{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T12:22:13Z","timestamp":1778761333468,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,8,7]],"date-time":"2023-08-07T00:00:00Z","timestamp":1691366400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Office of Naval Research","award":["N00014-21-1-2754"],"award-info":[{"award-number":["N00014-21-1-2754"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,8,7]]},"DOI":"10.1145\/3607505.3607510","type":"proceedings-article","created":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T16:33:41Z","timestamp":1692635621000},"page":"1-9","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Towards Reproducible Ransomware Analysis"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-0117-4646","authenticated-orcid":false,"given":"Shozab","family":"Hussain","sequence":"first","affiliation":[{"name":"LUMS - Lahore University of Management Sciences, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5542-8040","authenticated-orcid":false,"given":"Muhammad","family":"Musa","sequence":"additional","affiliation":[{"name":"LUMS - Lahore University of Management Sciences, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-3956-5870","authenticated-orcid":false,"given":"Turyal","family":"Neeshat","sequence":"additional","affiliation":[{"name":"LUMS - Lahore University of Management Sciences, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6646-1488","authenticated-orcid":false,"given":"Rja","family":"Batool","sequence":"additional","affiliation":[{"name":"LUMS - Lahore University of Management Sciences, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6365-8408","authenticated-orcid":false,"given":"Omer","family":"Ahmed","sequence":"additional","affiliation":[{"name":"LUMS - Lahore University of Management Sciences, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1270-5513","authenticated-orcid":false,"given":"Fareed","family":"Zaffar","sequence":"additional","affiliation":[{"name":"LUMS - Lahore University of Management Sciences, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3940-2467","authenticated-orcid":false,"given":"Ashish","family":"Gehani","sequence":"additional","affiliation":[{"name":"SRI International, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-0131-8443","authenticated-orcid":false,"given":"Andy","family":"Poggio","sequence":"additional","affiliation":[{"name":"SRI International, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4584-7606","authenticated-orcid":false,"given":"Maneesh K.","family":"Yadav","sequence":"additional","affiliation":[{"name":"SRI International, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,8,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Cuckoo Sandbox. https:\/\/cuckoosandbox.org\/  [n. d.]. Cuckoo Sandbox. https:\/\/cuckoosandbox.org\/"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. FBI No Longer Negotiating with Ransomware Group That Leaked Oakland Data. https:\/\/abc7news.com\/oakland-ransomware-hacked-data-leaked-fbi-dark-web\/13225220\/  [n. d.]. FBI No Longer Negotiating with Ransomware Group That Leaked Oakland Data. https:\/\/abc7news.com\/oakland-ransomware-hacked-data-leaked-fbi-dark-web\/13225220\/"},{"key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. MalwareBazaar. https:\/\/bazaar.abuse.ch\/browse\/  [n. d.]. MalwareBazaar. https:\/\/bazaar.abuse.ch\/browse\/"},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. Ransomware Full Recovery Could Take Months Dallas Officials Say. https:\/\/www.dallasnews.com\/news\/politics\/2023\/05\/11\/ransomware-full-recovery-could-take-months-dallas-officials-say\/  [n. d.]. Ransomware Full Recovery Could Take Months Dallas Officials Say. https:\/\/www.dallasnews.com\/news\/politics\/2023\/05\/11\/ransomware-full-recovery-could-take-months-dallas-officials-say\/"},{"key":"e_1_3_2_1_5_1","unstructured":"[n. d.]. Tukey five-number summary. https:\/\/en.wikipedia.org\/wiki\/Five-number_summary  [n. d.]. Tukey five-number summary. https:\/\/en.wikipedia.org\/wiki\/Five-number_summary"},{"key":"e_1_3_2_1_6_1","volume-title":"26th European Symposium on Research in Computer Security","author":"Ahmed Muhammad\u00a0Ejaz","year":"2021","unstructured":"Muhammad\u00a0Ejaz Ahmed , Hyoungshick Kim , Seyit Camtepe , and Surya Nepal . 2021 . Peeler: Profiling Kernel-Level Events to Detect Ransomware . 26th European Symposium on Research in Computer Security (2021). Muhammad\u00a0Ejaz Ahmed, Hyoungshick Kim, Seyit Camtepe, and Surya Nepal. 2021. Peeler: Profiling Kernel-Level Events to Detect Ransomware. 26th European Symposium on Research in Computer Security (2021)."},{"key":"e_1_3_2_1_7_1","volume-title":"11th USENIX Workshop on the Theory and Practice of Provenance (TaPP)","author":"Barre Mathieu","year":"2019","unstructured":"Mathieu Barre , Ashish Gehani , and Vinod Yegneswaran . 2019 . Mining Data Provenance to Detect Advanced Persistent Threats . 11th USENIX Workshop on the Theory and Practice of Provenance (TaPP) (2019). Mathieu Barre, Ashish Gehani, and Vinod Yegneswaran. 2019. Mining Data Provenance to Detect Advanced Persistent Threats. 11th USENIX Workshop on the Theory and Practice of Provenance (TaPP) (2019)."},{"key":"e_1_3_2_1_8_1","volume-title":"Test of Time Award. ACM Middleware","author":"Blair Gordon","year":"2022","unstructured":"Gordon Blair . 2022. Test of Time Award. ACM Middleware ( 2022 ). https:\/\/middleware-conf.github.io\/2022\/awards\/#testOfTime Gordon Blair. 2022. Test of Time Award. ACM Middleware (2022). https:\/\/middleware-conf.github.io\/2022\/awards\/#testOfTime"},{"key":"e_1_3_2_1_9_1","volume":"202","author":"Davies Simon","unstructured":"Simon Davies , Richard Macfarlane , and William\u00a0 J Buchanan. 202 2. NapierOne: A Modern Mixed File Data Set Alternative to Govdocs1. Forensic Science International: Digital Investigation 40 (2022). Simon Davies, Richard Macfarlane, and William\u00a0J Buchanan. 2022. NapierOne: A Modern Mixed File Data Set Alternative to Govdocs1. Forensic Science International: Digital Investigation 40 (2022).","journal-title":"J Buchanan."},{"key":"e_1_3_2_1_10_1","volume-title":"DISTDET: A Cost-Effective Distributed Cyber Threat Detection System. 30th USENIX Security Symposium","author":"Dong Feng","year":"2023","unstructured":"Feng Dong , Liu Wang , Xu Nie , Fei Shao , Haoyu Wang , Ding Li , Xiapu Luo , and Xusheng Xiao . 2023 . DISTDET: A Cost-Effective Distributed Cyber Threat Detection System. 30th USENIX Security Symposium (2023). Feng Dong, Liu Wang, Xu Nie, Fei Shao, Haoyu Wang, Ding Li, Xiapu Luo, and Xusheng Xiao. 2023. DISTDET: A Cost-Effective Distributed Cyber Threat Detection System. 30th USENIX Security Symposium (2023)."},{"key":"e_1_3_2_1_11_1","volume-title":"9th International Symposium on Graph Drawing","author":"Ellson John","year":"2002","unstructured":"John Ellson , Emden Gansner , Lefteris Koutsofios , Stephen\u00a0 C North , and Gordon Woodhull . 2002 . Graphviz \u2014 Open Source Graph Drawing Tools . 9th International Symposium on Graph Drawing (2002). John Ellson, Emden Gansner, Lefteris Koutsofios, Stephen\u00a0C North, and Gordon Woodhull. 2002. Graphviz \u2014 Open Source Graph Drawing Tools. 9th International Symposium on Graph Drawing (2002)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Ashish Gehani Raza Ahmad Hassaan Irshad Jianqiao Zhu and Jignesh Patel. 2021. Digging Into \"Big Provenance\" (With SPADE). Commun. ACM 64(12) (2021).  Ashish Gehani Raza Ahmad Hassaan Irshad Jianqiao Zhu and Jignesh Patel. 2021. Digging Into \"Big Provenance\" (With SPADE). Commun. ACM 64(12) (2021).","DOI":"10.1145\/3475358"},{"key":"e_1_3_2_1_13_1","volume-title":"SPADE: Support for Provenance Auditing in Distributed Environments. 13th ACM\/IFIP\/USENIX International Middleware Conference","author":"Gehani Ashish","year":"2012","unstructured":"Ashish Gehani and Dawood Tariq . 2012 . SPADE: Support for Provenance Auditing in Distributed Environments. 13th ACM\/IFIP\/USENIX International Middleware Conference (2012). Ashish Gehani and Dawood Tariq. 2012. SPADE: Support for Provenance Auditing in Distributed Environments. 13th ACM\/IFIP\/USENIX International Middleware Conference (2012)."},{"key":"e_1_3_2_1_14_1","unstructured":"REPROD GitHub. [n. d.]. Code for orchestrating ransomware execution log and provenance collection. https:\/\/github.com\/REPROD-prov  REPROD GitHub. [n. d.]. Code for orchestrating ransomware execution log and provenance collection. https:\/\/github.com\/REPROD-prov"},{"key":"e_1_3_2_1_15_1","volume-title":"Xanthus: Push-button Orchestration of Host Provenance Data Collection. 3rd ACM Workshop on Practical Reproducible Evaluation of Computer Systems (P-RECS)","author":"Han Xueyuan","year":"2020","unstructured":"Xueyuan Han , James Mickens , Ashish Gehani , Margo Seltzer , and Thomas Pasquier . 2020 . Xanthus: Push-button Orchestration of Host Provenance Data Collection. 3rd ACM Workshop on Practical Reproducible Evaluation of Computer Systems (P-RECS) (2020). Xueyuan Han, James Mickens, Ashish Gehani, Margo Seltzer, and Thomas Pasquier. 2020. Xanthus: Push-button Orchestration of Host Provenance Data Collection. 3rd ACM Workshop on Practical Reproducible Evaluation of Computer Systems (P-RECS) (2020)."},{"key":"e_1_3_2_1_16_1","volume-title":"RanSAP: An Open Dataset of Ransomware Storage Access Patterns for Training Machine Learning Models. Forensic Science International: Digital Investigation 40","author":"Hirano Manabu","year":"2022","unstructured":"Manabu Hirano , Ryo Hodota , and Ryotaro Kobayashi . 2022. RanSAP: An Open Dataset of Ransomware Storage Access Patterns for Training Machine Learning Models. Forensic Science International: Digital Investigation 40 ( 2022 ). Manabu Hirano, Ryo Hodota, and Ryotaro Kobayashi. 2022. RanSAP: An Open Dataset of Ransomware Storage Access Patterns for Training Machine Learning Models. Forensic Science International: Digital Investigation 40 (2022)."},{"key":"e_1_3_2_1_17_1","volume-title":"TRACE: Enterprise-Wide Provenance Tracking For Real-Time APT Detection","author":"Irshad Hassaan","year":"2021","unstructured":"Hassaan Irshad , Gabriela Ciocarlie , Ashish Gehani , Vinod Yegneswaran , Kyu\u00a0Hyung Lee , Jignesh Patel , Somesh Jha , Yonghwi Kwon , Dongyan Xu , and Xiangyu Zhang . 2021 . TRACE: Enterprise-Wide Provenance Tracking For Real-Time APT Detection . IEEE Transactions on Information Forensics and Security (TIFS) 16 (2021). Hassaan Irshad, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Kyu\u00a0Hyung Lee, Jignesh Patel, Somesh Jha, Yonghwi Kwon, Dongyan Xu, and Xiangyu Zhang. 2021. TRACE: Enterprise-Wide Provenance Tracking For Real-Time APT Detection. IEEE Transactions on Information Forensics and Security (TIFS) 16 (2021)."},{"key":"e_1_3_2_1_18_1","volume-title":"25th USENIX Security Symposium","author":"Kharaz Amin","year":"2016","unstructured":"Amin Kharaz , Sajjad Arshad , Collin Mulliner , William Robertson , and Engin Kirda . 2016 . UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware . 25th USENIX Security Symposium (2016). Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. 2016. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. 25th USENIX Security Symposium (2016)."},{"key":"e_1_3_2_1_19_1","volume-title":"RansomLens: Understanding Ransomware via Causality Analysis on System Provenance Graph. Science of Cyber Security","author":"Mei Rui","year":"2021","unstructured":"Rui Mei , Han-Bing Yan , and Zhi-Hui Han . 2021. RansomLens: Understanding Ransomware via Causality Analysis on System Provenance Graph. Science of Cyber Security ( 2021 ). Rui Mei, Han-Bing Yan, and Zhi-Hui Han. 2021. RansomLens: Understanding Ransomware via Causality Analysis on System Provenance Graph. Science of Cyber Security (2021)."},{"key":"e_1_3_2_1_20_1","volume-title":"Court Says. Wall Street Journal","author":"Vanderford Richard","year":"2023","unstructured":"Richard Vanderford . 2023. Merck\u2019s Insurers On the Hook in $1.4 Billion NotPetya Attack , Court Says. Wall Street Journal ( 2023 ). Richard Vanderford. 2023. Merck\u2019s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says. Wall Street Journal (2023)."},{"key":"e_1_3_2_1_21_1","volume-title":"Ransomware Detection and Classification Strategies. IEEE International Black Sea Conference on Communications and Networking","author":"Vehabovic Aldin","year":"2022","unstructured":"Aldin Vehabovic , Nasir Ghani , Elias Bou-Harb , Jorge Crichigno , and Aysegul Yayimli . 2022 . Ransomware Detection and Classification Strategies. IEEE International Black Sea Conference on Communications and Networking (2022). Aldin Vehabovic, Nasir Ghani, Elias Bou-Harb, Jorge Crichigno, and Aysegul Yayimli. 2022. Ransomware Detection and Classification Strategies. IEEE International Black Sea Conference on Communications and Networking (2022)."},{"key":"e_1_3_2_1_22_1","unstructured":"Christian Wojner. [n. d.]. DensityScout. https:\/\/cert.at\/en\/downloads\/software\/software-densityscout  Christian Wojner. [n. d.]. DensityScout. https:\/\/cert.at\/en\/downloads\/software\/software-densityscout"},{"key":"e_1_3_2_1_23_1","unstructured":"REPROD Zenodo. [n. d.]. Ransomware execution trace and provenance data. https:\/\/doi.org\/10.5281\/zenodo.7933806    10.5281\/zenodo.7933806\nREPROD Zenodo. [n. d.]. Ransomware execution trace and provenance data. https:\/\/doi.org\/10.5281\/zenodo.7933806"}],"event":{"name":"CSET 2023: 2023 Cyber Security Experimentation and Test Workshop","location":"Marina del Rey CA USA","acronym":"CSET 2023"},"container-title":["2023 Cyber Security Experimentation and Test Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607505.3607510","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607505.3607510","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:28Z","timestamp":1750178188000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607505.3607510"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,7]]},"references-count":23,"alternative-id":["10.1145\/3607505.3607510","10.1145\/3607505"],"URL":"https:\/\/doi.org\/10.1145\/3607505.3607510","relation":{},"subject":[],"published":{"date-parts":[[2023,8,7]]},"assertion":[{"value":"2023-08-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}