{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T17:05:50Z","timestamp":1781370350021,"version":"3.54.1"},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T00:00:00Z","timestamp":1650844800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T00:00:00Z","timestamp":1650844800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-022-00425-2","type":"journal-article","created":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T16:03:11Z","timestamp":1650902591000},"page":"407-424","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["An effective ransomware detection approach in a cloud environment using volatile memory features"],"prefix":"10.1007","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6241-7659","authenticated-orcid":false,"family":"Prachi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sumit","family":"Kumar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,4,25]]},"reference":[{"key":"425_CR1","doi-asserted-by":"crossref","unstructured":"Alhawi, O.M., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for windows ransomware network traffic detection. In: Cyber threat intelligence, pp. 93\u2013106. Springer, Cham (2018)","DOI":"10.1007\/978-3-319-73951-9_5"},{"key":"425_CR2","doi-asserted-by":"crossref","unstructured":"Andronio, N., Zanero, S., Maggi, F.: Heldroid: Dissecting and detecting mobile ransomware. In: international symposium on recent advances in intrusion detection, pp. 382\u2013404. Springer, Cham. (2015)","DOI":"10.1007\/978-3-319-26362-5_18"},{"key":"425_CR3","doi-asserted-by":"crossref","unstructured":"Barabosch, T., Bergmann, N., Dombeck, A., Padilla, E.: Quincy: Detecting host-based code injection attacks in memory dumps. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 209\u2013229. Springer, Cham (2017)","DOI":"10.1007\/978-3-319-60876-1_10"},{"issue":"14","key":"425_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.17485\/ijst\/2016\/v9i14\/82936","volume":"9","author":"A Bhardwaj","year":"2016","unstructured":"Bhardwaj, A., Avasthi, V., Sastry, H., Subrahmanyam, G.V.B.: Ransomware digital extortion: a rising new age threat. Indian J. Sci. Technol. 9(14), 1\u20135 (2016)","journal-title":"Indian J. Sci. Technol."},{"issue":"6","key":"425_CR5","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MNET.2016.1600110NM","volume":"30","author":"K Cabaj","year":"2016","unstructured":"Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Network 30(6), 14\u201320 (2016)","journal-title":"IEEE Network"},{"issue":"12","key":"425_CR6","doi-asserted-by":"publisher","first-page":"1230","DOI":"10.1109\/TSE.2018.2834344","volume":"45","author":"G Canfora","year":"2018","unstructured":"Canfora, G., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Leila: formal tool for identifying mobile malicious behaviour. IEEE Trans. Software Eng. 45(12), 1230\u20131252 (2018)","journal-title":"IEEE Trans. Software Eng."},{"key":"425_CR7","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1016\/j.eswa.2018.02.039","volume":"102","author":"A Cohen","year":"2018","unstructured":"Cohen, A., Nissim, N.: Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Syst. Appl. 102, 158\u2013178 (2018)","journal-title":"Expert Syst. Appl."},{"key":"425_CR8","unstructured":"Crowe, J.: 2018 WannaCry ransomware statistics: The numbers behind the outbreak. Accessed March 20, 2020. https:\/\/ blog.barkly.com\/wannacry-ransomware-statistics-2017."},{"key":"425_CR9","unstructured":"Emm, D., Unuchek, R. Kruglov, K.: Kaspersky Security Bulletin 2016: Review of the year. Kaspersky Labs. Accessed March 20, 2020. https:\/\/kasperskycontenthub.com\/securelist\/files\/2016\/12\/Kaspersky_Security_Bulletin_2016_Review_ENG.pdf. (2016)"},{"key":"425_CR10","unstructured":"Feng, Y., Liu, C., Liu, B.: Poster: A new approach to detecting ransomware with deception. In: 38th IEEE Symposium on Security and Privacy Workshops, p. 39 (2017)"},{"issue":"4","key":"425_CR11","doi-asserted-by":"publisher","first-page":"2597","DOI":"10.1007\/s11277-020-07166-9","volume":"112","author":"J Hwang","year":"2020","unstructured":"Hwang, J., Kim, J., Lee, S., Kim, K.: Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Pers. Commun. 112(4), 2597\u20132609 (2020)","journal-title":"Wireless Pers. Commun."},{"key":"425_CR12","doi-asserted-by":"crossref","unstructured":"Kim, S., Kim, J.: POSTER: Mining with Proof-of-Probability in blockchain. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 841\u2013843 (2018)","DOI":"10.1145\/3196494.3201592"},{"key":"425_CR13","unstructured":"Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: {UNVEIL}: A large-scale, automated approach to detecting ransomware. In: 25th {USENIX} Security Symposium ({USENIX} Security 16), pp. 757\u2013772 (2016)"},{"key":"425_CR14","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: Defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599\u2013611 (2017)","DOI":"10.1145\/3052973.3053035"},{"key":"425_CR15","doi-asserted-by":"crossref","unstructured":"Maiorca, D., Mercaldo, F., Giacinto, G., Visaggio, C.A., Martinelli, F. R-PackDroid: API package-based characterization and detection of mobile ransomware. In: Proceedings of the symposium on applied computing, pp. 1718\u20131723 (2017)","DOI":"10.1145\/3019612.3019793"},{"key":"425_CR16","doi-asserted-by":"crossref","unstructured":"Maniath, S., Ashok, A., Poornachandran, P., Sujadevi, V.G., AU, P.S., Jan, S.: Deep learning LSTM based ransomware detection. In: 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE), pp. 442\u2013446. IEEE (2017)","DOI":"10.1109\/RDCAPE.2017.8358312"},{"key":"425_CR17","doi-asserted-by":"crossref","unstructured":"Mehnaz, S., Mudgerikar, A., Bertino, E.: Rwguard: A real-time detection system against cryptographic ransomware. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 114\u2013136. Springer, Cham (2018)","DOI":"10.1007\/978-3-030-00470-5_6"},{"key":"425_CR18","doi-asserted-by":"crossref","unstructured":"Mercaldo, F.: A framework for supporting ransomware detection and prevention based on hybrid analysis. J. Comput. Virol. Hacking Tech., 17, 1\u20137 (2021)","DOI":"10.1007\/s11416-021-00388-w"},{"issue":"1","key":"425_CR19","doi-asserted-by":"publisher","first-page":"79","DOI":"10.17703\/JCCT.2016.2.1.79","volume":"2","author":"J Moon","year":"2016","unstructured":"Moon, J., Chang, Y.: Ransomware analysis and method for minimize the damage. J. Converg. Cult. Technol. 2(1), 79\u201385 (2016)","journal-title":"J. Converg. Cult. Technol."},{"key":"425_CR20","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.jnca.2018.09.013","volume":"124","author":"D Morato","year":"2018","unstructured":"Morato, D., Berrueta, E., Maga\u00f1a, E., Izal, M.: Ransomware early detection by the analysis of file sharing traffic. J. Netw. Comput. Appl. 124, 14\u201332 (2018)","journal-title":"J. Netw. Comput. Appl."},{"key":"425_CR21","unstructured":"Nieuwenhuizen, D.: A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper (2017)"},{"key":"425_CR22","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.knosys.2018.04.033","volume":"153","author":"N Nissim","year":"2018","unstructured":"Nissim, N., Lapidot, Y., Cohen, A., Elovici, Y.: Trusted system-calls analysis methodology aimed at detection of compromised virtual machines using sequential mining. Knowl.-Based Syst. 153, 147\u2013175 (2018)","journal-title":"Knowl.-Based Syst."},{"key":"425_CR23","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312. IEEE (2016)","DOI":"10.1109\/ICDCS.2016.46"},{"key":"425_CR24","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020 (2016)"},{"key":"425_CR25","doi-asserted-by":"publisher","first-page":"301168","DOI":"10.1016\/j.fsidi.2021.301168","volume":"37","author":"S Sharma","year":"2021","unstructured":"Sharma, S., Krishna, C.R., Kumar, R.: RansomDroid: Forensic analysis and detection of Android Ransomware using unsupervised machine learning technique. Forensic Sci Int Digital Investig 37, 301168 (2021)","journal-title":"Forensic Sci Int Digital Investig"},{"key":"425_CR26","doi-asserted-by":"crossref","unstructured":"Thomas, S., Sherly, K.K., Dija, S.: Extraction of memory forensic artifacts from windows 7 ram image. In 2013 IEEE Conference on Information & Communication Technologies, pp. 937\u2013942. IEEE (2013)","DOI":"10.1109\/CICT.2013.6558230"},{"key":"425_CR27","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.jnca.2017.08.010","volume":"97","author":"JM Vidal","year":"2017","unstructured":"Vidal, J.M., Orozco, A.L.S., Villalba, L.J.G.: Alert correlation framework for malware detection by anomaly-based packet payload analysis. J. Netw. Comput. Appl. 97, 11\u201322 (2017)","journal-title":"J. Netw. Comput. Appl."},{"key":"425_CR28","doi-asserted-by":"crossref","unstructured":"Vinayakumar, R., Soman, K.P., Velan, K.S., Ganorkar, S.: Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259\u2013265. IEEE (2017)","DOI":"10.1109\/ICACCI.2017.8125850"},{"key":"425_CR29","doi-asserted-by":"crossref","unstructured":"Zhang, S., Wang, L., Zhang, L.: Extracting windows registry information from physical memory. In: 2011 3rd International Conference on Computer Research and Development, Vol. 2, pp. 85\u201389. IEEE. (2011)","DOI":"10.1109\/ICCRD.2011.5764089"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-022-00425-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-022-00425-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-022-00425-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,22]],"date-time":"2024-09-22T22:39:47Z","timestamp":1727044787000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-022-00425-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,25]]},"references-count":29,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["425"],"URL":"https:\/\/doi.org\/10.1007\/s11416-022-00425-2","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,25]]},"assertion":[{"value":"1 June 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 March 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 April 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}