{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T18:27:53Z","timestamp":1773772073583,"version":"3.50.1"},"reference-count":71,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Fondo Regional para la Innovaci\u00f3n Digital en Am\u00e9rica Latina y el Caribe"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3580395","type":"journal-article","created":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:41:34Z","timestamp":1750182094000},"page":"108108-108126","source":"Crossref","is-referenced-by-count":5,"title":["Ransomware Family Attribution With ML: A Comprehensive Evaluation of Datasets Quality, Models Comparison, and a Simulated Deployment"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-9387-2165","authenticated-orcid":false,"given":"Emilio","family":"Rios-Ochoa","sequence":"first","affiliation":[{"name":"School of Engineering and Sciences, Tecnol&#x00F3;gico de Monterrey, Monterrey, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7678-5487","authenticated-orcid":false,"given":"Jes\u00fas Arturo","family":"P\u00e9rez-D\u00edaz","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnol&#x00F3;gico de Monterrey, Monterrey, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6864-8557","authenticated-orcid":false,"given":"Enrique","family":"Garc\u00eda-Ceja","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnol&#x00F3;gico de Monterrey, Monterrey, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5877-6715","authenticated-orcid":false,"given":"Gerardo","family":"Rodr\u00edguez-Hern\u00e1ndez","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnol&#x00F3;gico de Monterrey, Monterrey, Mexico"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Cyber Security: Global Attention on the Rise As Cyber Attacks Escalate","author":"Trebak","year":"2022"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3514229"},{"issue":"1","key":"ref3","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1016\/j.iotcps.2023.12.001","article-title":"Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges","volume":"4","author":"Benmalek","year":"2024","journal-title":"Internet Things Cyber-Phys. Syst."},{"key":"ref4","article-title":"Cybersecurity and cyber-terrorism challenges to energy-related infrastructures\u2013 cybersecurity frameworks and economics\u2013comprehensive review","volume":"45","author":"Venkatachary","year":"2024","journal-title":"Int. J. Crit. Infrastruct. Protection"},{"key":"ref5","article-title":"ENISA threat landscape 2023\u2013July 2022 to June 2023","author":"Lella","year":"2023"},{"key":"ref6","volume-title":"The 2023 Global Ransomware Report","year":"2023"},{"key":"ref7","volume-title":"The State of Ransomware 2024","year":"2024"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.23919\/MIPRO.2019.8756877"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-4255-1_3"},{"key":"ref10","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103670","article-title":"Deception in double extortion ransomware attacks: An analysis of profitability and credibility","volume":"138","author":"Meurs","year":"2024","journal-title":"Comput. Secur."},{"key":"ref11","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1016\/j.future.2018.07.052","article-title":"Classification of ransomware families with machine learning based onN-gram of opcodes","volume":"90","author":"Zhang","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"issue":"3","key":"ref12","first-page":"100","article-title":"Challenge of malware analysis: Malware obfuscation techniques","volume":"7","author":"Singh","year":"2018","journal-title":"Int. J. Inf. Secur. Sci."},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3268535"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3461965"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3397921"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2025.3556187"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2017.8125850"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3279819"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","article-title":"R-locker: Thwarting ransomware action through a honeyfile-based approach","volume":"73","author":"G\u00f3mez-Hern\u00e1ndez","year":"2018","journal-title":"Comput. Secur."},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3691340"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2017.2756908"},{"key":"ref22","first-page":"1","article-title":"Machine learning-based ransomware classification of Bitcoin transactions","volume":"2023","author":"Alsaif","year":"2023","journal-title":"Appl. Comput. Intell. Soft Comput."},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9005540"},{"key":"ref24","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.120017","article-title":"SwiftR: Cross-platform ransomware fingerprinting using hierarchical neural networks on hybrid features","volume":"225","author":"Karbab","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-022-08504-6"},{"key":"ref26","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2022.108744","article-title":"Behavior-based ransomware classification: A particle swarm optimization wrapper-based approach for feature selection","volume":"121","author":"Abbasi","year":"2022","journal-title":"Appl. Soft Comput."},{"issue":"1","key":"ref27","doi-asserted-by":"crossref","first-page":"46","DOI":"10.3390\/info15010046","article-title":"A holistic approach to ransomware classification: Leveraging static and dynamic analysis with visualization","volume":"15","author":"Yamany","year":"2024","journal-title":"Information"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00224"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3112056"},{"key":"ref30","article-title":"A comprehensive analysis combining structural features for detection of new ransomware families","volume":"81","author":"Moreira","year":"2024","journal-title":"J. Inf. Secur. Appl."},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-19-2347-0_48"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TransAI51903.2021.00012"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS56928.2023.10154378"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2984187"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-191346"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.5220\/0010908200003120"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3607505.3607510"},{"issue":"10","key":"ref38","doi-asserted-by":"crossref","first-page":"405","DOI":"10.3390\/info12100405","article-title":"UGRansome1819: A novel dataset for anomaly detection and zero-day threats","volume":"12","author":"Nkongolo","year":"2021","journal-title":"Information"},{"key":"ref39","article-title":"RanSAP: An open dataset of ransomware storage access patterns for training machine learning models","volume":"40","author":"Hirano","year":"2022","journal-title":"Forensic Sci. International: Digit. Invest."},{"key":"ref40","article-title":"Automated dynamic analysis of ransomware: Benefits, limitations and use for detection","author":"Sgandurra","year":"2016","journal-title":"arXiv:1609.03020"},{"key":"ref41","volume-title":"C4.5: Programs for Machine Learning","author":"Quinlan","year":"1993"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"323","DOI":"10.1016\/j.procs.2018.05.186","article-title":"Rank allocation to J48 group of decision tree classifiers using binary and multiclass intrusion detection datasets","volume":"132","author":"Panigrahi","year":"2018","journal-title":"Proc. Comput. Sci."},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3204171"},{"key":"ref44","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103653","article-title":"A survey on the evolution of fileless attacks and detection techniques","volume":"137","author":"Liu","year":"2024","journal-title":"Comput. Secur."},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxad005"},{"key":"ref46","doi-asserted-by":"crossref","DOI":"10.1016\/j.artmed.2020.101987","article-title":"Overly optimistic prediction results on imbalanced data: A case study of flaws and benefits when applying over-sampling","volume":"111","author":"Vandewiele","year":"2021","journal-title":"Artif. Intell. Med."},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.243"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ICICCT.2018.8473346"},{"key":"ref49","volume-title":"Ransomware execution provenance dataset (reprod)","author":"Gehani"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/505248.506010"},{"key":"ref51","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1016\/j.patrec.2017.08.002","article-title":"Measuring the class-imbalance extent of multi-class problems","volume":"98","author":"Ortigosa-Hern\u00e1ndez","year":"2017","journal-title":"Pattern Recognit. Lett."},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/s10489-022-03395-6"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"ref54","article-title":"Automatic differentiation in PyTorch","author":"Paszke","year":"2017"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010920819831"},{"key":"ref56","article-title":"NapierOne: A modern mixed file data set alternative to Govdocs1","volume":"40","author":"Davies","year":"2022","journal-title":"Forensic Sci. International, Digit. Invest."},{"key":"ref57","volume-title":"Malwarebazaar Database","year":"2025"},{"key":"ref58","volume-title":"Virusshare.com - Because Sharing is Caring","year":"2025"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/access.2025.3580395"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/JBHI.2022.3187215"},{"key":"ref61","volume-title":"Windows 7\u2013product Lifecycle","year":"2024"},{"key":"ref62","volume-title":"Windows Version Market Share Worldwide (desktop)","year":"2025"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3568993"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime57793.2022.10142138"},{"key":"ref65","volume-title":"What is Triple Extortion Ransomware?","year":"2023"},{"key":"ref66","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2022.119133","article-title":"Fileless malware threats: Recent advances, analysis approach through memory forensics and research challenges","volume":"214","author":"Kara","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref67","volume-title":"Vmware Critical Ransomware Recovery Capabilities","year":"2024"},{"key":"ref68","volume-title":"Cloud Native Threat Report 2023","year":"2023"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev56634.2023.00034"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/3687300"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-97-5504-2_24"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11037743.pdf?arnumber=11037743","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,28]],"date-time":"2025-06-28T06:02:17Z","timestamp":1751090537000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11037743\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":71,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3580395","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}