{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:39:44Z","timestamp":1775745584576,"version":"3.50.1"},"reference-count":26,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsacw69556.2025.00058","type":"proceedings-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T19:56:13Z","timestamp":1773086173000},"page":"491-500","source":"Crossref","is-referenced-by-count":1,"title":["Ransomware in Active Directory: A Dataset and Analysis of Early-Stage Behavior"],"prefix":"10.1109","author":[{"given":"Prajna","family":"Bhandary","sequence":"first","affiliation":[{"name":"University of Maryland Baltimore County (UMBC),Computer Science and Electrical Engineering Department,Baltimore,MD,USA,21250"}]},{"given":"Charles","family":"Nicholas","sequence":"additional","affiliation":[{"name":"University of Maryland Baltimore County (UMBC),Computer Science and Electrical Engineering Department,Baltimore,MD,USA,21250"}]},{"given":"Robert J.","family":"Joyce","sequence":"additional","affiliation":[{"name":"University of Maryland Baltimore County (UMBC),Computer Science and Electrical Engineering Department,Baltimore,MD,USA,21250"}]},{"given":"Bojing","family":"Li","sequence":"additional","affiliation":[{"name":"University of Maryland Baltimore County (UMBC),Computer Science and Electrical Engineering Department,Baltimore,MD,USA,21250"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Ransomware Attack: First 30 Minutes","volume-title":"Valydex"},{"key":"ref2","article-title":"Ransomware Attack: Your First 24 Hours Are Critical","volume-title":"Commvault Blogs"},{"key":"ref3","doi-asserted-by":"crossref","DOI":"10.22541\/au.172779663.36925703\/v1","article-title":"Automated Detection of Ransomware in Windows Active Directory Domain Services Using Log Analysis and Machine Learning","author":"Keyogeg","year":"2024"},{"issue":"3","key":"ref4","first-page":"953","article-title":"Ransomware: Analysing the Impact on Windows Active Directory Domain Services","volume-title":"Sensors","volume":"22","author":"McDonald","year":"2022"},{"key":"ref5","first-page":"44","article-title":"Ransomware behavioural analysis on windows platforms","volume-title":"Journal of Information Security and Applications","volume":"40","author":"Hampton","year":"2018"},{"issue":"3","key":"ref6","first-page":"1053","article-title":"Dynamic Feature Dataset for Ransomware Detection Using Machine Learning Algorithms","volume-title":"Sensors","volume":"23","author":"Herrera-Silva","year":"2023"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.47738\/jads.v5i1.161"},{"key":"ref8","doi-asserted-by":"crossref","DOI":"10.22541\/au.172426891.14153527\/v1","article-title":"Ransomware detection using aggregated random forest technique with recent variants","volume-title":"Proc. Int. Conf. on Cybersecurity","author":"Rafapa"},{"key":"ref9","doi-asserted-by":"crossref","DOI":"10.21203\/rs.3.rs-4941250\/v1","article-title":"Opcode memory analysis: a data-centric machine learning framework for early detection and attribution of ransomware","volume-title":"Proc. ACM Workshop on Security and Privacy","author":"Pesem"},{"key":"ref10","article-title":"Ransomware detection with a 2-tier machine learning approach using a novel clustering algorithm","author":"Zhang","year":"2024","journal-title":"Future Generation Computer Systems"},{"key":"ref11","article-title":"A hybrid framework for ransomware detection using deep learning and Monte Carlo tree search","author":"Li","year":"2024","journal-title":"IEEE Trans. Inf. Forensics and Security"},{"key":"ref12","article-title":"Ransomware Evolution: Unveiling Patterns Using HDBSCAN","volume-title":"Proc. Conf. on Applied Machine Learning for Information Security (CAMLIS), CEUR Workshop Proceedings","author":"Bhandary"},{"key":"ref13","doi-asserted-by":"crossref","DOI":"10.36227\/techrxiv.172599923.38750111\/v1","article-title":"High-performance digital forensic framework for anomalous ransomware detection in file system log data","author":"Jones","year":"2024"},{"key":"ref14","article-title":"Examining Windows file system IRP operations with machine learning for ransomware detection","author":"Xu","year":"2024","journal-title":"Computers & Security"},{"key":"ref15","article-title":"Dynamic behavioural analysis of privacy-breaching and data theft ransomware","author":"Ozturk","year":"2024","journal-title":"Journal of Cybersecurity"},{"key":"ref16","doi-asserted-by":"crossref","DOI":"10.20944\/preprints202311.0798.v1","article-title":"A survey on ransomware threats: contrasting static and dynamic analysis methods","author":"Kang","year":"2023"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3691340"},{"key":"ref18","doi-asserted-by":"crossref","DOI":"10.36227\/techrxiv.172503635.58338596\/v1","article-title":"Unveiling hidden patterns: a computational analysis of less commonly labeled ransomware families","author":"Zhang","year":"2024"},{"key":"ref19","article-title":"Federated learning-based ransomware detection via indicators of compromise","author":"Koike","year":"2024","journal-title":"IEEE Access"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/isdfs65363.2025.11012104"},{"key":"ref21","article-title":"VirusShare.com - because sharing is caring","year":"2024"},{"key":"ref22","article-title":"SOREL-20M: A large scale benchmark dataset for malicious PE detection","volume-title":"SophosAI","author":"Harang","year":"2020"},{"key":"ref23","article-title":"MalDICT: Benchmark Datasets on Malware Behaviors, Platforms, Exploitation, and Packers","author":"Joyce","year":"2023"},{"key":"ref24","article-title":"EMBER 2024: An updated dataset for training and benchmarking malware classifiers","author":"Joyce","year":"2025"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.2307\/1912791.1969"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.4324\/9780203491683"}],"event":{"name":"2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,9]]}},"container-title":["2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11417955\/11417996\/11418035.pdf?arnumber=11418035","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T05:28:39Z","timestamp":1773120519000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11418035\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/acsacw69556.2025.00058","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}