{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T19:06:48Z","timestamp":1775243208341,"version":"3.50.1"},"reference-count":80,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2022,10,21]],"date-time":"2022-10-21T00:00:00Z","timestamp":1666310400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>Ransomware is a malicious class of software that utilises encryption to implement an attack on system availability. The target\u2019s data remains encrypted and is held captive by the attacker until a ransom demand is met. A common approach used by many crypto-ransomware detection techniques is to monitor file system activity and attempt to identify encrypted files being written to disk, often using a file\u2019s entropy as an indicator of encryption. However, often in the description of these techniques, little or no discussion is made as to why a particular entropy calculation technique is selected or any justification given as to why one technique is selected over the alternatives. The Shannon method of entropy calculation is the most commonly-used technique when it comes to file encryption identification in crypto-ransomware detection techniques. Overall, correctly encrypted data should be indistinguishable from random data, so apart from the standard mathematical entropy calculations such as Chi-Square (\u03c72), Shannon Entropy and Serial Correlation, the test suites used to validate the output from pseudo-random number generators would also be suited to perform this analysis. The hypothesis being that there is a fundamental difference between different entropy methods and that the best methods may be used to better detect ransomware encrypted files. The paper compares the accuracy of 53 distinct tests in being able to differentiate between encrypted data and other file types. The testing is broken down into two phases, the first phase is used to identify potential candidate tests, and a second phase where these candidates are thoroughly evaluated. To ensure that the tests were sufficiently robust, the NapierOne dataset is used. This dataset contains thousands of examples of the most commonly used file types, as well as examples of files that have been encrypted by crypto-ransomware. During the second phase of testing, 11 candidate entropy calculation techniques were tested against more than 270,000 individual files\u2014resulting in nearly three million separate calculations. The overall accuracy of each of the individual test\u2019s ability to differentiate between files encrypted using crypto-ransomware and other file types is then evaluated and each test is compared using this metric in an attempt to identify the entropy method most suited for encrypted file identification. An investigation was also undertaken to determine if a hybrid approach, where the results of multiple tests are combined, to discover if an improvement in accuracy could be achieved.<\/jats:p>","DOI":"10.3390\/e24101503","type":"journal-article","created":{"date-parts":[[2022,10,24]],"date-time":"2022-10-24T02:31:03Z","timestamp":1666578663000},"page":"1503","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification"],"prefix":"10.3390","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9377-4539","authenticated-orcid":false,"given":"Simon R.","family":"Davies","sequence":"first","affiliation":[{"name":"Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5325-2872","authenticated-orcid":false,"given":"Richard","family":"Macfarlane","sequence":"additional","affiliation":[{"name":"Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0809-3523","authenticated-orcid":false,"given":"William J.","family":"Buchanan","sequence":"additional","affiliation":[{"name":"Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,10,21]]},"reference":[{"key":"ref_1","unstructured":"Sophos (2021). The State of Ransomware in Education 2021, Sophos. Technical Report April."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Johns, E. (2020). Cyber Security Breaches Survey 2020, Department for Digital, Culture, Media and Sport. Technical Report 4.","DOI":"10.1016\/S1361-3723(20)30037-3"},{"key":"ref_3","unstructured":"Institute for Security and Technology (2021). Combating Ransomware Technical Report, Intel Security Group."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Gen\u00e7, Z.A., Lenzini, G., and Ryan, P.Y. (2018, January 28\u201330). Next Generation Cryptographic Ransomware. Proceedings of the Nordic Conference on Secure IT Systems, Oslo, Norway.","DOI":"10.1007\/978-3-030-03638-6_24"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Gen\u00e7, Z.A., Lenzini, G., and Ryan, P.Y.A. (2019, January 27). NoCry: No More Secure Encryption Keys for Cryptographic Ransomware. Proceedings of the International Workshop on Emerging Technologies for Authorization and Authentication, Luxembourg.","DOI":"10.1007\/978-3-030-39749-4_5"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Kharraz, A., and Kirda, E. (2017, January 18\u201320). Redemption: Real-Time Protection Against Ransomware at End-Hosts. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses, Atlanta, GA, USA.","DOI":"10.1007\/978-3-319-66332-6_5"},{"key":"ref_7","first-page":"181","article-title":"The Inadequacy of Entropy-Based Ransomware Detection","volume":"Volume 1","author":"McIntosh","year":"2019","journal-title":"Proceedings of the International Conference on Neural Information Processing"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Pont, J., Abu Oun, O., Brierley, C., Arief, B., and Hernandez-Castro, J. (2019, January 12\u201315). A Roadmap for Improving the Impact of Anti-ransomware Research. Proceedings of the International Conference on Neural Information Processing, Sydney, Australia.","DOI":"10.1007\/978-3-030-35055-0_9"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., and Van Steen, M. (2012, January 20\u201323). Prudent practices for designing malware experiments: Status quo and outlook. Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP.2012.14"},{"key":"ref_10","unstructured":"Davies, S.R., Macfarlane, R., and Buchanan, W.J. (2022, October 19). NapierOne. Available online: https:\/\/www.napierone.com."},{"key":"ref_11","first-page":"301330","article-title":"NapierOne: A modern mixed file data set alternative to Govdocs1","volume":"40","author":"Davies","year":"2022","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., and Egele, M. (2017, January 2\u20136). PayBreak: Defense against cryptographic ransomware. Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates.","DOI":"10.1145\/3052973.3053035"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"110205","DOI":"10.1109\/ACCESS.2019.2931136","article-title":"Machine Learning Based File Entropy Analysis for Ransomware Detection in Backup Systems","volume":"7","author":"Lee","year":"2019","journal-title":"IEEE Access"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., and Butler, K.R. (2016, January 27\u201330). CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Proceedings of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), Nara, Japan.","DOI":"10.1109\/ICDCS.2016.46"},{"key":"ref_15","unstructured":"Singh, A., Ikuesan, A., and Venter, H. (March, January 28). A context-aware trigger mechanism for ransomware forensics. Proceedings of the 14th International Conference on Cyber Warfare and Security, ICCWS 2019, Stellenbosch, South Africa."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","article-title":"A Mathematical Theory of Communication","volume":"27","author":"Shannon","year":"1948","journal-title":"Bell Syst. Technol."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Kim, H.E., Yoo, D., Kang, J.S., and Yeom, Y. (2017, January 13\u201314). Dynamic ransomware protection using deterministic random bit generator. Proceedings of the 2017 IEEE Conference on Applications, Information and Network Security, AINS 2017, Miri, Malaysia.","DOI":"10.1109\/AINS.2017.8270426"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"2916","DOI":"10.1109\/TIFS.2019.2911156","article-title":"HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets","volume":"14","author":"Casino","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_19","unstructured":"Cleary, G. (2018). Digital Evidence Detection Using Bytewise Approximate Matching Gabrielle Cleary RD5 Report Edinburgh Napier University School of Computing, Edinburgh Napier University. Technical Report January."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., and Maggi, F. (2016, January 5\u20138). ShieldFS: A self-healing, ransomware-aware file system. Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, CA, USA.","DOI":"10.1145\/2991079.2991110"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"20379","DOI":"10.1007\/s00521-022-07586-7","article-title":"Reliable detection of compressed and encrypted data","volume":"34","author":"Hitaj","year":"2022","journal-title":"Neural Comput. Appl."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Frei, S., Schatzmann, D., Plattner, B., and Trammell, B. (2010). Modeling the Security Ecosystem\u2014The Dynamics of (In)Security. Econ. Inf. Secur. Priv., 79\u2013106.","DOI":"10.1007\/978-1-4419-6967-5_6"},{"key":"ref_23","first-page":"381","article-title":"New results concerning the power of NIST randomness tests","volume":"18","author":"Georgescu","year":"2017","journal-title":"Proc. Rom. Acad. Ser. A-Math. Phys. Tech. Sci. Inf. Sci."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Grance, T., Kent, K., and Kim, B. (2004). Computer Security Incident Handling Guide.","DOI":"10.6028\/NIST.SP.800-61"},{"key":"ref_25","unstructured":"Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., and Kirda, E. (2016, January 10\u201312). UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Proceedings of the Usenix 25th USENIX Security Symposium, Austin, TX, USA."},{"key":"ref_26","first-page":"114","article-title":"RWGuard: A Real-Time Detection System Against Cryptographic Ransomware","volume":"Volume 1","author":"Mehnaz","year":"2018","journal-title":"International Symposium on Research in Attacks, Intrusions, and Defenses"},{"key":"ref_27","unstructured":"Rev, S.P., and Proposal, D. (2022). NIST SP 800-22 and GM \/ T 0005-2012 Tests: Clearly Obsolete, Possibly Harmful A Systemic Problem: Security Is Not Considered, IACR Cryptol. ePrint Arch.. Technical Report, Pdshield."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Silva, J.A., L\u00f3pez, L.I.B., Caraguay, \u00c1.L.V., and Hern\u00e1ndez-\u00e1lvarez, M. (2019). A survey on situational awareness of ransomware attacks-detection and prevention parameters. Remote. Sens., 11.","DOI":"10.3390\/rs11101168"},{"key":"ref_29","unstructured":"William, E., Donna, F., Elaine, M., Ray, A., William, T., and Emad, A. (2017). NIST Special Publication 800-63-2 Electronic Authentication Guideline, Technical Report."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Mbol, F., Robert, J.M., and Sadighian, A. (2016, January 14\u201316). An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems. Proceedings of the 15th International Conference, CANS 2016, Milan, Italy.","DOI":"10.1007\/978-3-319-48965-0_32"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"603","DOI":"10.1007\/s11042-019-08088-w","article-title":"An empirical approach towards characterization of encrypted and unencrypted VoIP traffic","volume":"79","author":"Choudhury","year":"2019","journal-title":"Multimed. Tools Appl."},{"key":"ref_32","unstructured":"Hahn, D., Apthorpe, N., and Feamster, N. (2018). Detecting Compressed Cleartext Traffic from Consumer Internet of Things Devices. ArXiv."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1007\/978-3-319-70290-2_12","article-title":"Data aware defense (DaD): Towards a generic and practical ransomware countermeasure","volume":"10674","author":"Palisse","year":"2017","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_34","unstructured":"Ryan, H. (2014). Evaluating File Format Endangerment Levels and Factors. [Ph.D. Thesis, University of North Carolina]."},{"key":"ref_35","unstructured":"Wang, R., Shoshitaishvili, Y., Kruegel, C., and Vigna, G. (2013, January 14\u201316). Steal this movie\u2014Automatically bypassing DRM protection in streaming media services. Proceedings of the 22nd USENIX Security Symposium, Berkeley, CA, USA."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"21","DOI":"10.23919\/SAIEE.2014.8531919","article-title":"Forensic entropy analysis of microsoft windows storage volumes","volume":"105","author":"Weston","year":"2014","journal-title":"SAIEE Afr. Res. J."},{"key":"ref_37","unstructured":"NIST (2022, October 19). Cryptographic Module Validation Program|CSRC, Available online: https:\/\/csrc.nist.gov\/projects\/cryptographic-module-validation-program."},{"key":"ref_38","unstructured":"(2022, October 19). GM\/T 0005-2012; SCA. Randomness Test Specification. Cryptography Industry Standard of the P.R. China. Available online: https:\/\/www.chinesestandard.net\/."},{"key":"ref_39","unstructured":"Zheng, W. (2022, October 19). GM\/T 0005-2012: PDF in English. Available online: https:\/\/www.chinesestandard.net\/PDF.aspx\/GMT0005-2012."},{"key":"ref_40","unstructured":"U.S. Department of Commerce (2019). Federal Information Processing Standards Publication 140-3, Technical Report."},{"key":"ref_41","unstructured":"Brown, R.G. (2006). Die Harder, Duke University Physics Department. Technical Report."},{"key":"ref_42","unstructured":"(2022, May 05). Cedar101. Dieharder Tests. Available online: https:\/\/en.wikipedia.org\/wiki\/Diehard_tests."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"\u00c1lvarez, R., Mart\u00ednez, F., and Zamora, A. (2022). Improving the Statistical Qualities of Pseudo Random Number Generators. Symmetry, 14.","DOI":"10.3390\/sym14020269"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1268776.1268777","article-title":"TestU01: A C library for empirical testing of random number generators","volume":"33","author":"Simard","year":"2007","journal-title":"ACM Trans. Math. Softw."},{"key":"ref_45","unstructured":"Rukhin, A., Soto, J., and Nechvatal, J. (2010). A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications."},{"key":"ref_46","unstructured":"NIST (2022, October 19). Proposal to Revise SP 800-22 Rev. 1a | CSRC, Available online: https:\/\/csrc.nist.gov\/News\/2022\/proposal-to-revise-sp-800-22-rev-1a."},{"key":"ref_47","unstructured":"Marsaglia, G. (2022, October 19). DIEHARD Statistical Tests. Available online: https:\/\/web.archive.org\/web\/20160125103112\/http:\/stat.fsu.edu\/pub\/diehard."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"272","DOI":"10.1007\/978-3-319-12060-7_18","article-title":"Faster randomness testing with the NIST statistical test suite","volume":"8804","year":"2014","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_49","unstructured":"Tompson, J. (2022, April 25). hGitHub-jeffTompson\/DiehardCDROM: A Re-Creation of the Original Diehard Random Number CD-ROM. Available online: https:\/\/github.com\/jeffThompson\/DiehardCDROM."},{"key":"ref_50","unstructured":"Doty-Humphrey, C. (2022, May 03). PractRand. Available online: http:\/\/pracrand.sourceforge.net\/."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1134\/S096554252001008X","article-title":"A Practical Approach to Testing Random Number Generators in Computer Algebra Systems","volume":"60","author":"Gevorkyan","year":"2020","journal-title":"Comput. Math. Math. Phys."},{"key":"ref_52","unstructured":"O\u2019Neill, M. (2022, March 12). PCG, A Family of Better Random Number Generators | PCG, A Better Random Number Generator. Available online: https:\/\/www.pcg-random.org\/index.html."},{"key":"ref_53","unstructured":"Rosetta (2022, October 12). Entropy. Available online: http:\/\/rosettacode.org\/wiki\/Entropy."},{"key":"ref_54","unstructured":"VandenBrink, R. (2022, October 12). Using File Entropy to Identify \u201cRansomwared\u201d Files. Available online: https:\/\/isc.sans.edu\/forums\/diary\/Using+File+Entropy+to+Identify+Ransomwared+Files\/21351\/."},{"key":"ref_55","unstructured":"Hall, G.A. (2022, October 12). Sliding Window Measurement for File Type Identification. Available online: https:\/\/www.researchgate.net\/publication\/237601448_Sliding_Window_Measurement_for_File_Type_Identification."},{"key":"ref_56","unstructured":"Schneier, B. (1996). Applied Cryptograph, Second Edition: Protocols, Algorithms and Source Code in C, John Wiley & Sons, Inc."},{"key":"ref_57","unstructured":"Walker, J. (2022, October 19). Pseudorandom Number Sequence Test Program. Available online: https:\/\/www.fourmilab.ch\/random\/."},{"key":"ref_58","first-page":"157","article-title":"X. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling","volume":"50","year":"2009","journal-title":"J. Sci."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Pont, J., and Hernandez-Castro, J. (2020, January 16\u201318). Why Current Statistical Approaches to Ransomware Detection Fail. Proceedings of the International Conference on Information Security, 23rd Information Security Conference, Bali, Indonesia.","DOI":"10.1007\/978-3-030-62974-8_12"},{"key":"ref_60","unstructured":"Mol, M. (2022, October 19). Monte Carlo Methods-Rosetta Code. Available online: http:\/\/rosettacode.org\/wiki\/Monte_Carlo_methods."},{"key":"ref_61","unstructured":"Knuth, D.E. (1997). The Art of Computer Programming. Volume 2, Seminumerical Algorithms, Addison Wesley. [3rd ed.]."},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Ting, K.M. (2017). Confusion Matrix. Encyclopedia of Machine Learning and Data Mining, Springer.","DOI":"10.1007\/978-1-4899-7687-1_50"},{"key":"ref_63","doi-asserted-by":"crossref","first-page":"102388","DOI":"10.1016\/j.cose.2021.102388","article-title":"Avaddon ransomware: An in-depth analysis and decryption of infected systems","volume":"109","author":"Yuste","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_64","unstructured":"Arntz, P. (2022, October 19). Threat Spotlight: CrySIS, aka Dharma Ransomware, Causing a Crisis for Businesses | Malwarebytes Labs. Available online: https:\/\/www.malwarebytes.com\/blog\/news\/2019\/05\/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses."},{"key":"ref_65","unstructured":"Hanel, A. (2022, October 19). What Is Ryuk Ransomware? The Complete Breakdown. Available online: https:\/\/www.crowdstrike.com\/blog\/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware\/."},{"key":"ref_66","first-page":"1","article-title":"Analysis of encryption schemes in modern ransomware","volume":"25","author":"Ploszek","year":"2021","journal-title":"Rad Hrvat. Akad. Znan. Umjet. Mat. Znan."},{"key":"ref_67","unstructured":"Walter, J. (2022, October 19). HelloKitty Ransomware Lacks Stealth, However, Still Strikes Home-SentinelLabs. Available online: https:\/\/www.sentinelone.com\/labs\/hellokitty-ransomware-lacks-stealth-but-still-strikes-home\/."},{"key":"ref_68","unstructured":"Walter, J. (2022, October 19). NetWalker Ransomware: No Respite, No English Required-SentinelLabs. Available online: https:\/\/www.sentinelone.com\/labs\/netwalker-ransomware-no-respite-no-english-required\/."},{"key":"ref_69","unstructured":"Stood, K., and Hurley, S. (2022, October 19). NotPetya Ransomware Attack [Technical Analysis]. Available online: https:\/\/www.crowdstrike.com\/blog\/petrwrap-ransomware-technical-analysis-triple-threat-file-encryption-mft-encryption-credential-theft."},{"key":"ref_70","unstructured":"Mundo, A. (2022, October 19). GandCrab Ransomware Puts the Pinch on Victims | McAfee Blog. Available online: https:\/\/www.hstoday.us\/subject-matter-areas\/cybersecurity\/gandcrab-ransomware-puts-the-pinch-on-victims\/."},{"key":"ref_71","unstructured":"(2022, October 19). Threat Actor Profile\u2013\u201cBlackMatter\u201d Ransomware. Available online: https:\/\/www.avertium.com\/blog\/blackmatter-threat-actor-profile."},{"key":"ref_72","unstructured":"Mundo, A. (2022, October 19). Ransomware Maze | McAfee Blog. Available online: https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/ransomware-maze\/."},{"key":"ref_73","unstructured":"Weizman, I., and Pirozzi, A. (2022, October 19). Conti Unpacked | Understanding Ransomware Development As a Response to Detection-SentinelLabs. Available online: https:\/\/assets.sentinelone.com\/sentinellabs\/conti-ransomware-unpacked."},{"key":"ref_74","doi-asserted-by":"crossref","unstructured":"Lee, J., and Lee, K. (2022). A Method for Neutralizing Entropy Measurement-Based Ransomware Detection Technologies Using Encoding Algorithms. Entropy, 24.","DOI":"10.3390\/e24020239"},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"12077","DOI":"10.1007\/s00521-022-07096-6","article-title":"Evading behavioral classifiers: A comprehensive analysis on evading ransomware detection techniques","volume":"34","author":"Hitaj","year":"2022","journal-title":"Neural Comput. Appl."},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"299","DOI":"10.1007\/s11416-021-00384-0","article-title":"Signature-less ransomware detection and mitigation","volume":"17","author":"Joshi","year":"2021","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"423","DOI":"10.1007\/s11390-021-0263-x","article-title":"Byte Frequency Based Indicators for Crypto-Ransomware Detection from Empirical Analysis","volume":"37","author":"Kim","year":"2022","journal-title":"J. Comput. Sci. Technol."},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Jiao, J., Zhao, H., and Liu, Y. (2021, January 13\u201315). Analysis and Detection of Android Ransomware for Custom Encryption. Proceedings of the 2021 IEEE 4th International Conference on Computer and Communication Engineering Technology, CCET 2021, Beijing, China.","DOI":"10.1109\/CCET52649.2021.9544366"},{"key":"ref_79","unstructured":"(2022, October 19). AyBeeEll. Birthday Problem-Wikipedia. Available online: https:\/\/en.wikipedia.org\/wiki\/Birthday_problem."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1111\/j.1467-9639.1981.tb00416.x","article-title":"The Birthday Problem","volume":"3","author":"Naylor","year":"1981","journal-title":"Teach. Stat."}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/24\/10\/1503\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:00:35Z","timestamp":1760144435000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/24\/10\/1503"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,21]]},"references-count":80,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2022,10]]}},"alternative-id":["e24101503"],"URL":"https:\/\/doi.org\/10.3390\/e24101503","relation":{},"ISSN":["1099-4300"],"issn-type":[{"value":"1099-4300","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10,21]]}}}