{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:01:32Z","timestamp":1774368092979,"version":"3.50.1"},"reference-count":50,"publisher":"Tech Science Press","issue":"2","license":[{"start":{"date-parts":[[2024,11,24]],"date-time":"2024-11-24T00:00:00Z","timestamp":1732406400000},"content-version":"vor","delay-in-days":328,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2024]]},"DOI":"10.32604\/cmc.2024.057234","type":"journal-article","created":{"date-parts":[[2024,11,18]],"date-time":"2024-11-18T08:55:07Z","timestamp":1731920107000},"page":"3371-3393","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":1,"title":["AI-Driven Prioritization and Filtering of Windows Artifacts for Enhanced Digital Forensics"],"prefix":"10.32604","volume":"81","author":[{"given":"Juhwan","family":"Kim","sequence":"first","affiliation":[]},{"given":"Baehoon","family":"Son","sequence":"additional","affiliation":[]},{"given":"Jihyeon","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Joobeom","family":"Yun","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2024]]},"reference":[{"key":"ref1","unstructured":"Sonicwall, \u201cSonicwall cyber threat report (navigating the relentless surge in cybercrime),\u201d 2024. Accessed: Feb. 1, 2024. [Online]. Available: https:\/\/www.sonicwall.com\/medialibrary\/en\/white-paper\/2024-cyber-threat-report.pdf"},{"key":"ref2","unstructured":"Elastic security lab, ``Elastic global threat report,' 2023. Accessed: Nov. 1, 2023. [Online]. Available: https:\/\/www.elastic.co\/pdf\/elastic-global-threat-report-october-2023.pdf"},{"key":"ref3","unstructured":"Statcounter, \u201cDesktop operating system market share world,\u201d 2024. Accessed: Feb. 1, 2024. [Online]. Available: https:\/\/gs.statcounter.com\/os-market-share\/desktop\/worldwide"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"S64","DOI":"10.1016\/j.diin.2010.05.009","article-title":"Digital forensics research: The next 10 years","volume":"7","author":"Garfinkel","year":"2010","journal-title":"Digit. Invest."},{"key":"ref5","doi-asserted-by":"crossref","first-page":"S125","DOI":"10.1016\/j.diin.2016.04.005","article-title":"CuFA: A more formal definition for digital forensic artifacts","volume":"18","author":"Harichandran","year":"2016","journal-title":"Digit. Invest."},{"key":"ref6","series-title":"Proc. IEEE ISI","first-page":"304","article-title":"Forensic artifacts of microsoft windows vista system","author":"Purcell","year":"2008"},{"key":"ref7","unstructured":"J. Garcia, \u201cDetecting the solarwinds malicious scheduled task with an autoencoder,\u201d Accessed: Mar. 16, 2022. [Online]. Available: https:\/\/www.ds4n6.io\/blog.html"},{"key":"ref8","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2021.116263","article-title":"AutoLog: Anomaly detection by deep autoencoding of system logs","volume":"191","author":"Catillo","year":"2022, Art. no. 116263","journal-title":"Expert. Syst. Appl."},{"key":"ref9","doi-asserted-by":"crossref","first-page":"25696","DOI":"10.1109\/ACCESS.2022.3155695","article-title":"A malware detection approach using autoencoder in deep learning","volume":"10","author":"Xing","year":"2022","journal-title":"IEEE Access"},{"key":"ref10","series-title":"Proc. Wireless Telecommun. Symp. (WTS 2018)","first-page":"1","article-title":"Autoencoder-based network anomaly detection","author":"Chen","year":"2018"},{"key":"ref11","series-title":"Proc. 18th Iberoamerican Congress Pattern Recognit.","first-page":"117","article-title":"Auto-encoder based data clustering","author":"Song","year":"2013"},{"key":"ref12","series-title":"Proc. 23rd ACM SIGKDD Int. Conf. Knowl. Dis. Data Min. (KDD \u201917)","first-page":"665","article-title":"Anomaly detection with robust deep autoencoders","author":"Zhou","year":"2017"},{"key":"ref13","first-page":"1394","article-title":"Semisupervised autoencoder for sentiment analysis","volume":"30","author":"Zhai","year":"2016","journal-title":"Proc. AAAI Conf. Artif. Intell."},{"key":"ref14","doi-asserted-by":"crossref","first-page":"668","DOI":"10.1016\/j.future.2019.09.005","article-title":"Contextual filtering and prioritization of computer application logs for security situational awareness","volume":"111","author":"Cinque","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly detection: A survey","volume":"41","author":"Chandola","year":"2009","journal-title":"ACM Comput. Surv."},{"key":"ref16","series-title":"Proc. 8th ACM SIGKDD Int. Conf. Knowl. Dis. Data Min. (KDD\u201902)","first-page":"366","article-title":"Mining intrusion detection alarms for actionable knowledge","author":"Julisch","year":"2002"},{"key":"ref17","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TDSC.2004.21","article-title":"Comprehensive approach to intrusion detection alert correlation","volume":"1","author":"Valeur","year":"2004","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref18","series-title":"Proc. 7th Symp. Recent Adv. Intrus. Detect. (RAID 2004)","first-page":"102","article-title":"Using adaptive alert classification to reduce false positives in intrusion detection","author":"Pietraszek","year":"2004"},{"key":"ref19","series-title":"Proc. 13th IEEE Int. Conf. Netw. Jointly Held 7th IEEE Malay. Int. Conf. Commun.","first-page":"547","article-title":"False positives reduction via intrusion alert quality framework","author":"Bakar","year":"2005"},{"key":"ref20","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cose.2009.07.008","article-title":"Reducing false positives in intrusion detection systems","volume":"29","author":"Spathoulas","year":"2010","journal-title":"Comput. Secur."},{"key":"ref21","doi-asserted-by":"crossref","first-page":"375","DOI":"10.1016\/j.future.2015.09.009","article-title":"Automated root cause identification of security alerts: Evaluation in a saas cloud","volume":"56","author":"Cotroneo","year":"2016","journal-title":"Future Gener. Comput. Syst."},{"key":"ref22","series-title":"Proc. NOMS 2018\u20132018 IEEE\/IFIP Netw. Operat. Manag. Symp.","first-page":"1","article-title":"An unsupervised framework for detecting anomalous messages from syslog log files","author":"Vaarandi","year":"2018"},{"key":"ref23","series-title":"Proc. Int. Workshop Recent Adv. Intrus. Detect. (RAID 2002)","first-page":"95","article-title":"A mission-impact-based approach to infosec alarm correlation","author":"Porras","year":"2002"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1007\/s10922-008-9109-x","article-title":"Optimal ids sensor placement and alert prioritization using attack graphs","volume":"16","author":"Noel","year":"2008","journal-title":"J. Netw. Syst. Manag."},{"key":"ref25","series-title":"Proc. 4th ACM Workshop Secur. Artif. Intell.","first-page":"59","article-title":"Prioritizing intrusion analysis using dempster-shafer theory","author":"Zomlot","year":"2011"},{"key":"ref26","doi-asserted-by":"crossref","DOI":"10.1515\/9780691214696","author":"Shafer","year":"1976","journal-title":"A mathematical theory of evidence"},{"key":"ref27","series-title":"Proc. 3rd Int. Symp. Ubiquit. Network. (Unet 2017)","first-page":"641","article-title":"Risk assessment and alert prioritization for intrusion detection systems","author":"Chakir","year":"2017"},{"key":"ref28","series-title":"Proc. 34th Annu. Comput. Secur. App. Conf. (ACSAC\u201918)","first-page":"124","article-title":"Made: Security analytics for enterprise threat detection","author":"Oprea","year":"2018"},{"key":"ref29","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"Breiman","year":"2001","journal-title":"Mach. Learn."},{"key":"ref30","series-title":"Proc. 2019 IEEE Int. Conf. Big Data (Big Data)","first-page":"3210","article-title":"Detecting adversary using windows digital artifacts","author":"Liew","year":"2019"},{"key":"ref31","article-title":"ChatGPT for digital forensic investigation: The good, the bad, and the unknown","volume":"46","author":"Scanlon","year":"2023","journal-title":"Forens. Sci. Int.: Dig. Invest."},{"key":"ref32","doi-asserted-by":"crossref","first-page":"2029","DOI":"10.18280\/ts.400521","article-title":"Real-time detection and identification of suspects in forensic imagery using advanced YOLOv8 object recognition models","volume":"40","author":"Karaku\u015f","year":"2023","journal-title":"Traitement du Signal"},{"key":"ref33","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1007\/s11831-021-09575-w","article-title":"Comprehensive study of cloud forensics","volume":"29","author":"Purnaye","year":"2022","journal-title":"Arch. Computat. Methods Eng."},{"key":"ref34","series-title":"Proc. IEEE\/CVF Conf. Comput. Vis. Pattern Recognit. (CVPR 2021)","first-page":"12383","article-title":"On feature normalization and data augmentation","author":"Li","year":"2021"},{"key":"ref35","series-title":"Proc. 32nd Int. Conf. Mach. Learn. (ICML 2015)","first-page":"448","article-title":"Batch normalization: Accelerating deep network training by reducing internal covariate shift","author":"Ioffe","year":"2015"},{"key":"ref36","series-title":"Proc. 30th Int. Conf. Neur. Inf. Process. Syst. (NIPS\u201916)","first-page":"901","article-title":"Weight normalization: A simple reparameterization to accelerate training of deep neural networks","author":"Salimans","year":"2016"},{"key":"ref37","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1016\/j.neucom.2015.08.104","article-title":"Auto-encoder based dimensionality reduction","volume":"184","author":"Wang","year":"2016","journal-title":"Neurocomputing"},{"key":"ref38","doi-asserted-by":"crossref","unstructured":"R. Chalapathy and S. Chawla, \u201cDeep learning for anomaly detection: A survey,\u201d 2019, arXiv:1901.03407.","DOI":"10.1145\/3394486.3406704"},{"key":"ref39","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","article-title":"A survey of network anomaly detection techniques","volume":"60","author":"Ahmed","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref40","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2133360.2133363","article-title":"Isolation-based anomaly detection","volume":"6","author":"Liu","year":"2012","journal-title":"ACM Trans. Knowl. Dis. Data"},{"key":"ref41","doi-asserted-by":"crossref","first-page":"5623","DOI":"10.1002\/cpe.3590","article-title":"Entropy-based denial-of-service attack detection in cloud data center","volume":"27","author":"Cao","year":"2015","journal-title":"Concurr. Comput.: Pract. Exp."},{"key":"ref42","doi-asserted-by":"crossref","first-page":"412","DOI":"10.1109\/TPDS.2010.97","article-title":"Traceback of DDoS attacks using entropy variations","volume":"22","author":"Yu","year":"2010","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref43","series-title":"Proc. 2015 Int. Carnahan Conf. Secur. Technol. (ICCST)","first-page":"293","article-title":"Scalable command and control detection in log data through UF-ICF analysis","author":"Hong","year":"2015"},{"key":"ref44","unstructured":"Virustotal, \u201cAnalyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community,\u201d 2022. Accessed: Jun. 23, 2022. [Online]. Available: https:\/\/www.virustotal.com\/"},{"key":"ref45","unstructured":"VirusShare, \u201cA repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code,\u201d 2022. Accessed: Jun. 23, 2022. [Online]. Available: https:\/\/virusshare.com\/"},{"key":"ref46","unstructured":"KISA, \u201cKorea internet & security agency,\u201d 2021. Accessed: May 15, 2021. [Online]. Available: https:\/\/www.kisa.or.kr\/"},{"key":"ref47","unstructured":"Anyrun, \u201cInteractive malware hunting service,\u201d 2023. Accessed: Mar. 15, 2023. [Online]. Available: https:\/\/any.run\/"},{"key":"ref48","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10462-023-10662-6","article-title":"Autoencoders and their applications in machine learning: A survey","volume":"57","author":"Berahmand","year":"2024","journal-title":"Artif. Intell. Rev."},{"key":"ref49","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1371\/journal.pone.0300757","article-title":"On characterization of entropy measure using logarithmic regression model for Copper (II) Fluoride","volume":"19","author":"Siddiqui","year":"2024","journal-title":"PLoS One"},{"key":"ref50","doi-asserted-by":"crossref","first-page":"924","DOI":"10.1140\/epjp\/s13360-023-04547-4","article-title":"On analysis of entropy measure via logarithmic regression model for 2D-honeycomb networks","volume":"138","author":"Feng","year":"2023","journal-title":"Eur. Phys. J. Plus."}],"container-title":["Computers, Materials &amp; Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.techscience.com\/files\/cmc\/2024\/TSP_CMC-81-2\/TSP_CMC_57234\/TSP_CMC_57234.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,7]],"date-time":"2025-03-07T04:22:35Z","timestamp":1741321355000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v81n2\/58674"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":50,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024]]},"published-print":{"date-parts":[[2024]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2024.057234","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"2024-08-12","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-10-25","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-18","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}