{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T19:17:05Z","timestamp":1774120625711,"version":"3.50.1"},"reference-count":35,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,10,3]],"date-time":"2022-10-03T00:00:00Z","timestamp":1664755200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,10,3]],"date-time":"2022-10-03T00:00:00Z","timestamp":1664755200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,10,3]]},"DOI":"10.1109\/cns56114.2022.9947244","type":"proceedings-article","created":{"date-parts":[[2022,11,18]],"date-time":"2022-11-18T20:49:54Z","timestamp":1668804594000},"page":"326-334","source":"Crossref","is-referenced-by-count":7,"title":["Ransomware Detection in Databases through Dynamic Analysis of Query Sequences"],"prefix":"10.1109","author":[{"given":"Christoph","family":"Sendner","sequence":"first","affiliation":[{"name":"University of Würzburg,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lukas","family":"Ifflander","sequence":"additional","affiliation":[{"name":"University of Würzburg,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sebastian","family":"Schindler","sequence":"additional","affiliation":[{"name":"University of Würzburg,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Jobst","sequence":"additional","affiliation":[{"name":"University of Würzburg,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexandra","family":"Dmitrienko","sequence":"additional","affiliation":[{"name":"University of Würzburg,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Samuel","family":"Kounev","sequence":"additional","affiliation":[{"name":"University of Würzburg,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref33","article-title":"Application of optics and ensemble learning for database intrusion detection","author":"subudhi","year":"2019","journal-title":"Journal of King Saud University - Computer and Information Sciences"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"ref31","year":"2018","journal-title":"semantic mediawiki org Semantic MediaWiki"},{"key":"ref30","author":"rygielski","year":"2022","journal-title":"vikin91\/BibSpace"},{"key":"ref35","author":"ziv","year":"2017","journal-title":"0 2 BTC strikes back now attacking MySQL databases"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_8"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991110"},{"key":"ref11","author":"corporation","year":"2018","journal-title":"MySQL 5 7 Manual"},{"key":"ref12","article-title":"Advanced MySQL Exploitation","author":"dzulfakar","year":"2009","journal-title":"Black Hat USA"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/CCP.2011.43"},{"key":"ref14","author":"golunski","year":"2017","journal-title":"MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016–6662"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134416"},{"key":"ref16","article-title":"Identification of Malicious Transactions in Database Systems","author":"hu","year":"2003","journal-title":"IDEas"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/967900.968048"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/975817.975820"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-60794-3"},{"key":"ref28","author":"peterson","year":"1981","journal-title":"Petri Net Theory and the Modeling of Systems"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.33"},{"key":"ref27","author":"morgan","year":"2017","journal-title":"Cybersecurity Business Report Ransomware Damage Costs predicted to hit USD 11 5B by 2019"},{"key":"ref3","year":"2022","journal-title":"TPC-H - Homepage"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67180-2_53"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70567-3_24"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2019.09.055"},{"key":"ref8","article-title":"MongoDB Apocalypse: Professional Ransomware Group Gets Involved, Infections Reach 28K Servers","author":"cimpanu","year":"2017","journal-title":"Bleeping Computer"},{"key":"ref7","article-title":"DEMIDS: A Misuse Detection System for Database Systems","author":"chung","year":"1999","journal-title":"Integrity and Internal Control in Information Systems (IICIS)"},{"key":"ref2","author":"ransomware","year":"2021","journal-title":"Damage Costs Predicted To Exceed $265 Billion By"},{"key":"ref9","article-title":"ShieldFS: The Last Word in Ransomware Resilient Filesystems","author":"continella","year":"2017","journal-title":"Black Hat USA"},{"key":"ref1","year":"2021","journal-title":"Colonial Pipeline boss confirms $4 4m ransom payment"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2020.07.154"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/RTTAS.2000.852457"},{"key":"ref21","author":"kopytov","year":"2022","journal-title":"akopytov\/sysbench"},{"key":"ref24","article-title":"DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions","author":"low","year":"2002","journal-title":"International Conference on Enterprise Information Systems (ICEIS)"},{"key":"ref23","author":"o'donnell","year":"2020","journal-title":"PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers"},{"key":"ref26","year":"2018","journal-title":"MediaWiki MediaWiki\/de - MediaWiki The Free Wiki Engine"},{"key":"ref25","article-title":"Complex Event Processing in Distributed Systems","author":"luckham","year":"1998","journal-title":"Technical Report Stanford University"}],"event":{"name":"2022 IEEE Conference on Communications and Network Security (CNS)","location":"Austin, TX, USA","start":{"date-parts":[[2022,10,3]]},"end":{"date-parts":[[2022,10,5]]}},"container-title":["2022 IEEE Conference on Communications and Network Security (CNS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9947203\/9947223\/09947244.pdf?arnumber=9947244","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,12]],"date-time":"2022-12-12T19:57:04Z","timestamp":1670875024000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9947244\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,3]]},"references-count":35,"URL":"https:\/\/doi.org\/10.1109\/cns56114.2022.9947244","relation":{},"subject":[],"published":{"date-parts":[[2022,10,3]]}}}