{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T21:51:00Z","timestamp":1781819460098,"version":"3.54.5"},"reference-count":33,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T00:00:00Z","timestamp":1778630400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100009526","name":"Amrita Vishwa Vidyapeetham University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100009526","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Array"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1016\/j.array.2026.100911","type":"journal-article","created":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T16:23:13Z","timestamp":1778862193000},"page":"100911","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["GUARD: Graph-based utility for adversarial ransomware detection using structural and behavioural characteristics"],"prefix":"10.1016","volume":"30","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7134-8448","authenticated-orcid":false,"given":"Senthilkumar","family":"Mathi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Gowtham","family":"Ramesh","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dayanand","family":"Vinod","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Abhinav","family":"Surendran","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anand R.","family":"Nair","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sudhay","family":"Senthilkumar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Salil","family":"Kanhere","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.array.2026.100911_bib1","series-title":"A Year on from the Ransomware Task Force Report","author":"Ellis","year":"2022"},{"issue":"5","key":"10.1016\/j.array.2026.100911_bib2","doi-asserted-by":"crossref","first-page":"3432","DOI":"10.1109\/TDSC.2021.3097296","article-title":"DL-FHMC: deep learning-based fine-grained hierarchical learning approach for robust malware classification","volume":"19","author":"Ahmed","year":"2022","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"9","key":"10.1016\/j.array.2026.100911_bib3","doi-asserted-by":"crossref","first-page":"4404","DOI":"10.1007\/s13198-024-02439-z","article-title":"Behavioral based detection of android ransomware using machine learning techniques","volume":"15","author":"Kirubavathi","year":"2024","journal-title":"Int J Syst Assur Eng Manag"},{"key":"10.1016\/j.array.2026.100911_bib4","doi-asserted-by":"crossref","DOI":"10.1016\/j.dss.2020.113400","article-title":"Automated dynamic approach for detecting ransomware using finite-state machine","volume":"138","author":"Ramesh","year":"2020","journal-title":"Decis Support Syst"},{"key":"10.1016\/j.array.2026.100911_bib5","first-page":"6","article-title":"Malware dynamic analysis evasion techniques: a survey","volume":"52","author":"Afianian","year":"2019","journal-title":"ACM Comput Surv"},{"issue":"2019","key":"10.1016\/j.array.2026.100911_bib6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cosrev.2019.01.002","article-title":"A survey on malware analysis and mitigation techniques","volume":"32","author":"Sibi Chakkaravarthy","year":"2019","journal-title":"Comput Sci Rev"},{"issue":"4\u20132","key":"10.1016\/j.array.2026.100911_bib7","doi-asserted-by":"crossref","first-page":"1662","DOI":"10.18517\/ijaseit.8.4-2.6827","article-title":"A survey on malware analysis techniques: static, dynamic, hybrid and memory analysis","volume":"8","author":"Sihwail","year":"2018","journal-title":"Int J Adv Sci Eng Inf Technol"},{"issue":"2019","key":"10.1016\/j.array.2026.100911_bib8","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100911_bib9","doi-asserted-by":"crossref","first-page":"74335","DOI":"10.1109\/ACCESS.2025.3550781","article-title":"From static to AI-Driven detection: a comprehensive review of obfuscated malware techniques","volume":"13","author":"Chandran","year":"2025","journal-title":"IEEE Access"},{"issue":"1","key":"10.1016\/j.array.2026.100911_bib10","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions","volume":"74","author":"Ali Saleh Al-rimy","year":"2018","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100911_bib11","first-page":"6","article-title":"A survey on windows-based ransomware taxonomy and detection mechanisms: case closed?","volume":"54","author":"Moussaileb","year":"2021","journal-title":"ACM Comput Surv"},{"issue":"4","key":"10.1016\/j.array.2026.100911_bib12","doi-asserted-by":"crossref","first-page":"2597","DOI":"10.1007\/s11277-020-07166-9","article-title":"Two-stage ransomware detection using dynamic analysis and machine learning techniques","volume":"112","author":"Hwang","year":"2020","journal-title":"Wirel Pers Commun"},{"key":"10.1016\/j.array.2026.100911_bib13","first-page":"5","article-title":"Dynamic malware analysis in the modern era\u2014A state of the art survey","volume":"52","author":"Or-Meir","year":"2019","journal-title":"ACM Comput Surv"},{"issue":"4","key":"10.1016\/j.array.2026.100911_bib14","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1007\/s11416-011-0152-x","article-title":"Graph-based malware detection using dynamic analysis","volume":"7","author":"Anderson","year":"2011","journal-title":"J Comput Virol"},{"key":"10.1016\/j.array.2026.100911_bib15","series-title":"2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), June 2019","first-page":"52","article-title":"Classifying malware represented as control flow graphs using deep graph convolutional neural network","author":"Yan","year":"2019"},{"key":"10.1016\/j.array.2026.100911_bib16","series-title":"2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), October 2021","first-page":"540","article-title":"Malware classification by learning semantic and structural features of control flow graphs","author":"Wu","year":"2021"},{"key":"10.1016\/j.array.2026.100911_bib17","first-page":"1","article-title":"Hierarchical attention graph embedding networks for binary code similarity against compilation diversity","author":"Wang","year":"2021","journal-title":"Secur Commun Network"},{"key":"10.1016\/j.array.2026.100911_bib18","author":"W\u00fcchner"},{"key":"10.1016\/j.array.2026.100911_bib19","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1002\/cpe.6835","article-title":"Detection of malware applications from centrality measures of syscall graph","volume":"34","author":"Surendran","year":"2022","journal-title":"Concurr Comput"},{"issue":"February 2022","key":"10.1016\/j.array.2026.100911_bib20","article-title":"Jadeite: a novel image-behavior-based approach for Java malware detection using deep learning","volume":"113","author":"Obaidat","year":"2022","journal-title":"Comput Secur"},{"issue":"July 2022","key":"10.1016\/j.array.2026.100911_bib21","article-title":"JStrong: malicious JavaScript detection based on code semantic representation and graph neural network","volume":"118","author":"Fang","year":"2022","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100911_bib22","article-title":"Real-time system call-based ransomware detection","author":"Wen Chew","year":"2024","journal-title":"Int J Inf Secur"},{"key":"10.1016\/j.array.2026.100911_bib23","series-title":"2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), July 2019","first-page":"1296","article-title":"Adversarial learning attacks on graph-based IoT Malware detection systems","author":"Ahmed","year":"2019"},{"key":"10.1016\/j.array.2026.100911_bib25","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TDSC.2022.3173664","article-title":"A knowledge transfer-based semi-supervised federated learning for IoT Malware detection","author":"Pei","year":"2022","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"10.1016\/j.array.2026.100911_bib26","doi-asserted-by":"crossref","first-page":"4881","DOI":"10.1109\/TIFS.2024.3389614","article-title":"MalGNE: enhancing the performance and efficiency of CFG-based malware detector by graph node embedding in low dimension space","volume":"19","author":"Peng","year":"2024","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10.1016\/j.array.2026.100911_bib27","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, October 24, 2016","first-page":"480","article-title":"Scalable graph-based bug search for firmware images","author":"Feng","year":"2016"},{"key":"10.1016\/j.array.2026.100911_bib28","series-title":"2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (2016)","first-page":"303","article-title":"Cryptolock (and drop it): stopping ransomware attacks on user data","author":"Scaife","year":"2016"},{"key":"10.1016\/j.array.2026.100911_bib29","doi-asserted-by":"crossref","first-page":"659","DOI":"10.1109\/SP.2015.46","article-title":"SoK: deep packer inspection: a longitudinal study of the complexity of run-time packers","author":"Ugarte-Pedrero","year":"2015","journal-title":"Proc IEEE Symp Secur Priv 2015-July"},{"key":"10.1016\/j.array.2026.100911_bib30","series-title":"Proceedings of the 32nd Annual Conference on Computer Security Applications","first-page":"336","article-title":"ShieldFS: a self-healing, ransomware-aware filesystem","author":"Continella","year":"2016"},{"key":"10.1016\/j.array.2026.100911_bib31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11416-011-0157-5","article-title":"Shadow attacks: automatically evading system-call-behavior based malware detection","volume":"8","author":"Ma","year":"2012","journal-title":"J Comput Virol"},{"key":"10.1016\/j.array.2026.100911_bib32","doi-asserted-by":"crossref","first-page":"282","DOI":"10.1109\/ICTC49638.2020.9123267","article-title":"Automatically generating Malware summary using semantic behavior graphs (SBGs)","volume":"2020","author":"Yang","year":"2020","journal-title":"2020 Inf Commun Technol Conf (ICTC)"},{"issue":"10","key":"10.1016\/j.array.2026.100911_bib33","doi-asserted-by":"crossref","first-page":"5980","DOI":"10.1109\/TPAMI.2021.3083769","article-title":"Attack to fool and explain deep networks","volume":"44","author":"Akhtar","year":"2022","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"10.1016\/j.array.2026.100911_bib34","doi-asserted-by":"crossref","first-page":"14410","DOI":"10.1109\/ACCESS.2018.2807385","article-title":"Threat of adversarial attacks on deep learning in computer vision: a survey","volume":"6","author":"Akhtar","year":"2018","journal-title":"IEEE Access"}],"container-title":["Array"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2590005626002341?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2590005626002341?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T20:51:24Z","timestamp":1781815884000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2590005626002341"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,7]]},"references-count":33,"alternative-id":["S2590005626002341"],"URL":"https:\/\/doi.org\/10.1016\/j.array.2026.100911","relation":{},"ISSN":["2590-0056"],"issn-type":[{"value":"2590-0056","type":"print"}],"subject":[],"published":{"date-parts":[[2026,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"GUARD: Graph-based utility for adversarial ransomware detection using structural and behavioural characteristics","name":"articletitle","label":"Article Title"},{"value":"Array","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.array.2026.100911","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier Inc.","name":"copyright","label":"Copyright"}],"article-number":"100911"}}