{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T17:10:47Z","timestamp":1774717847391,"version":"3.50.1"},"reference-count":92,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T00:00:00Z","timestamp":1752796800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"This research was funded by the Deanship of Scientific Research, Najran University, Najran, Saudi Arabia (No. NU\/MID\/17\/098).","award":["No. NU\/MID\/17\/098"],"award-info":[{"award-number":["No. NU\/MID\/17\/098"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Ransomware, a significant cybersecurity threat, encrypts files and causes substantial damage, making early detection crucial yet challenging. This paper introduces a novel multi-phase framework for early ransomware detection, designed to enhance accuracy and minimize false positives. The framework addresses the limitations of existing methods by integrating operational data with situational and threat intelligence, enabling it to dynamically adapt to the evolving ransomware landscape. Key innovations include (1) data augmentation using a Bi-Gradual Minimax Generative Adversarial Network (BGM-GAN) to generate synthetic ransomware attack patterns, addressing data insufficiency; (2) Incremental Mutual Information Selection (IMIS) for dynamically selecting relevant features, adapting to evolving ransomware behaviors and reducing computational overhead; and (3) a Deep Belief Network (DBN) detection architecture, trained on the augmented data and optimized with Uncertainty-Aware Dynamic Early Stopping (UA-DES) to prevent overfitting. The model demonstrates a 4% improvement in detection accuracy (from 90% to 94%) through synthetic data generation and reduces false positives from 15.4% to 14%. The IMIS technique further increases accuracy to 96% while reducing false positives. The UA-DES optimization boosts accuracy to 98.6% and lowers false positives to 10%. Overall, this framework effectively addresses the challenges posed by evolving ransomware, significantly enhancing detection accuracy and reliability.<\/jats:p>","DOI":"10.3390\/fi17070311","type":"journal-article","created":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T10:10:38Z","timestamp":1752833438000},"page":"311","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A Deep Learning Framework for Enhanced Detection of Polymorphic Ransomware"],"prefix":"10.3390","volume":"17","author":[{"given":"Mazen","family":"Gazzan","sequence":"first","affiliation":[{"name":"Department of Information Systems, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia"}]},{"given":"Bader","family":"Alobaywi","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA"},{"name":"College of Computer Science and Engineering, University of Hafr Al Batin, Hafar Al Batin 39923, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-5791-6074","authenticated-orcid":false,"given":"Mohammed","family":"Almutairi","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA"},{"name":"College of Computer Science and Engineering, University of Hafr Al Batin, Hafar Al Batin 39923, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1241-2750","authenticated-orcid":false,"given":"Frederick T.","family":"Sheldon","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA"}]}],"member":"1968","published-online":{"date-parts":[[2025,7,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1016\/j.iotcps.2023.12.001","article-title":"Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges","volume":"4","author":"Benmalek","year":"2024","journal-title":"Internet Things Cyber-Phys. Syst."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"110138","DOI":"10.1016\/j.comnet.2023.110138","article-title":"Ransomware early detection: A survey","volume":"239","author":"Cen","year":"2024","journal-title":"Comput. Netw."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"107143","DOI":"10.1016\/j.compeleceng.2021.107143","article-title":"A comprehensive survey of tools and techniques mitigating computer and mobile malware attacks","volume":"92","author":"Roseline","year":"2021","journal-title":"Comput. Electr. Eng."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"3886","DOI":"10.1109\/TIFS.2020.3003571","article-title":"Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection","volume":"15","author":"Li","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions","volume":"74","author":"Maarof","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"103703","DOI":"10.1016\/j.cose.2024.103703","article-title":"XRan: Explainable deep learning-based ransomware detection using dynamic analysis","volume":"139","author":"Gulmez","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3514229","article-title":"A survey on ransomware: Evolution, taxonomy, and defense solutions","volume":"54","author":"Oz","year":"2022","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"102490","DOI":"10.1016\/j.cose.2021.102490","article-title":"Ransomware: Recent advances, analysis, challenges and future research directions","volume":"111","author":"Beaman","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Urooj, U., Al-rimy, B.A.S., Zainal, A., Ghaleb, F.A., and Rassam, M.A. (2022). Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions. Appl. Sci., 12.","DOI":"10.3390\/app12010172"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Gazzan, M., and Sheldon, F.T. (2023). Opportunities for early detection and prediction of ransomware attacks against industrial control systems. Future Internet, 15.","DOI":"10.3390\/fi15040144"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Alqahtani, A., Gazzan, M., and Sheldon, F.T. (2020, January 6\u20138). A proposed crypto-ransomware early detection (CRED) model using an integrated deep learning and vector space model approach. Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC47524.2020.9031182"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Urooj, U., Maarof, M.A.B., and Al-rimy, B.A.S. (2021, January 29\u201331). A proposed adaptive pre-encryption crypto-ransomware early detection model. Proceedings of the 2021 3rd International Cyber Resilience Conference (CRC), Langkawi Island, Malaysia.","DOI":"10.1109\/CRC50527.2021.9392548"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"641","DOI":"10.1016\/j.future.2020.10.002","article-title":"Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection","volume":"115","author":"Maarof","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Alqahtani, A., and Sheldon, F.T. (2022). A survey of crypto ransomware attack detection methodologies: An evolving outlook. Sensors, 22.","DOI":"10.3390\/s22051837"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.future.2019.06.005","article-title":"Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection","volume":"101","author":"Maarof","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"3910","DOI":"10.1109\/ACCESS.2023.3348451","article-title":"Addressing Behavioral Drift in Ransomware Early Detection Through Weighted Generative Adversarial Networks","volume":"12","author":"Urooj","year":"2023","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Alabdulwahab, S., Kim, Y.-T., Seo, A., and Son, Y. (2023). Generating Synthetic Dataset for ML-Based IDS Using CTGAN and Feature Selection to Protect Smart IoT Environments. Appl. Sci., 13.","DOI":"10.3390\/app131910951"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Lall, S., Ray, S., and Bandyopadhyay, S. (2021). Generating Realistic Cell Samples for Gene Selection in scRNA-seq Data: A Novel Generative Framework. bioRxiv.","DOI":"10.1101\/2021.04.29.441920"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1109\/OJIA.2020.3034608","article-title":"Deep Learning for Hardware-Based Real-Time Fault Detection and Localization of All Electric Ship MVDC Power System","volume":"1","author":"Liu","year":"2020","journal-title":"IEEE Open J. Ind. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1111\/coin.12564","article-title":"Current Status, Application, and Challenges of the Interpretability of Generative Adversarial Network Models","volume":"39","author":"Wang","year":"2022","journal-title":"Comput. Intell."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Alalhareth, M., and Hong, S.-C. (2023). An Adaptive Intrusion Detection System in the Internet of Medical Things Using Fuzzy-Based Learning. Sensors, 23.","DOI":"10.3390\/s23229247"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"3706","DOI":"10.1109\/JIOT.2022.3143375","article-title":"IoMT-enabled real-time blood glucose prediction with deep learning and edge computing","volume":"10","author":"Zhu","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"459","DOI":"10.1002\/sec.993","article-title":"Design and implementation of a malware detection system based on network behavior","volume":"8","author":"Xue","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_24","unstructured":"Robinson, M. (2013;, January 16\u201317). The SCADA threat landscape. Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), Leicester, UK."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Hansen, S.S., Larsen, T.M.T., Stevanovic, M., and Pedersen, J.M. (2016, January 15\u201318). An approach for detection and family classification of malware based on behavioral analysis. Proceedings of the 2016 International Conference on Computing, Networking and Communications (ICNC), Kauai, HI, USA.","DOI":"10.1109\/ICCNC.2016.7440587"},{"key":"ref_26","unstructured":"Milo\u0161evi\u0107, N. (2013). History of malware. arXiv."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s11416-015-0244-0","article-title":"Behavior-based features model for malware detection","volume":"12","author":"Galal","year":"2016","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"2561","DOI":"10.1002\/sec.1186","article-title":"Mathematical modeling of the propagation of malware: A review","volume":"8","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_29","first-page":"2946735","article-title":"The effective ransomware prevention technique using process monitoring on android platform","volume":"2016","author":"Song","year":"2016","journal-title":"Mob. Inf. Syst."},{"key":"ref_30","unstructured":"Albert, E., and Lanese, I. (2016). Ransomware Steals Your Phone. Formal Methods Rescue It. Formal Techniques for Distributed Objects, Components, and Systems: 36th IFIP WG 6.1 International Conference, FORTE 2016, Held as Part of the 11th International Federated Conference on Distributed Computing Techniques, DisCoTec 2016, Heraklion, Crete, Greece, 6\u20139 June 2016 Proceedings, Springer International Publishing."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Yang, T., Yang, Y., Qian, K., Lo, D.C.-T., Qian, Y., and Tao, L. (2015, January 24\u201326). Automated Detection and Analysis for Android Ransomware. Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, New York, NY, USA.","DOI":"10.1109\/HPCC-CSS-ICESS.2015.39"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Andronio, N., Zanero, S., and Maggi, F. (2015, January 2\u20134). HELDROID: Dissecting and detecting mobile ransomware. Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2015, Kyoto, Japan.","DOI":"10.1007\/978-3-319-26362-5_18"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., and Butler, K.R. (2016, January 27\u201330). CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Proceedings of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), Nara, Japan.","DOI":"10.1109\/ICDCS.2016.46"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., and Kirda, E. (2015, January 9\u201310). Cutting the gordian knot: A look under the hood of ransomware attacks. Proceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2015, Milano, Italy.","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Cabaj, K., Gawkowski, P., Grochowski, K., and Kosik, A. (2016, January 11\u201314). Developing malware evaluation infrastructure. Proceedings of the 2016 Federated Conference on Computer Science and Information Systems (FedCSIS), Gda\u0144sk, Poland.","DOI":"10.15439\/2016F490"},{"key":"ref_36","unstructured":"Symantec (2016). Ransomware and Businesses 2016. In An ISTR Special Report; Symantec Corporation: Tempe, AZ, USA, 2016. An ISTR Special Report, Symantec Corporation."},{"key":"ref_37","unstructured":"O\u2019Gorman, G., and McDonald, G. (2012). Ransomware: A Growing Menace, Symantec Corporation."},{"key":"ref_38","unstructured":"Savage, P.C.K., and Lau, H. (2015). The evolution of ransomware. Security Response, Symantec Corporation."},{"key":"ref_39","unstructured":"Bhardwaj, A., Subrahmanyam, G., Avasthi, V., and Sastry, H. (2015). Ransomware: A Rising Threat of new age Digital Extortion. arXiv."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1007\/s10207-006-0082-7","article-title":"Cryptoviral extortion using Microsoft\u2019s Crypto API","volume":"5","author":"Young","year":"2006","journal-title":"Int. J. Inf. Secur."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Zhou, J., Lopez, J., Deng, R.H., and Bao, F. (2005, January 20\u201323). Building a Cryptovirus Using Microsoft\u2019s Cryptographic API. Proceedings of the Information Security: 8th International Conference, ISC 2005, Singapore.","DOI":"10.1007\/11556992"},{"key":"ref_42","first-page":"149","article-title":"Cryptoviral Extortion: A virus based approach","volume":"4","author":"Kumar","year":"2013","journal-title":"Int. J. Comput. Trends Technol. (IJCTT)"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"2158244021990656","DOI":"10.1177\/2158244021990656","article-title":"Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards","volume":"11","author":"Canham","year":"2021","journal-title":"Sage Open"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Salahdine, F., and Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11.","DOI":"10.3390\/fi11040089"},{"key":"ref_45","first-page":"195","article-title":"Awareness education as the key to ransomware prevention","volume":"16","author":"Luo","year":"2007","journal-title":"Inf. Syst. Secur."},{"key":"ref_46","unstructured":"Zhang-Kennedy, L., Assal, H., Rocheleau, J., Mohamed, R., Baig, K., and Chiasson, S. (2018, January 15\u201317). The aftermath of a crypto-ransomware attack at a large academic institution. Proceedings of the 27th {USENIX} Security Symposium ({USENIX} Security 18), Baltimore, MD, USA."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"de Leon, D.C., Bhandari, V.A., Jillepalli, A., and Sheldon, F.T. (2016, January 6\u20139). Using a knowledge-based security orchestration tool to reduce the risk of browser compromise. Proceedings of the 2016 IEEE Symposium Series on Computational Intelligence (SSCI), Athens, Greece.","DOI":"10.1109\/SSCI.2016.7849910"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"101666","DOI":"10.1016\/j.cose.2019.101666","article-title":"SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations","volume":"89","author":"Upadhyay","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"102753","DOI":"10.1016\/j.jnca.2020.102753","article-title":"A system call refinement-based enhanced Minimum Redundancy Maximum Relevance method for ransomware early detection","volume":"167","author":"Ahmed","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/j.ijcip.2009.10.001","article-title":"An experimental investigation of malware attacks on SCADA systems","volume":"2","author":"Fovino","year":"2009","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"101994","DOI":"10.1016\/j.cose.2020.101994","article-title":"Detection of Stealthy False Data Injection Attacks in Smart Grid using Ensemble-based Machine Learning","volume":"97","author":"Ashrafuzzaman","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.icte.2017.12.007","article-title":"Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems","volume":"4","author":"Zimba","year":"2018","journal-title":"ICT Express"},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Al-rimy, B.A.S., Maarof, M.A., and Shaid, S.Z.M. (2017, January 23\u201324). A 0-day aware crypto-ransomware early behavioral detection framework. Proceedings of the International Conference of Reliable Information and Communication Technology, Johor, Malaysia.","DOI":"10.1007\/978-3-319-59427-9_78"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Van Nhuong, N., Nhi, V.T.Y., Cam, N.T., Phu, M.X., and Tan, C.D. (2015, January 14\u201317). SSSM-semantic set and string matching based malware detection. Proceedings of the 7th IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2014, a Noi, Vietnam.","DOI":"10.1109\/CISDA.2014.7035642"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Poonia, A.S., and Singh, S. (2014, January 27\u201329). Malware detection by token counting. Proceedings of the 2014 International Conference on Contemporary Computing and Informatics, IC3I 2014, Mysore, India.","DOI":"10.1109\/IC3I.2014.7019691"},{"key":"ref_56","unstructured":"Kumar, C.U.O., Kishore, S., and Geetha, A. (2014, January 27\u201329). Debugging using MD5 process firewall. Proceedings of the 2014 International Conference on Contemporary Computing and Informatics, IC3I 2014, Mysore, India."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Prelipcean, D.B., Popescu, A.S., and Gavrilut, D.T. (2015, January 21\u201324). Improving Malware Detection Response Time with Behavior-Based Statistical Analysis Techniques. Proceedings of the 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2015, Timisoara, Romania.","DOI":"10.1109\/SYNASC.2015.44"},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1016\/S1353-4858(08)70010-2","article-title":"The changing face of malware","volume":"2008","author":"Bridges","year":"2008","journal-title":"Netw. Secur."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Pluskal, O. (2015). Behavioural malware detection using efficient SVM implementation. Research in Adaptive and Convergent Systems, RACS 2015, Association for Computing Machinery, Inc.","DOI":"10.1145\/2811411.2811516"},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Jillepalli, A.A., Sheldon, F.T., de Leon, D.C., Haney, M., and Abercrombie, R.K. Security management of cyber physical control systems using NIST SP 800-82r2. Proceedings of the 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), Valencia, Spain.","DOI":"10.1109\/IWCMC.2017.7986568"},{"key":"ref_61","first-page":"11","article-title":"Ransomware and the Legacy Crypto API","volume":"Volume 10158","author":"Legay","year":"2017","journal-title":"Risks and Security of Internet and Systems, Proceedings of the 11th International Conference, CRiSIS 2016, Roscoff, France, 5\u20137 September 2016, Revised Selected Papers"},{"key":"ref_62","unstructured":"Christensen, J.B., and Beuschau, N. (2017). Ransomware Detection and Mitigation Tool. [Master\u2019s Thesis, Technical University of Denmark]."},{"key":"ref_63","doi-asserted-by":"crossref","unstructured":"Chen, Z.-G., Kang, H.-S., Yin, S.-N., and Kim, S.-R. (2017, January 6\u201310). Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph. Proceedings of the International Conference on Research in Adaptive and Convergent Systems, Krakow, Poland.","DOI":"10.1145\/3129676.3129704"},{"key":"ref_64","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., and Lupu, E.C. (2016). Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. arXiv."},{"key":"ref_65","unstructured":"Ioanid, A., Scarlat, C., and Militaru, G. (2017, January 21\u201322). The Effect of Cybercrime on Romanian SMEs in the Context of Wannacry Ransomware Attacks. Proceedings of the 12th European Conference on Innovation and Entrepreneurship ECIE 2017, Paris, France."},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"Pandey, S.K., and Mehtre, B.M. (2015, January 8\u201310). Performance of malware detection tools: A comparison. Proceedings of the 2014 IEEE International Conference on Advanced Communication, Control and Computing Technologies, ICACCCT 2014, Online.","DOI":"10.1109\/ICACCCT.2014.7019422"},{"key":"ref_67","doi-asserted-by":"crossref","first-page":"900","DOI":"10.1109\/ACCESS.2021.3128024","article-title":"Dual Generative Adversarial Networks Based Unknown Encryption Ransomware Attack Detection","volume":"10","author":"Zhang","year":"2022","journal-title":"IEEE Access"},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"102622","DOI":"10.1016\/j.cose.2022.102622","article-title":"EfficientNet convolutional neural networks-based Android malware detection","volume":"115","author":"Yadav","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"6017","DOI":"10.1007\/s00500-019-04589-w","article-title":"DroidDeep: Using Deep Belief Network to characterize and detect android malware","volume":"24","author":"Su","year":"2020","journal-title":"Soft Comput."},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Gazzan, M., and Sheldon, F.T. (2024). Novel Ransomware Detection Exploiting Uncertainty and Calibration Quality Measures Using Deep Learning. Information, 15.","DOI":"10.3390\/info15050262"},{"key":"ref_71","doi-asserted-by":"crossref","first-page":"116089","DOI":"10.1016\/j.eswa.2021.116089","article-title":"Maximum correlation based mutual information scheme for intrusion detection in the data networks","volume":"189","author":"Gavel","year":"2022","journal-title":"Expert Syst. Appl."},{"key":"ref_72","doi-asserted-by":"crossref","unstructured":"Gazzan, M., and Sheldon, F.T. (2024). An Incremental Mutual Information-Selection Technique for Early Ransomware Detection. Information, 15.","DOI":"10.3390\/info15040194"},{"key":"ref_73","doi-asserted-by":"crossref","first-page":"110","DOI":"10.37934\/araset.39.2.110131","article-title":"Early Detection of Windows Cryptographic Ransomware Based on Pre-Attack API Calls Features and Machine Learning","volume":"39","author":"Zakaria","year":"2024","journal-title":"J. Adv. Res. Appl. Sci. Eng. Technol."},{"key":"ref_74","doi-asserted-by":"crossref","unstructured":"Alqahtani, A., and Sheldon, F.T. (2024). e MIFS: A Normalized Hyperbolic Ransomware Deterrence Model Yielding Greater Accuracy and Overall Performance. Sensors, 24.","DOI":"10.3390\/s24061728"},{"key":"ref_75","doi-asserted-by":"crossref","unstructured":"Bold, R., Al-Khateeb, H., and Ersotelos, N. (2022). Reducing False Negatives in Ransomware Detection: A Critical Evaluation of Machine Learning Algorithms. Appl. Sci., 12.","DOI":"10.3390\/app122412941"},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"1646","DOI":"10.1109\/COMST.2020.2988293","article-title":"A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security","volume":"22","author":"Mohamed","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_77","first-page":"1","article-title":"Deep Learning for Android Malware Defenses: A Systematic Literature Review","volume":"55","author":"Liu","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"ref_78","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/OJVT.2022.3219898","article-title":"Data-Driven Malware Detection for 6G Networks: A Survey From the Perspective of Continuous Learning and Explainability via Visualisation","volume":"4","author":"Uysal","year":"2023","journal-title":"IEEE Open J. Veh. Technol."},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"2251010","DOI":"10.1142\/S0218001422510107","article-title":"Crow Search With Adaptive Awareness Probability-Based Deep Belief Network for Detecting Ransomware","volume":"36","author":"Shemitha","year":"2022","journal-title":"Int. J. Pattern Recognit. Artif. Intell."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"101574","DOI":"10.1109\/ACCESS.2021.3097247","article-title":"Deep Learning-Based Intrusion Detection Systems: A Systematic Review","volume":"9","author":"Lansky","year":"2021","journal-title":"IEEE Access"},{"key":"ref_81","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1109\/TETC.2022.3184112","article-title":"Strategic Honeypot Deployment in Ultra-Dense Beyond 5G Networks: A Reinforcement Learning Approach","volume":"12","author":"Sarigiannidis","year":"2024","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Banaamah, A.M., and Ahmad, I. (2022). Intrusion Detection in IoT Using Deep Learning. Sensors, 21.","DOI":"10.3390\/s22218417"},{"key":"ref_83","unstructured":"Cao, F. (2025, July 10). Intrusion Anomaly Detection Based on Pseudo-Count Exploration. Available online: https:\/\/www.researchgate.net\/publication\/372378041_Intrusion_Anomaly_Detection_Based_on_Pseudo-Count_Exploration."},{"key":"ref_84","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Janicke, H., and Smith, R. (2019, January 9\u201312). Deep Learning Techniques for Cyber Security Intrusion Detection: A Detailed Analysis. Proceedings of the 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Athens, Greece.","DOI":"10.14236\/ewic\/icscsr19.16"},{"key":"ref_85","doi-asserted-by":"crossref","first-page":"52588","DOI":"10.1109\/ACCESS.2020.2981072","article-title":"Basic Enhancement Strategies When Using Bayesian Optimization for Hyperparameter Tuning of Deep Neural Networks","volume":"8","author":"Cho","year":"2020","journal-title":"IEEE Access"},{"key":"ref_86","doi-asserted-by":"crossref","first-page":"624","DOI":"10.1109\/LRA.2022.3229236","article-title":"Adaptively Calibrated Critic Estimates for Deep Reinforcement Learning","volume":"8","author":"Dorka","year":"2023","journal-title":"IEEE Robot. Autom. Lett."},{"key":"ref_87","doi-asserted-by":"crossref","first-page":"609","DOI":"10.1007\/s13389-024-00361-5","article-title":"Regularizers to the Rescue: Fighting Overfitting in DeepLearning-based Side-Channel Analysis","volume":"14","author":"Rezaeezade","year":"2022","journal-title":"J. Cryptogr. Eng."},{"key":"ref_88","first-page":"609","article-title":"Exploiting All Samples in Low-Resource Sentence Classification: Early Stopping and Initialization Parameters","volume":"14","author":"Choi","year":"2021","journal-title":"J. Cryptogr. Eng."},{"key":"ref_89","unstructured":"Wang, H., Li, T.H., Zhang, Z., Chen, T., Liang, H., and Sun, J. (2021). Early Stopping for Deep Image Prior. arXiv."},{"key":"ref_90","doi-asserted-by":"crossref","first-page":"100709","DOI":"10.1016\/j.iot.2023.100709","article-title":"An optimized CNN-based intrusion detection system for reducing risks in smart farming","volume":"22","author":"Darwish","year":"2023","journal-title":"Internet Things"},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"1285","DOI":"10.1007\/s00779-021-01578-5","article-title":"WILS-TRS\u2014A novel optimized deep learning based intrusion detection framework for IoT networks","volume":"27","author":"Jothi","year":"2023","journal-title":"Pers. Ubiquitous Comput."},{"key":"ref_92","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1007\/s10207-022-00631-5","article-title":"A novel approach for detection of APT malware using multi-dimensional hybrid Bayesian belief network","volume":"22","author":"Sharma","year":"2023","journal-title":"Int. J. Inf. Secur."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/7\/311\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:11:45Z","timestamp":1760033505000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/7\/311"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,18]]},"references-count":92,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["fi17070311"],"URL":"https:\/\/doi.org\/10.3390\/fi17070311","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,18]]}}}