{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T21:05:25Z","timestamp":1780434325360,"version":"3.54.1"},"reference-count":107,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Tecnologico de Monterrey"},{"name":"State Cybersecurity Agency of the Republic of El Salvador"},{"name":"Secretar&#x00ED;a de Ciencia, Humanidades, Tecnolog&#x00ED;a e Innovaci"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Open J. Comput. Soc."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/ojcs.2026.3690970","type":"journal-article","created":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T20:05:13Z","timestamp":1778011513000},"page":"1064-1082","source":"Crossref","is-referenced-by-count":0,"title":["Generative AI for Ransomware Identification and Mitigation: Taxonomy, Challenges, and Future Directions"],"prefix":"10.1109","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-2057-7595","authenticated-orcid":false,"given":"Erick D.","family":"Ram\u00edrez-Mart\u00ednez","sequence":"first","affiliation":[{"name":"Tecnologico de Monterrey, School of Engineering and Sciences, Monterrey, Mexico"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7678-5487","authenticated-orcid":false,"given":"Jes\u00fas A.","family":"P\u00e9rez-D\u00edaz","sequence":"additional","affiliation":[{"name":"Tecnologico de Monterrey, School of Engineering and Sciences, Monterrey, Mexico"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3131-0672","authenticated-orcid":false,"given":"Noe M.","family":"Yungaicela-Naula","sequence":"additional","affiliation":[{"name":"Centre for Secure Information Technologies (CSIT), Queen&#x0027;s University Belfast, Belfast, U.K."}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","article-title":"ENISA threat landscape 2023  Jul. 2022 to Jun. 2023","author":"Lella"},{"key":"ref2","article-title":"ENISA threat landscape 2024  Jul. 2023 to Jun. 2024","author":"Lella"},{"key":"ref3","article-title":"ENISA threat landscape 2025July 2024 to Jun. 2025","author":"Boutemeur"},{"key":"ref4","article-title":"Ransomware","year":"2024"},{"key":"ref5","article-title":"2025 cyber incident insights report","year":"2025"},{"key":"ref6","article-title":"2025 ransomware trends & proactive strategies","year":"2025"},{"key":"ref7","article-title":"Halcyon threat insights 015: Apr. 2025 ransomware report","year":"2025"},{"key":"ref8","article-title":"ThreatLabz 2024 ransomware report","year":"2024"},{"key":"ref9","article-title":"Microsoft digital defense report 2024","year":"2024"},{"key":"ref10","article-title":"How to respond to the 2025-2026 threat landscape","author":"Jeremy","year":"2025"},{"key":"ref11","article-title":"IBM X-force 2025 threat intelligence index","author":"X-FORCE","year":"2025"},{"issue":"23","key":"ref12","article-title":"Survey of transformer-based malicious software detection systems","volume-title":"Electronics","volume":"13","author":"Alshomrani","year":"2024"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3397921"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3691340"},{"key":"ref15","article-title":"The good, the bad, and the algorithm: The impact of generative AI on cybersecurity","volume-title":"Neurocomputing","volume":"623","author":"Coppolino","year":"2025"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2025.3556187"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3479393"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3268535"},{"key":"ref19","article-title":"Cryptographic ransomware encryption detection: Survey","volume-title":"Comput. Secur.","volume":"132","author":"Begovic","year":"2023"},{"issue":"3","key":"ref20","article-title":"Ransomware detection using machine learning: A survey","volume-title":"Big Data Cogn. Comput.","volume":"7","author":"Alraizza","year":"2023"},{"issue":"4","key":"ref21","article-title":"Opportunities for early detection and prediction of ransomware attacks against industrial control systems","volume-title":"Future Internet","volume":"15","author":"Gazzan","year":"2023"},{"issue":"21","key":"ref22","article-title":"Crypto-ransomware: A revision of the state of the art, advances and challenges","volume-title":"Electronics","volume":"12","author":"Hernndez","year":"2023"},{"key":"ref23","article-title":"Ransomware early detection: A survey","volume-title":"Comput. Netw.","volume":"239","author":"Cen","year":"2024"},{"issue":"8","key":"ref24","article-title":"Earlier decision on detection of ransomware identification: A comprehensive systematic literature review","volume-title":"Information","volume":"15","author":"Albshaier","year":"2024"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.3389\/fphy.2024.1349463"},{"key":"ref26","article-title":"Securing the industrial Internet of Things against ransomware attacks: A comprehensive analysis of the emerging threat landscape and detection mechanisms","volume-title":"J. Netw. Comput. Appl.","volume":"223","author":"Al-Hawawreh","year":"2024"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.12720\/jait.15.5.649-671"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3461965"},{"key":"ref29","article-title":"A comprehensive literature review on ransomware detection using deep learning","volume-title":"Cyber Secur. Appl.","volume":"3","author":"Kritika","year":"2025"},{"key":"ref30","article-title":"ThreatLabz 2025 ransomware report","year":"2025"},{"key":"ref31","article-title":"ENISA threat landscape for ransomware attacks","author":"Garcia"},{"key":"ref32","article-title":"Digital forensic of maze ransomware: A case of electricity distributor enterprise in ASEAN","volume-title":"Expert Syst. Appl.","volume":"249","author":"Chimmanee","year":"2024"},{"key":"ref33","article-title":"The 2024 ransomware landscape: Looking back on another painful year","author":"Beek","year":"2025"},{"key":"ref34","article-title":"State of ransomware annual report 2024","year":"2025"},{"key":"ref35","article-title":"2025 thales data threat report","year":"2025"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS.2018.8328219"},{"key":"ref37","first-page":"2672","article-title":"Generative adversarial nets","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"27","author":"Goodfellow"},{"key":"ref38","first-page":"5998","article-title":"Attention is all you need","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"30","author":"Vaswani"},{"key":"ref39","first-page":"6840","article-title":"Denoising diffusion probabilistic models","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Ho","year":"2020"},{"key":"ref40","article-title":"Intro to autoencoders","year":"2024"},{"key":"ref41","article-title":"2023 cyberthreat defense report","year":"2023"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3128024"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.3390\/fi15100318"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3348451"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104233"},{"issue":"4","key":"ref46","article-title":"Improving cyber defense against ransomware: A generative adversarial networks-based adversarial training approach for long short-term memory network classifier","volume-title":"Electronics","volume":"14","author":"Wang","year":"2025"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-86514-6_4"},{"key":"ref48","article-title":"An ensemble of pre-trained transformer models for imbalanced multiclass malware classification","volume-title":"Comput. Secur.","volume":"121","author":"Demirkran","year":"2022"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN54540.2023.10191550"},{"issue":"18","key":"ref50","article-title":"Enhancing ransomware attack detection using transfer learning and deep learning ensemble models on cloud-encrypted data","volume-title":"Electronics","volume":"12","author":"Singh","year":"2023"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxad005"},{"key":"ref52","article-title":"It\u2019s too late if exfiltrate: Early stage android ransomware detection","volume-title":"Comput. Secur.","volume":"141","author":"Singh","year":"2024"},{"key":"ref53","article-title":"volGPT: Evaluation on triaging ransomware process in memory forensics with large language model","volume-title":"Forensic Sci. Int.: Digit. Investigation","volume":"49","author":"Oh","year":"2024"},{"key":"ref54","article-title":"Zero day ransomware detection with pulse: Function classification with transformer models and assembly language","volume-title":"Comput. Secur.","volume":"148","author":"Gaber","year":"2025"},{"key":"ref55","article-title":"Transformer-based knowledge distillation for explainable intrusion detection system","volume-title":"Comput. Secur.","volume":"154","author":"AL-Nomasy","year":"2025"},{"key":"ref56","article-title":"Ransomware detection and family classification using fine-tuned BERT and RoBERTa models","volume-title":"Egyptian Inform. J.","volume":"30","author":"Hussain","year":"2025"},{"issue":"18","key":"ref57","article-title":"Explainable malware detection system using transformers-based transfer learning and multi-model visual representation","volume-title":"Sensors","volume":"22","author":"Ullah","year":"2022"},{"key":"ref58","article-title":"An intelligent ransomware attack detection and classification using dual vision transformer with mantis search split attention network","volume":"119","author":"A","year":"2024","journal-title":"Comput. Elect. Eng."},{"key":"ref59","article-title":"VINCENT: Cyber-threat detection through vision transformers and knowledge distillation","volume-title":"Comput. Secur.","volume":"144","author":"Rose","year":"2024"},{"key":"ref60","article-title":"RansomFormer: A cross-modal transformer architecture for ransomware detection via the fusion of byte and API features","volume-title":"Electronics","volume":"14","author":"Alzahrani","year":"2025"},{"issue":"2","key":"ref61","first-page":"1667","article-title":"Oversampling-enhanced feature fusion-based hybrid ViT-1DCNN model for ransomware cyber attack detection","volume-title":"Comput. Model. Eng. Sci.","volume":"142","author":"Latif","year":"2025"},{"key":"ref62","article-title":"CNN-ViT synergy: An efficient android malware detection approach through deep learning","volume-title":"Comput. Elect. Eng.","volume":"123","author":"Wasif","year":"2025"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ISI49825.2020.9280508"},{"issue":"12","key":"ref64","article-title":"Data exfiltration detection on network metadata with autoencoders","volume-title":"Electronics","volume":"12","author":"Willems","year":"2023"},{"key":"ref65","article-title":"Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation","volume-title":"Comput. Secur.","volume":"134","author":"McIntosh","year":"2023"},{"key":"ref66","article-title":"Charlotte AI","year":"2025"},{"key":"ref67","article-title":"CrowdStrike falcon platform achieves perfect score in SE labs\u2019 most comprehensive ransomware evaluation","author":"Spurlock","year":"2025"},{"key":"ref68","article-title":"Stop ransomware in its tracks with CipherTrust transparent encryption ransomware protection","author":"Thales","year":"2024"},{"key":"ref69","article-title":"Cuckoo sandbox","year":"2021"},{"key":"ref70","article-title":"Cuckoo3 - Malware analysis tool","year":"2025"},{"key":"ref71","article-title":"Malpedia","author":"FKIE","year":"2025"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"ref73","article-title":"VirusShare.com - Because sharing is caring","author":"Forensics","year":"2025"},{"key":"ref74","article-title":"MalwareBazaar database","year":"2025"},{"key":"ref75","article-title":"VirusTotal","year":"2025"},{"key":"ref76","article-title":"CIC-InvesAndMal2019 dataset","author":"Baqi","year":"2019"},{"key":"ref77","article-title":"A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets","volume-title":"Sustain. Cities Soc.","volume":"72","author":"Moustafa","year":"2021"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/RDAAPS48126.2021.9452002"},{"key":"ref79","article-title":"Memory dumps of virtual machines for cloud forensics","author":"Purnaye","year":"2020","journal-title":"IEEE Dataport"},{"key":"ref80","first-page":"2021","article-title":"New datasets for dynamic malware classification","author":"Dzgn"},{"key":"ref81","article-title":"Ransomware attacks","year":"2021"},{"key":"ref82","article-title":"Ransomware incident response plan","year":"2022"},{"key":"ref83","article-title":"Mitigating malware and ransomware attacks","year":"2021"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.6028\/nist.ir.8374"},{"key":"ref85","article-title":"Combating ransomware","author":"Institute","year":"2021"},{"key":"ref86","article-title":"What decision-makers need to know about ransomware risk","author":"Vladimir","year":"2023"},{"key":"ref87","first-page":"177","article-title":"Detecting obfuscated malware using memory feature engineering","volume-title":"Proc. Int. Conf. Inf. Syst. Secur. Privacy","author":"Carrier","year":"2022"},{"key":"ref88","article-title":"network_security_project_android_malware_detection","year":"2023"},{"key":"ref89","article-title":"Matthew Gaber: Peekaboo","author":"Gaber","year":"2024"},{"key":"ref90","article-title":"Ransomware-detection-and-family-classification-using-fine-tuned-BERT-and-RoBERTa-models","year":"2025"},{"key":"ref91","article-title":"Ransomware\u2019s strange history began with a colourful culprit","volume-title":"The Toronto Star","author":"Simone"},{"key":"ref92","article-title":"The history and evolution of ransomware attacks","author":"Shea","year":"2025"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502676"},{"issue":"1","key":"ref94","first-page":"10","article-title":"Ransomware: Evolution, mitigation and prevention","volume-title":"Int. Manage. Rev.","volume":"13","author":"Richardson","year":"2017"},{"key":"ref95","article-title":"Ransomware","year":"2025"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/SMCSIA.2003.1232396"},{"key":"ref97","article-title":"Threat assessment: BlackCat ransomware","author":"Amanda","year":"2022"},{"key":"ref98","article-title":"HS: Owner of psychotherapy centre vastaamo asks for inquiry into acquisition","author":"Teivainen","year":"2021"},{"key":"ref99","article-title":"Investigation report on Jaguar Land Rover cyberattack","year":"2025"},{"key":"ref100","article-title":"Scattered LAPSUS$hunters: 2025s most dangerous cybercrime supergroup","author":"Labs","year":"2025"},{"key":"ref101","article-title":"Cyber AI: Augment your security team and stop novel threats","year":"2025"},{"key":"ref102","article-title":"Deteccin y respuesta de endpoint","year":"2025"},{"key":"ref103","article-title":"Automating ransomware response: Investigating ransomware attacks using cortex XSOAR\u2019s automated playbooks","year":"2023"},{"key":"ref104","article-title":"Core email protection","year":"2025"},{"key":"ref105","article-title":"Symantec incident prediction: Proteccin de vanguardia","year":"2025"},{"key":"ref106","article-title":"Innovation insight: AI agents","author":"Tom","year":"2025"},{"key":"ref107","article-title":"The current state of AI agents for enterprises","author":"Ben","year":"2025"}],"container-title":["IEEE Open Journal of the Computer Society"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8782664\/11319293\/11509281.pdf?arnumber=11509281","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T20:09:28Z","timestamp":1780430968000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11509281\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":107,"URL":"https:\/\/doi.org\/10.1109\/ojcs.2026.3690970","relation":{},"ISSN":["2644-1268"],"issn-type":[{"value":"2644-1268","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}