Comput"},{"issue":"10","key":"7151_CR35","doi-asserted-by":"crossref","first-page":"8560","DOI":"10.1109\/JIOT.2022.3194881","volume":"10","author":"P Musikawan","year":"2023","unstructured":"Musikawan P, Kongsorot Y, You I, So-In C (2023) An enhanced deep learning neural network for the detection and identification of android malware. IEEE Int Things J 10(10):8560\u20138577","journal-title":"IEEE Int Things J"},{"key":"7151_CR36","doi-asserted-by":"crossref","first-page":"104317","DOI":"10.1109\/ACCESS.2024.3435362","volume":"12","author":"Y Liu","year":"2024","unstructured":"Liu Y, Fan H, Zhao J, Zhang J, Yin X (2024) Efficient and generalized image-based cnn algorithm for multi-class malware detection. IEEE Access 12:104317\u2013104332","journal-title":"IEEE Access"},{"key":"7151_CR37","unstructured":"Carrera E. pefile [online]"},{"key":"7151_CR38","unstructured":"Quynh NA. capstone [online]"},{"key":"7151_CR39","unstructured":"R\u00e9nyi A (1961) On measures of entropy and information. In: Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Contributions to the Theory of Statistics, University of California Press, pp. 547\u2013561"},{"key":"7151_CR40","volume-title":"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software","author":"M Sikorski","year":"2012","unstructured":"Sikorski M, Honig A (2012) Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st edn. No Starch Press, San Francisco","edition":"1"},{"key":"7151_CR41","doi-asserted-by":"crossref","first-page":"39363","DOI":"10.1109\/ACCESS.2018.2855127","volume":"6","author":"Y Zhao","year":"2018","unstructured":"Zhao Y, Li G, Xie W, Jia W, Min H, Liu X (2018) Gun: Gradual upsampling network for single image super-resolution. IEEE Access 6:39363\u201339374","journal-title":"IEEE Access"},{"key":"7151_CR42","doi-asserted-by":"crossref","first-page":"373","DOI":"10.1109\/ICME.2017.8019447","volume-title":"2017 IEEE International Conference on Multimedia and Expo (ICME)","author":"S Pouyanfar","year":"2017","unstructured":"Pouyanfar S, Chen S-C, Shyu M-L (2017) An efficient deep residual-inception network for multimedia classification. In: 2017 IEEE International Conference on Multimedia and Expo (ICME). IEEE, pp. 373\u2013378"},{"key":"7151_CR43","unstructured":"Limited RC. pyqt [online]"},{"key":"7151_CR44","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1016\/j.patcog.2019.02.023","volume":"91","author":"A Luque","year":"2019","unstructured":"Luque A, Carrasco A, Mart\u00edn A, de Las Heras A (2019) The impact of class imbalance in classification performance metrics based on the binary confusion matrix. Patt Recognit 91:216\u201331","journal-title":"Patt Recognit"},{"key":"7151_CR45","unstructured":"abuse.ch. Malwarebazaar [online]"},{"key":"7151_CR46","unstructured":"ANY.RUN. Any.run [online]"},{"key":"7151_CR47","unstructured":"virustotal. virustotal [online]"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-07151-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-025-07151-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-07151-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,6]],"date-time":"2025-04-06T03:55:10Z","timestamp":1743911710000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-025-07151-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,1]]},"references-count":47,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2025,4]]}},"alternative-id":["7151"],"URL":"https:\/\/doi.org\/10.1007\/s11227-025-07151-8","relation":{},"ISSN":["1573-0484"],"issn-type":[{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,1]]},"assertion":[{"value":"2 March 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 April 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"680"}}