{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T07:46:00Z","timestamp":1775115960030,"version":"3.50.1"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T00:00:00Z","timestamp":1773014400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T00:00:00Z","timestamp":1775088000000},"content-version":"vor","delay-in-days":24,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100020998","name":"University of Pannonia","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100020998","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J. Inf. Secur."],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:sec>\n                    <jats:title>Purpose<\/jats:title>\n                    <jats:p>This research examines the feasibility and effectiveness of detecting ransomware attacks in quasi real-time by leveraging AI-based monitoring of centralized file operations. As ransomware continues to evolve in speed and complexity, traditional endpoint protection mechanisms often fall short, especially in environments with limited client-side defense. The goal is to determine whether lightweight, server-side monitoring combined with machine learning can provide a quasi real-time and accurate detection mechanism without relying on client instrumentation.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Applied methodology<\/jats:title>\n                    <jats:p>A virtualized SME (small- and medium-sized enterprise) infrastructure was developed, simulating realistic user behavior through automated file operations and randomly triggered attacks by ransomware samples (Ryuk, NotPetya, Lockbit, Teslacrypt, and WannaCry). A nanosecond-scale time-stamped logging mechanism was implemented using Fluentbit and InfluxDB to track file creation, renaming, and deletion events. Five classic and ensemble machine learning models (Random Forest, Decision Tree, SVM, AdaBoost, XGBoost) were trained and optimized using supervised learning on aggregated file operation sequences using one-second intervals.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Results<\/jats:title>\n                    <jats:p>The comparative evaluation of the models showed that all five achieved reliable detection performance, but XGBoost outperformed the others with a sensitivity of 91.87% and prediction speeds below 1\u2009ms. The model identified ransomware activity during the early phases of execution in the majority of test cases, even when operating in a high-noise environment with real-world file usage patterns.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Conclusions<\/jats:title>\n                    <jats:p>Monitoring centralized file activity offers a practical and efficient means for detecting ransomware attacks without requiring access to client systems or process-level telemetry. By using only three simple file operation metrics and binary classification, the system does not require complex, resource-intensive behavioral models.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Contribution<\/jats:title>\n                    <jats:p>This study presents a scalable, quasi real-time detection framework that complements existing security layers and is especially valuable in scenarios where endpoint protection is weak or inconsistent. The findings highlight an alternative direction in ransomware defense that emphasizes simplicity, performance, and deployability.<\/jats:p>\n                  <\/jats:sec>","DOI":"10.1186\/s13635-026-00229-7","type":"journal-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T01:13:22Z","timestamp":1773018802000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Ransomware detection based on server-side file operation logs using machine learning"],"prefix":"10.1186","volume":"2026","author":[{"given":"G\u00e1bor","family":"Ar\u00e1nyi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tam\u00e1s","family":"Miseta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Veronika","family":"Sz\u00fccs","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,3,9]]},"reference":[{"key":"229_CR1","unstructured":"E.U.A. for Cybersecurity (ENISA). Enisa threat landscape 2024 (2024). https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2024. Accessed 29 May 2025"},{"key":"229_CR2","unstructured":"Verizon. Verizon data breach investigations report 2025 (2025). https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/. Accessed 29 May 2025"},{"key":"229_CR3","unstructured":"ENISA. Enisa threat landscape: Finance sector 2024 (2025). https:\/\/www.enisa.europa.eu\/sites\/default\/files\/2025-02\/Finance%20TL%202024_Final.pdf. Accessed 29 May 2025"},{"key":"229_CR4","doi-asserted-by":"publisher","unstructured":"Europol. Internet organised crime threat assessment (iocta) 2024 (2024). https:\/\/doi.org\/10.2813\/442713","DOI":"10.2813\/442713"},{"key":"229_CR5","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1016\/j.comcom.2022.11.001","volume":"198","author":"Y Guo","year":"2023","unstructured":"Y. Guo, A review of machine learning-based zero-day attack detection: challenges and future directions. Comput. Commun. 198, 175\u2013185 (2023). https:\/\/doi.org\/10.1016\/j.comcom.2022.11.001","journal-title":"Comput. Commun."},{"issue":"1","key":"229_CR6","doi-asserted-by":"publisher","DOI":"10.1155\/2023\/9544481","volume":"2023","author":"P Singh","year":"2023","unstructured":"P. Singh, S.K. Borgohain, A.K. Sarkar, J. Kumar, L.D. Sharma, Feed-forward deep neural network (ffdnn)-based deep features for static malware detection. Int. J. Intell. Syst. 2023(1), 9544481 (2023). https:\/\/doi.org\/10.1155\/2023\/9544481","journal-title":"Int. J. Intell. Syst."},{"issue":"3","key":"229_CR7","doi-asserted-by":"publisher","first-page":"1520","DOI":"10.1109\/SURV.2014.022714.00160","volume":"16","author":"R Kaur","year":"2014","unstructured":"R. Kaur, M. Singh, A survey on zero-day polymorphic worm detection techniques. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS 16(3), 1520\u20131549 (2014). https:\/\/doi.org\/10.1109\/SURV.2014.022714.00160","journal-title":"IEEE COMMUNICATIONS SURVEYS AND TUTORIALS"},{"issue":"10","key":"229_CR8","doi-asserted-by":"publisher","first-page":"10733","DOI":"10.1007\/s10462-023-10437-z","volume":"56","author":"R Ahmad","year":"2023","unstructured":"R. Ahmad, I. Alsmadi, W. Alhamdani, L. Tawalbeh, Zero-day attack detection: a systematic literature review. Artif. Intell. Rev. 56(10), 10733\u201310811 (2023). https:\/\/doi.org\/10.1007\/s10462-023-10437-z","journal-title":"Artif. Intell. Rev."},{"key":"229_CR9","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1016\/j.jisa.2019.03.011","volume":"46","author":"UK Singh","year":"2019","unstructured":"U.K. Singh, C. Joshi, D. Kanellopoulos, A framework for zero-day vulnerabilities detection and prioritization. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 46, 164\u2013172 (2019). https:\/\/doi.org\/10.1016\/j.jisa.2019.03.011","journal-title":"JOURNAL OF INFORMATION SECURITY AND APPLICATIONS"},{"key":"229_CR10","first-page":"63","volume":"6","author":"J Sebastian Guisao","year":"2014","unstructured":"J. Sebastian Guisao, J.C. Toro Rendon, Mitigation and detection of zero-day vulnerabilities. CUADERNO ACTIVA 6, 63\u201367 (2014)","journal-title":"CUADERNO ACTIVA"},{"key":"229_CR11","doi-asserted-by":"crossref","unstructured":"U.\u00a0Tupakula, V.\u00a0Varadharajan, in 2011 7TH International Wireless Communications and Mobile Computing Conference (IWCMC), Security techniques for zero day attacks (IEEE; IEEE Turkey sect, 2011), pp. 442\u2013447","DOI":"10.1109\/IWCMC.2011.5982574"},{"key":"229_CR12","doi-asserted-by":"publisher","unstructured":"A.\u00a0AlEroud, G.\u00a0Karabatis, in 2012 ASE International Conference on Cyber Security (CYBERSECURITY), A contextual anomaly detection approach to discover zero-day attacks (Acad Sci & Engn; IEEE Comp Soc, 2012), pp. 40\u201345. https:\/\/doi.org\/10.1109\/CyberSecurity.2012.12","DOI":"10.1109\/CyberSecurity.2012.12"},{"key":"229_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110138","volume":"239","author":"M Cen","year":"2024","unstructured":"M. Cen, F. Jiang, X. Qin, Q. Jiang, R. Doss, Ransomware early detection: a survey. Comput. Netw. 239, 110138 (2024). https:\/\/doi.org\/10.1016\/j.comnet.2023.110138","journal-title":"Comput. Netw."},{"key":"229_CR14","doi-asserted-by":"publisher","unstructured":"A.\u00a0Xu, A.\u00a0Choudhury, E.\u00a0Liu, S.\u00a0Choi, in 2024 Silicon Valley Cybersecurity Conference (SVCC), Protectnic: Smartnic-based ransomware detection (2024), pp. 1\u20133. https:\/\/doi.org\/10.1109\/SVCC61185.2024.10637308","DOI":"10.1109\/SVCC61185.2024.10637308"},{"key":"229_CR15","unstructured":"Applying staged event-driven access control to combat ransomware-Web of Science Core Collection (2025). https:\/\/www.webofscience.com\/wos\/woscc\/full-record\/WOS:000953073900001. Accessed 14 Feb 2025"},{"key":"229_CR16","doi-asserted-by":"publisher","unstructured":"B.\u00a0Denham, D.R. Thompson, in 2023 IEEE Conference on Communications and Network Security (CNS), Analysis of decoy strategies for detecting ransomware (2023), pp. 1\u20136. https:\/\/doi.org\/10.1109\/CNS59707.2023.10288691","DOI":"10.1109\/CNS59707.2023.10288691"},{"key":"229_CR17","doi-asserted-by":"publisher","unstructured":"D.\u00a0Diamantopoulos, R.\u00a0Pletka, S.\u00a0Sarafijanovic, A.L.N. Reddy, H.\u00a0Pozidis, in ACM Conferences, WannaLaugh: A Configurable Ransomware Emulator - Learning to Mimic Malicious Storage Traces (Association for Computing Machinery, 2024), pp. 118\u2013131. https:\/\/doi.org\/10.1145\/3688351.3689163","DOI":"10.1145\/3688351.3689163"},{"key":"229_CR18","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9101684","author":"H Hindy","year":"2020","unstructured":"H. Hindy, R. Atkinson, C. Tachtatzis, J.N. Colin, E. Bayne, X. Bellekens, Utilising deep learning techniques for effective zero-day attack detection. Electronics (2020). https:\/\/doi.org\/10.3390\/electronics9101684","journal-title":"Electronics"},{"key":"229_CR19","doi-asserted-by":"publisher","DOI":"10.1145\/3605775","author":"F Deldar","year":"2024","unstructured":"F. Deldar, M. Abadi, Deep learning for zero-day malware detection and classification: a survey. ACM Comput. Surv. (2024). https:\/\/doi.org\/10.1145\/3605775","journal-title":"ACM Comput. Surv."},{"key":"229_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102718","author":"S Millar","year":"2021","unstructured":"S. Millar, N. McLaughlin, J.M. del Rincon, P. Miller, Multi-view deep learning for zero-day android malware detection. J. Inf. Secur. Appl. (2021). https:\/\/doi.org\/10.1016\/j.jisa.2020.102718","journal-title":"J. Inf. Secur. Appl."},{"key":"229_CR21","doi-asserted-by":"publisher","unstructured":"K.\u00a0Ganame, M.A. Allaire, G.\u00a0Zagdene, O.\u00a0Boudar, in Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments (ISDDC 2017), Lecture Notes in Computer Science, vol. 10618, ed. by I.\u00a0Traore, I.\u00a0Woungang, A.\u00a0Awad, Network behavioral analysis for zero-day malware detection - a case study (2017), pp. 169\u2013181. https:\/\/doi.org\/10.1007\/978-3-319-69155-8_13","DOI":"10.1007\/978-3-319-69155-8_13"},{"issue":"5, SI","key":"229_CR22","first-page":"551","volume":"12","author":"F Wangde","year":"2021","unstructured":"F. Wangde, I. Mulay S.P., R.B. Adhao, V.K. Pachghare, Zero-day attack detection using ensemble technique. Int. J. Next-Gener. Comput 12(5, SI), 551\u2013557 (2021)","journal-title":"Int. J. Next-Gener. Comput"},{"key":"229_CR23","doi-asserted-by":"publisher","unstructured":"H.\u00a0Al-Rushdan, M.\u00a0Shurman, S.H. Alnabelsi, Q.\u00a0Althebyan, in 2019 International ARAB Conference on Information Technology (ACIT), Zero-day attack detection and prevention in software-defined networks (Al Ain Univ, 2019), International Arab Conference on Information Technology ACIT, pp. 278\u2013282. https:\/\/doi.org\/10.1109\/acit47987.2019.8991124","DOI":"10.1109\/acit47987.2019.8991124"},{"key":"229_CR24","doi-asserted-by":"publisher","unstructured":"Z.\u00a0He, A.\u00a0Rezaei, H.\u00a0Homayoun, H.\u00a0Sayadi, in Proceedings of the 32nd Great Lakes Symposium on VLSI 2022, GLSVLSI 2022, Deep neural network and transfer learning for accurate hardware-based zero-day malware detection (Assoc Comp Machinery; ACM Special Interest Grp Design Automat; IEEE Council Elect Design Automat; IEEE, 2022), pp. 27\u201332. https:\/\/doi.org\/10.1145\/3526241.3530326","DOI":"10.1145\/3526241.3530326"},{"key":"229_CR25","doi-asserted-by":"publisher","DOI":"10.3390\/electronics10121492","author":"SJ Bu","year":"2021","unstructured":"S.J. Bu, S.B. Cho, Deep character-level anomaly detection based on a convolutional autoencoder for zero-day phishing url detection. Electronics (2021). https:\/\/doi.org\/10.3390\/electronics10121492","journal-title":"Electronics"},{"key":"229_CR26","doi-asserted-by":"publisher","unstructured":"F.\u00a0Manzoor, V.\u00a0Khattar, C.C. Liu, M.\u00a0Jin, in 2024 IEEE International Conference on Communications, Control, and Computing Technologies for Smart GRIDS, SMARTGRIDCOMM 2024, Zero-day attack detection in digital substations using in-context learning (The Research Council of Norway, 2024), International Conference on Smart Grid Communications, pp. 220\u2013225. https:\/\/doi.org\/10.1109\/SmartGridComm60555.2024.10738025","DOI":"10.1109\/SmartGridComm60555.2024.10738025"},{"issue":"3","key":"229_CR27","doi-asserted-by":"publisher","first-page":"3900","DOI":"10.1109\/TNSM.2023.3251282","volume":"20","author":"C Kim","year":"2023","unstructured":"C. Kim, S.Y. Chang, J. Kim, D. Lee, J. Kim, Automated, reliable zero-day malware detection based on autoencoding architecture. IEEE Trans. Netw. Serv. Manag. 20(3), 3900\u20133914 (2023). https:\/\/doi.org\/10.1109\/TNSM.2023.3251282","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"229_CR28","doi-asserted-by":"publisher","unstructured":"M.E. Ahmed, H.\u00a0Kim, S.\u00a0Camtepe, S.\u00a0Nepal, in ESORICS (Lecture Notes in Computer Science, vol. 12972), Peeler: Profiling kernel-level events to detect ransomware (Springer, 2021), pp. 240\u2013260. https:\/\/doi.org\/10.1007\/978-3-030-88418-5_12","DOI":"10.1007\/978-3-030-88418-5_12"},{"key":"229_CR29","unstructured":"D.\u00a0Hitaj, G.\u00a0Pagnotta, F.\u00a0De\u00a0Gaspari, L.\u00a0De\u00a0Carli, L.V. Mancini, Minerva: A file-based ransomware detector (2023). arXiv preprint arXiv:2301.11050"},{"key":"229_CR30","doi-asserted-by":"publisher","unstructured":"S. Herrera-Silva: Dynamic feature dataset for ransomware detection using behavioral patterns. Sensors 23(3) (2023). https:\/\/doi.org\/10.3390\/s23031053","DOI":"10.3390\/s23031053"},{"key":"229_CR31","doi-asserted-by":"publisher","unstructured":"F.\u00a0Lee, ..., Machine learning-based ransomware detection method for files infected with fpe. Sensors 25(8), 2406 (2025). https:\/\/doi.org\/10.3390\/s25082406","DOI":"10.3390\/s25082406"},{"key":"229_CR32","doi-asserted-by":"publisher","unstructured":"C.\u00a0Zhou, L.\u00a0Guo, Y.\u00a0Hou, Z.\u00a0Ma, Q.\u00a0Zhang, M.\u00a0Wang, Z.\u00a0Liu, Y.\u00a0Jiang, in Proceedings of IEEE Symposium on Security and Privacy (S&P), Limits of i\/o based ransomware detection: An imitation based attack (2023), pp. 2584\u20132601. https:\/\/doi.org\/10.1109\/SP46215.2023.10179372","DOI":"10.1109\/SP46215.2023.10179372"},{"key":"229_CR33","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-022-19443-7","volume":"12","author":"U Zahoora","year":"2022","unstructured":"U. Zahoora, A. Aziz, A. Ashraf, M. Rajarajan, A. Khan, Cspe-r: ransomware detection using deep auto-encoders and pareto ensemble. Sci. Rep. 12, 15421 (2022). https:\/\/doi.org\/10.1038\/s41598-022-19443-7","journal-title":"Sci. Rep."},{"key":"229_CR34","unstructured":"J.\u00a0Baldwin, A.\u00a0Dehghantanha, Efficacy of opcode density via svm for crypto-ransomware detection (2018). arXiv preprint arXiv:1807.10442"},{"key":"229_CR35","unstructured":"P. Kampanakis, in NIST Workshop on Block Cipher Modes of Operation, Practical challenges with aes-gcm: Performance, side channels, and misuse resistance (2024). https:\/\/csrc.nist.gov\/csrc\/media\/Events\/2023\/third-workshop-on-block-cipher-modes-of-operation\/documents\/accepted-papers\/Practical%20Challenges%20with%20AES-GCM.pdf. Accessed 29 May 2025"},{"key":"229_CR36","doi-asserted-by":"publisher","unstructured":"S.\u00a0Gueron, V.\u00a0Krasnov, in Proceedings of the 12th International Conference on Cryptology and Network Security (CANS), Aes-gcm software performance on intel architecture processors (Springer, 2013), pp. 65\u201393. https:\/\/doi.org\/10.1007\/978-3-319-02937-5_5","DOI":"10.1007\/978-3-319-02937-5_5"},{"key":"229_CR37","unstructured":"A.\u00a0Barnes, J.\u00a0Smith, D.\u00a0Greg, Improving the throughput of the aes algorithm with multicore processors (2014). arXiv preprint arXiv:1403.7295"},{"issue":"9","key":"229_CR38","doi-asserted-by":"publisher","DOI":"10.3390\/app10093131","volume":"10","author":"K Kim","year":"2020","unstructured":"K. Kim, H. Lee, J. Lim, Practical aes-gcm encryption for low-end microcontrollers. Appl. Sci. 10(9), 3131 (2020). https:\/\/doi.org\/10.3390\/app10093131","journal-title":"Appl. Sci."},{"issue":"40","key":"229_CR39","doi-asserted-by":"publisher","first-page":"12","DOI":"10.5120\/ijca2023922941","volume":"182","author":"K Assa-Agyei","year":"2023","unstructured":"K. Assa-Agyei, Performance evaluation of gpu versus cpu implementations of aes-ctr. Int. J. Comput. Appl. 182(40), 12\u201318 (2023). https:\/\/doi.org\/10.5120\/ijca2023922941","journal-title":"Int. J. Comput. Appl."},{"issue":"9","key":"229_CR40","doi-asserted-by":"publisher","first-page":"4404","DOI":"10.1007\/s13198-024-02439-z","volume":"15","author":"G Kirubavathi","year":"2024","unstructured":"G. Kirubavathi, W.R. Anne, Behavioral based detection of android ransomware using machine learning techniques. Int. J. Syst. Assur. Eng. Manag. 15(9), 4404\u20134425 (2024). https:\/\/doi.org\/10.1007\/s13198-024-02439-z","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"key":"229_CR41","doi-asserted-by":"publisher","DOI":"10.1016\/j.eij.2024.100445","volume":"25","author":"M Aljabri","year":"2024","unstructured":"M. Aljabri, F. Alhaidari, A. Albuainain, S. Alrashidi, J. Alansari, W. Alqahtani, J. Alshaya, Ransomware detection based on machine learning using memory features. Egypt. Inform. J. 25, 100445 (2024). https:\/\/doi.org\/10.1016\/j.eij.2024.100445","journal-title":"Egypt. Inform. J."},{"key":"229_CR42","doi-asserted-by":"publisher","unstructured":"K.\u00a0Ganapathiyappan, A.\u00a0Yadav, in Cyber Warfare, Security and Space Computing, Communications in Computer and Information Science, Optimized deep learning technique for the effective detection of windows pe malware, vol. 2195 (2025), pp. 359\u2013370. https:\/\/doi.org\/10.1007\/978-3-031-73494-6_27","DOI":"10.1007\/978-3-031-73494-6_27"},{"issue":"11","key":"229_CR43","doi-asserted-by":"publisher","first-page":"5078","DOI":"10.1007\/s13198-024-02496-4","volume":"15","author":"G Kirubavathi","year":"2024","unstructured":"G. Kirubavathi, W.R. Anne, U.K. Sridevi, A recent review of ransomware attacks on healthcare industries. Int. J. Syst. Assur. Eng. Manag. 15(11), 5078\u20135096 (2024). https:\/\/doi.org\/10.1007\/s13198-024-02496-4","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"key":"229_CR44","unstructured":"P. Kothamali, S. Banik, Limitations of signature-based threat detection. Int. J. Comput. Appl. (2025). https:\/\/www.researchgate.net\/publication\/388494583_Limitations_of_Signature-Based_Threat_Detection. Accessed 29 May 2025"},{"issue":"2","key":"229_CR45","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/s11390-022-0263-4","volume":"37","author":"G Kim","year":"2022","unstructured":"G. Kim, Byte frequency based indicators for crypto-ransomware. J. Comput. Sci. Technol. 37(2), 263\u2013278 (2022). https:\/\/doi.org\/10.1007\/s11390-022-0263-4","journal-title":"J. Comput. Sci. Technol."},{"key":"229_CR46","unstructured":"S. McIntosh, J. Jang-Jaccard, P. Watters, T. Susnjak, The inadequacy of entropy-based ransomware detection. J. Cyber Secur. Technol. (2023). https:\/\/www.researchgate.net\/publication\/337776801_The_Inadequacy_of_Entropy-Based_Ransomware_Detection. Accessed 29 May 2025"},{"key":"229_CR47","doi-asserted-by":"crossref","unstructured":"R. Van Sloun, B. Erb, D. Erb, M. Hermann, L. Nussbaum, in Network and Distributed System Security Symposium (NDSS), Detecting ransomware despite i\/o overhead: A practical multi-staged approach (Internet Society, 2025). https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2025-764-paper.pdf. Accessed 29 May 2025","DOI":"10.14722\/ndss.2025.240764"},{"issue":"1","key":"229_CR48","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyaf009","volume":"11","author":"F Casino","year":"2025","unstructured":"F. Casino, C. Patsakis, E. Batista, M. Fayyaz, P. Garcia, Not on my watch: ransomware detection through classification of encrypted streams. J. Cybersecur. 11(1), tyaf009 (2025). https:\/\/doi.org\/10.1093\/cybsec\/tyaf009","journal-title":"J. Cybersecur."}],"container-title":["Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13635-026-00229-7","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-026-00229-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-026-00229-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T06:48:30Z","timestamp":1775112510000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s13635-026-00229-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,9]]},"references-count":48,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["229"],"URL":"https:\/\/doi.org\/10.1186\/s13635-026-00229-7","relation":{},"ISSN":["3091-4515"],"issn-type":[{"value":"3091-4515","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,9]]},"assertion":[{"value":"29 May 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"8"}}