{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T01:16:41Z","timestamp":1778721401598,"version":"3.51.4"},"reference-count":69,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T00:00:00Z","timestamp":1778716800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T00:00:00Z","timestamp":1778716800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003327","name":"Cooperative Research Centres, Australian Government Department of Industry","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003327","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Ransomware threats are growing in frequency and severity, posing significant challenges to cybersecurity defences. Machine learning (ML) has gained attention as a promising tool for detecting ransomware, but the lack of realistic ransomware datasets for training and evaluating ML models has limited progress. This paper introduces RADAR, a comprehensive dataset designed to address this challenge and advance ransomware detection. With over 400,000 system events from seven prominent ransomware families and benign activities, RADAR overcomes the limitations of existing datasets that rely on outdated samples and fail to capture the evolving nature of ransomware. RADAR is structured as a continuous stream of system events and incorporates realistic scenarios, including data drift and class imbalance. The dataset features 48 attributes extracted from Sysmon logs and 19 additional engineered features to improve the analysis of behavioural patterns. By simulating data drift and reflecting the minority-class nature of ransomware, RADAR provides a realistic environment for evaluating ML models in conditions that replicate real-world operations. The utility of RADAR is demonstrated through an experimental framework using an adaptive random forest algorithm in an online incremental learning setting. The results underscore the importance of continually adapting detection methods to effectively address evolving ransomware threats. This research lays a solid foundation for improving ML algorithms and fostering innovative methods for real-time ransomware detection.<\/jats:p>","DOI":"10.1186\/s42400-025-00435-9","type":"journal-article","created":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T01:03:59Z","timestamp":1778720639000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Radar: a realistic dataset for advancing ransomware detection"],"prefix":"10.1186","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8224-2924","authenticated-orcid":false,"given":"Jamil","family":"Ispahany","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Oscar Blessed","family":"Deho","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Md Rafiqul","family":"Islam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M. Arif","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Md Zahidul","family":"Islam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,14]]},"reference":[{"key":"435_CR1","doi-asserted-by":"crossref","unstructured":"Ferdous J, Islam R, Mahboubi A, Islam MZ (2024) Ai-based ransomware detection: a comprehensive review. IEEE Access","DOI":"10.1109\/ACCESS.2024.3461965"},{"key":"435_CR2","doi-asserted-by":"crossref","unstructured":"Zuhair H, Selamat A (2019) Rands: a machine learning-based anti-ransomware tool for windows platforms. Advancing Technology Industrialization Through Intelligent Software Methodologies. Tools and Techniques. IOS Press, Amsterdam, Netherlands, pp 573\u2013587","DOI":"10.3233\/FAIA190081"},{"key":"435_CR3","doi-asserted-by":"crossref","unstructured":"Beerman J, Berent D, Falter Z, Bhunia S (2023) A review of colonial pipeline ransomware attack. In: 2023 IEEE\/ACM 23rd international symposium on cluster, cloud and internet computing workshops (CCGridW), pp 8\u201315. IEEE","DOI":"10.1109\/CCGridW59191.2023.00017"},{"key":"435_CR4","unstructured":"Dossett J (2021) A timeline of the biggest ransomware attacks. https:\/\/www.cnet.com\/personal-finance\/crypto\/a-timeline-of-the-biggest-ransomware-attacks\/"},{"key":"435_CR5","doi-asserted-by":"publisher","first-page":"68785","DOI":"10.1109\/ACCESS.2024.3397921","volume":"12","author":"J Ispahany","year":"2024","unstructured":"Ispahany J, Islam MR, Islam MZ, Khan MA (2024) Ransomware detection using machine learning: a review, research limitations and future directions. IEEE Access 12:68785\u2013813","journal-title":"IEEE Access"},{"key":"435_CR6","doi-asserted-by":"publisher","first-page":"122532","DOI":"10.1109\/ACCESS.2021.3109260","volume":"9","author":"S Poudyal","year":"2021","unstructured":"Poudyal S, Dasgupta D (2021) Analysis of crypto-ransomware using ml-based multi-level profiling. IEEE Access 9:122532\u2013122547","journal-title":"IEEE Access"},{"key":"435_CR7","doi-asserted-by":"publisher","first-page":"361","DOI":"10.7717\/peerj-cs.361","volume":"7","author":"S Aurangzeb","year":"2021","unstructured":"Aurangzeb S, Rais RNB, Aleem M, Islam MA, Iqbal MA (2021) On the classification of microsoft-windows ransomware using hardware profile. Peer J Comput Sci 7:361","journal-title":"Peer J Comput Sci"},{"issue":"1","key":"435_CR8","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1109\/TNSM.2021.3112056","volume":"19","author":"RMA Molina","year":"2021","unstructured":"Molina RMA, Torabi S, Sarieddine K, Bou-Harb E, Bouguila N, Assi C (2021) On ransomware family attribution using pre-attack paranoia activities. IEEE Trans Netw Serv Manage 19(1):19\u201336","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"435_CR9","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102753","volume":"167","author":"YA Ahmed","year":"2020","unstructured":"Ahmed YA, Ko\u00e7er B, Huda S, Al-rimy BAS, Hassan MM (2020) A system call refinement-based enhanced minimum redundancy maximum relevance method for ransomware early detection. J Netw Comput Appl 167:102753","journal-title":"J Netw Comput Appl"},{"issue":"5","key":"435_CR10","doi-asserted-by":"publisher","first-page":"1984","DOI":"10.1016\/j.jksuci.2020.06.012","volume":"34","author":"S Kok","year":"2020","unstructured":"Kok S, Abdullah A, Jhanjhi N (2020) Early detection of crypto-ransomware using pre-encryption detection algorithm. J King Saud Univ Comput Inf Sci 34(5):1984\u201399","journal-title":"J King Saud Univ Comput Inf Sci"},{"issue":"12","key":"435_CR11","doi-asserted-by":"publisher","first-page":"13941","DOI":"10.1007\/s10489-022-03244-6","volume":"52","author":"U Zahoora","year":"2022","unstructured":"Zahoora U, Rajarajan M, Pan Z, Khan A (2022) Zero-day ransomware attack detection using deep contractive autoencoder and voting based ensemble classifier. Appl Intell 52(12):13941\u201313960","journal-title":"Appl Intell"},{"key":"435_CR12","unstructured":"Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort (2021) Sanctions Ransomware Operators and Virtual Currency Exchange. U.S. Department of the Treasury. https:\/\/home.treasury.gov\/news\/press-releases\/jy0471"},{"key":"435_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103629","volume":"137","author":"DW Fernando","year":"2024","unstructured":"Fernando DW, Komninos N (2024) Fesad ransomware detection framework with machine learning using adaption to concept drift. Computers & Security 137:103629","journal-title":"Computers & Security"},{"key":"435_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103849","volume":"142","author":"M Cen","year":"2024","unstructured":"Cen M, Deng X, Jiang F, Doss R (2024) Zero-ran sniff: a zero-day ransomware early detection method based on zero-shot learning. Comput Secur 142:103849","journal-title":"Comput Secur"},{"issue":"3","key":"435_CR15","doi-asserted-by":"publisher","first-page":"1053","DOI":"10.3390\/s23031053","volume":"23","author":"JA Herrera-Silva","year":"2023","unstructured":"Herrera-Silva JA, Hern\u00e1ndez-\u00c1lvarez M (2023) Dynamic feature dataset for ransomware detection using machine learning algorithms. Sensors 23(3):1053","journal-title":"Sensors"},{"key":"435_CR16","doi-asserted-by":"crossref","unstructured":"Barut O, Zhang T, Luo Y, Li P (2023) A comprehensive study on efficient and accurate machine learning-based malicious pe detection. In: 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), pp 632\u2013635. IEEE","DOI":"10.1109\/CCNC51644.2023.10060214"},{"key":"435_CR17","doi-asserted-by":"publisher","unstructured":"Berrueta E, Morat\u00f3 D, Maga\u00f1a E, Izal M (2020) Open Repository for the Evaluation of Ransomware Detection Tools. https:\/\/doi.org\/10.21227\/qnyn-q136","DOI":"10.21227\/qnyn-q136"},{"key":"435_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110138","volume":"239","author":"M Cen","year":"2024","unstructured":"Cen M, Jiang F, Qin X, Jiang Q, Doss R (2024) Ransomware early detection: a survey. Comput Netw 239:110138","journal-title":"Comput Netw"},{"issue":"2","key":"435_CR19","first-page":"136","volume":"19","author":"S Kok","year":"2019","unstructured":"Kok S, Abdullah A, Jhanjhi N, Supramaniam M (2019) Ransomware, threat and detection techniques: a review. Int J Comput Sci Netw Secur 19(2):136","journal-title":"Int J Comput Sci Netw Secur"},{"key":"435_CR20","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.future.2018.07.052","volume":"90","author":"H Zhang","year":"2019","unstructured":"Zhang H, Xiao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based on n-gram of opcodes. Futur Gener Comput Syst 90:211\u2013221","journal-title":"Futur Gener Comput Syst"},{"issue":"3","key":"435_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3579822","volume":"26","author":"N Lachtar","year":"2023","unstructured":"Lachtar N, Ibdah D, Khan H, Bacha A (2023) Ransomshield: a visualization approach to defending mobile systems against ransomware. ACM Trans Privacy Secur 26(3):1\u201330","journal-title":"ACM Trans Privacy Secur"},{"key":"435_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102860","volume":"121","author":"AO Almashhadani","year":"2022","unstructured":"Almashhadani AO, Carlin D, Kaiiali M, Sezer S (2022) Mfmcns: a multi-feature and multi-classifier network-based system for ransomworm detection. Comput Secur 121:102860","journal-title":"Comput Secur"},{"key":"435_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s40537-014-0007-7","volume":"2","author":"MM Najafabadi","year":"2015","unstructured":"Najafabadi MM, Villanustre F, Khoshgoftaar TM, Seliya N, Wald R, Muharemagic E (2015) Deep learning applications and challenges in big data analytics. J Big Data 2:1\u201321","journal-title":"J Big Data"},{"issue":"9","key":"435_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3479393","volume":"54","author":"T McIntosh","year":"2021","unstructured":"McIntosh T, Kayes A, Chen Y-PP, Ng A, Watters P (2021) Ransomware mitigation in the modern era: a comprehensive review, research challenges, and future directions. ACM Comput Surv (CSUR) 54(9):1\u201336","journal-title":"ACM Comput Surv (CSUR)"},{"key":"435_CR25","doi-asserted-by":"publisher","first-page":"24522","DOI":"10.1109\/ACCESS.2020.2970466","volume":"8","author":"S Sharmeen","year":"2020","unstructured":"Sharmeen S, Ahmed YA, Huda S, Ko\u00e7er B\u015e, Hassan MM (2020) Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access 8:24522\u201324534","journal-title":"IEEE Access"},{"key":"435_CR26","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1016\/j.future.2018.07.045","volume":"90","author":"S Homayoun","year":"2019","unstructured":"Homayoun S, Dehghantanha A, Ahmadzadeh M, Hashemi S, Khayami R, Choo K-KR, Newton DE (2019) Drthis: deep ransomware threat hunting and intelligence system at the fog layer. Futur Gener Comput Syst 90:94\u2013104","journal-title":"Futur Gener Comput Syst"},{"key":"435_CR27","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.knosys.2018.04.033","volume":"153","author":"N Nissim","year":"2018","unstructured":"Nissim N, Lapidot Y, Cohen A, Elovici Y (2018) Trusted system-calls analysis methodology aimed at detection of compromised virtual machines using sequential mining. Knowl-Based Syst 153:147\u2013175","journal-title":"Knowl-Based Syst"},{"issue":"9","key":"435_CR28","doi-asserted-by":"publisher","first-page":"4355","DOI":"10.3390\/s23094355","volume":"23","author":"A Alqahtani","year":"2023","unstructured":"Alqahtani A, Sheldon FT (2023) Temporal data correlation providing enhanced dynamic crypto-ransomware pre-encryption boundary delineation. Sensors 23(9):4355","journal-title":"Sensors"},{"issue":"4","key":"435_CR29","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1016\/j.icte.2020.11.001","volume":"6","author":"BM Khammas","year":"2020","unstructured":"Khammas BM (2020) Ransomware detection using random forest technique. ICT Express 6(4):325\u2013331","journal-title":"ICT Express"},{"key":"435_CR30","volume":"55","author":"S Kok","year":"2020","unstructured":"Kok S, Azween A, Jhanjhi N (2020) Evaluation metric for crypto-ransomware detection using machine learning. J Inf Secur Appl 55:102646","journal-title":"J Inf Secur Appl"},{"issue":"18","key":"435_CR31","doi-asserted-by":"publisher","first-page":"5422","DOI":"10.1002\/cpe.5422","volume":"32","author":"SI Bae","year":"2020","unstructured":"Bae SI, Lee GB, Im EG (2020) Ransomware detection using machine learning algorithms. Concurr Comput Pract Exp 32(18):5422","journal-title":"Concurr Comput Pract Exp"},{"issue":"14","key":"435_CR32","doi-asserted-by":"publisher","first-page":"5726","DOI":"10.1002\/cpe.5726","volume":"32","author":"C Keong Ng","year":"2020","unstructured":"Keong Ng C, Rajasegarar S, Pan L, Jiang F, Zhang LY (2020) Voterchoice: a ransomware detection honeypot with multiple voting framework. Concurr Comput Pract Exp 32(14):5726","journal-title":"Concurr Comput Pract Exp"},{"key":"435_CR33","volume":"72","author":"R Chaganti","year":"2023","unstructured":"Chaganti R, Ravi V, Pham TD (2023) A multi-view feature fusion approach for effective malware classification using deep learning. J Inf Secur Appl 72:103402","journal-title":"J Inf Secur Appl"},{"key":"435_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103703","volume":"139","author":"S Gulmez","year":"2024","unstructured":"Gulmez S, Kakisim AG, Sogukpinar I (2024) Xran: explainable deep learning-based ransomware detection using dynamic analysis. Comput Secur 139:103703","journal-title":"Comput Secur"},{"issue":"18","key":"435_CR35","doi-asserted-by":"publisher","first-page":"3899","DOI":"10.3390\/electronics12183899","volume":"12","author":"A Singh","year":"2023","unstructured":"Singh A, Mushtaq Z, Abosaq HA, Mursal SNF, Irfan M, Nowakowski G (2023) Enhancing ransomware attack detection using transfer learning and deep learning ensemble models on cloud-encrypted data. Electronics 12(18):3899","journal-title":"Electronics"},{"issue":"3","key":"435_CR36","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MCOM.001.2200215","volume":"61","author":"Z Li","year":"2022","unstructured":"Li Z, Rios ALG, Trajkovi\u0107 L (2022) Machine learning for detecting the westrock ransomware attack using bgp routing records. IEEE Commun Mag 61(3):20\u201326","journal-title":"IEEE Commun Mag"},{"issue":"12","key":"435_CR37","first-page":"5036","volume":"70","author":"C Woralert","year":"2023","unstructured":"Woralert C, Liu C, Blasingame Z (2023) Hard-lite: a lightweight hardware anomaly realtime detection framework targeting ransomware. IEEE Trans Circuits Syst I 70(12):5036\u201347","journal-title":"IEEE Trans Circuits Syst I"},{"issue":"10","key":"435_CR38","doi-asserted-by":"publisher","first-page":"318","DOI":"10.3390\/fi15100318","volume":"15","author":"M Gazzan","year":"2023","unstructured":"Gazzan M, Sheldon FT (2023) An enhanced minimax loss function technique in generative adversarial network for ransomware behavior prediction. Future Internet 15(10):318","journal-title":"Future Internet"},{"key":"435_CR39","doi-asserted-by":"crossref","unstructured":"Masum M, Faruk MJH, Shahriar H, Qian K, Lo D, Adnan MI (2022) Ransomware classification and detection with machine learning algorithms. In: 2022 IEEE 12th annual computing and communication workshop and conference (CCWC), pp 0316\u20130322. IEEE","DOI":"10.1109\/CCWC54503.2022.9720869"},{"key":"435_CR40","unstructured":"Jethva B, Traor\u00e9 I, Ghaleb A, Ganame K, Ahmed S (2020) Botnet and Ransomware Detection Datasets. https:\/\/onlineacademiccommunity.uvic.ca\/isot\/2022\/11\/27\/botnet-and-ransomware-detection-datasets\/"},{"issue":"8","key":"435_CR41","doi-asserted-by":"publisher","first-page":"65658","DOI":"10.1109\/ACCESS.2020.2984187","volume":"2020","author":"E Berrueta Irigoyen","year":"2020","unstructured":"Berrueta Irigoyen E, Morat\u00f3 Os\u00e9s D, Maga\u00f1a Lizarrondo E, Izal Azc\u00e1rate M (2020) Open repository for the evaluation of ransomware detection tools. IEEE Access 2020(8):65658\u201365669","journal-title":"IEEE Access"},{"key":"435_CR42","doi-asserted-by":"crossref","unstructured":"Yang L, Ciptadi A, Laziuk I, Ahmadzadeh A, Wang G (2021) Bodmas: An open dataset for learning based temporal analysis of pe malware. In: 2021 IEEE security and privacy workshops (SPW), pp 78\u201384. IEEE","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"435_CR43","volume":"40","author":"SR Davies","year":"2022","unstructured":"Davies SR, Macfarlane R, Buchanan WJ (2022) Napierone: a modern mixed file data set alternative to govdocs1. Forensic Sci Int Digit Investig 40:301330","journal-title":"Forensic Sci Int Digit Investig"},{"key":"435_CR44","volume":"40","author":"M Hirano","year":"2022","unstructured":"Hirano M, Hodota R, Kobayashi R (2022) Ransap: an open dataset of ransomware storage access patterns for training machine learning models. Forensic Sci Int Digit Investig 40:301314","journal-title":"Forensic Sci Int Digit Investig"},{"key":"435_CR45","doi-asserted-by":"crossref","unstructured":"Hussain S, Musa M, Neeshat T, Batool R, Ahmed O, Zaffar F, Gehani A, Poggio A, Yadav MK (2023) Towards reproducible ransomware analysis. In: proceedings of the 16th cyber security experimentation and test workshop, pp 1\u20139","DOI":"10.1145\/3607505.3607510"},{"key":"435_CR46","doi-asserted-by":"crossref","unstructured":"D\u2019Elia DC, Invidia L, Querzoni L (2021) Rope: Covert multi-process malware execution with return-oriented programming. In: European symposium on research in computer security, pp 197\u2013217. Springer","DOI":"10.1007\/978-3-030-88418-5_10"},{"key":"435_CR47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2019.01.002","volume":"32","author":"SS Chakkaravarthy","year":"2019","unstructured":"Chakkaravarthy SS, Sangeetha D, Vaidehi V (2019) A survey on malware analysis and mitigation techniques. Comput Sci Rev 32:1\u201323","journal-title":"Comput Sci Rev"},{"issue":"6","key":"435_CR48","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3365001","volume":"52","author":"A Afianian","year":"2019","unstructured":"Afianian A, Niksefat S, Sadeghiyan B, Baptiste D (2019) Malware dynamic analysis evasion techniques: a survey. ACM Comput Surv (CSUR) 52(6):1\u201328","journal-title":"ACM Comput Surv (CSUR)"},{"issue":"1","key":"435_CR49","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-019-0043-x","volume":"3","author":"S Kumar","year":"2020","unstructured":"Kumar S et al (2020) An emerging threat fileless malware: a survey and research challenges. Cybersecurity 3(1):1\u201312","journal-title":"Cybersecurity"},{"key":"435_CR50","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2020.101861","volume":"112","author":"J Singh","year":"2020","unstructured":"Singh J, Singh J (2020) A survey on machine learning-based malware detection in executable files. J Syst Architect 112:101861","journal-title":"J Syst Architect"},{"issue":"1","key":"435_CR51","doi-asserted-by":"publisher","first-page":"172","DOI":"10.3390\/app12010172","volume":"12","author":"U Urooj","year":"2021","unstructured":"Urooj U, Al-rimy BAS, Zainal A, Ghaleb FA, Rassam MA (2021) Ransomware detection using the dynamic analysis and machine learning: a survey and research directions. Appl Sci 12(1):172","journal-title":"Appl Sci"},{"key":"435_CR52","doi-asserted-by":"crossref","unstructured":"Ahmed ME, Kim H, Camtepe S, Nepal S (2021) Peeler: Profiling kernel-level events to detect ransomware. In: European symposium on research in computer security, pp 240\u2013260. Springer","DOI":"10.1007\/978-3-030-88418-5_12"},{"issue":"13","key":"435_CR53","first-page":"39135","volume":"83","author":"C Bn","year":"2024","unstructured":"Bn C, Sh B (2024) Revolutionizing ransomware detection and criticality assessment: multiclass hybrid machine learning and semantic similarity-based end2end solution. Multimed Tools Appl 83(13):39135\u201339168","journal-title":"Multimed Tools Appl"},{"key":"435_CR54","doi-asserted-by":"publisher","first-page":"28624","DOI":"10.1109\/ACCESS.2024.3400167","volume":"12","author":"R-V Mahmoud","year":"2024","unstructured":"Mahmoud R-V, Anagnostopoulos M, Pastrana S, Pedersen JM (2024) Redefining malware sandboxing: Enhancing analysis through sysmon and elk integration. IEEE Access 12:28624\u201336","journal-title":"IEEE Access"},{"issue":"6","key":"435_CR55","doi-asserted-by":"publisher","first-page":"1893","DOI":"10.1007\/s10207-023-00725-8","volume":"22","author":"C Smiliotopoulos","year":"2023","unstructured":"Smiliotopoulos C, Kambourakis G, Barbatsalou K (2023) On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from sysmon logs. Int J Inf Secur 22(6):1893\u20131919","journal-title":"Int J Inf Secur"},{"key":"435_CR56","doi-asserted-by":"crossref","unstructured":"Mavroeidis V, J\u00f8sang A (2018) Data-driven threat hunting using sysmon. In: Proceedings of the 2nd international conference on cryptography, security and privacy, pp 82\u201388","DOI":"10.1145\/3199478.3199490"},{"key":"435_CR57","doi-asserted-by":"crossref","unstructured":"Grimshaw C, Lachine B, Perkins T, Coote E (2024) Link-based anomaly detection with sysmon and graph neural networks. In: 2024 IEEE 3rd international conference on ai in cybersecurity (ICAIC), pp 1\u20136. IEEE","DOI":"10.1109\/ICAIC60265.2024.10433846"},{"issue":"12","key":"435_CR58","doi-asserted-by":"publisher","first-page":"14005","DOI":"10.1007\/s10489-021-03138-z","volume":"52","author":"C Do Xuan","year":"2022","unstructured":"Do Xuan C, Huong D (2022) A new approach for apt malware detection based on deep graph network for endpoint systems. Appl Intell 52(12):14005\u201314024","journal-title":"Appl Intell"},{"key":"435_CR59","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1016\/j.asoc.2017.10.031","volume":"62","author":"T Escovedo","year":"2018","unstructured":"Escovedo T, Koshiyama A, Cruz AA, Vellasco M (2018) Detecta: abrupt concept drift detection in non-stationary environments. Appl Soft Comput 62:119\u2013133","journal-title":"Appl Soft Comput"},{"issue":"1","key":"435_CR60","first-page":"10","volume":"13","author":"R Richardson","year":"2017","unstructured":"Richardson R, North MM (2017) Ransomware: evolution, mitigation and prevention. Int Manage Rev 13(1):10","journal-title":"Int Manage Rev"},{"key":"435_CR61","doi-asserted-by":"crossref","unstructured":"Chen Q, Bridges RA (2017) Automated behavioral analysis of malware: A case study of wannacry ransomware. In: 2017 16th IEEE international conference on machine learning and applications (ICMLA), pp 454\u2013460. IEEE","DOI":"10.1109\/ICMLA.2017.0-119"},{"key":"435_CR62","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","volume":"74","author":"BAS Al-rimy","year":"2018","unstructured":"Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144\u2013166","journal-title":"Comput Secur"},{"key":"435_CR63","doi-asserted-by":"crossref","unstructured":"Malik NA, Delshadi AM, Ibrar M, Hamid K, Aamir M, Ahmed F, Ahmad G (2024) Behavior and characteristics of ransomware-a survey. In: 2024 2nd international conference on cyber resilience (ICCR), pp 01\u201305. IEEE","DOI":"10.1109\/ICCR61006.2024.10532983"},{"key":"435_CR64","doi-asserted-by":"crossref","unstructured":"Ispahany J, Islam R (2021) Detecting malicious COVID-19 URLs using machine learning techniques","DOI":"10.1109\/PerComWorkshops51409.2021.9431064"},{"key":"435_CR65","unstructured":"Galiette A, Santos D (2024) Medusa ransomware turning your files into Stone. Unit 42, Palo Alto. https:\/\/unit42.paloaltonetworks.com\/medusa-ransomware-escalation-new-leak-site\/"},{"issue":"3","key":"435_CR66","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3606367","volume":"56","author":"P Christen","year":"2023","unstructured":"Christen P, Hand DJ, Kirielle N (2023) A review of the f-measure: its history, properties, criticism, and alternatives. ACM Comput Surv 56(3):1\u201324","journal-title":"ACM Comput Surv"},{"issue":"9","key":"435_CR67","doi-asserted-by":"publisher","first-page":"1469","DOI":"10.1007\/s10994-017-5642-8","volume":"106","author":"HM Gomes","year":"2017","unstructured":"Gomes HM, Bifet A, Read J, Barddal JP, Enembreck F, Pfharinger B, Holmes G, Abdessalem T (2017) Adaptive random forests for evolving data stream classification. Mach Learn 106(9):1469\u20131495","journal-title":"Mach Learn"},{"key":"435_CR68","doi-asserted-by":"publisher","first-page":"471","DOI":"10.1016\/j.neuroimage.2017.09.001","volume":"163","author":"M Ontivero-Ortega","year":"2017","unstructured":"Ontivero-Ortega M, Lage-Castellanos A, Valente G, Goebel R, Valdes-Sosa M (2017) Fast gaussian na\u00efve bayes for searchlight classification analysis. Neuroimage 163:471\u2013479","journal-title":"Neuroimage"},{"key":"435_CR69","doi-asserted-by":"crossref","unstructured":"Wickramaratna J, Holden S, Buxton B (2001) Performance degradation in boosting. In: Multiple Classifier Systems: Second International Workshop, MCS 2001 Cambridge, UK, July 2\u20134, 2001 Proceedings 2, pp. 11\u201321. Springer","DOI":"10.1007\/3-540-48219-9_2"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00435-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00435-9","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00435-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T01:04:12Z","timestamp":1778720652000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00435-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,14]]},"references-count":69,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["435"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00435-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,14]]},"assertion":[{"value":"23 December 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 June 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 May 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"68"}}