{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T14:24:43Z","timestamp":1761402283554,"version":"build-2065373602"},"reference-count":44,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2023,4,28]],"date-time":"2023-04-28T00:00:00Z","timestamp":1682640000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Ransomware is a type of malware that employs encryption to target user files, rendering them inaccessible without a decryption key. To combat ransomware, researchers have developed early detection models that seek to identify threats before encryption takes place, often by monitoring the initial calls to cryptographic APIs. However, because encryption is a standard computational activity involved in processes, such as packing, unpacking, and polymorphism, the presence of cryptographic APIs does not necessarily indicate an imminent ransomware attack. Hence, relying solely on cryptographic APIs is insufficient for accurately determining a ransomware pre-encryption boundary. To this end, this paper is devoted to addressing this issue by proposing a Temporal Data Correlation method that associates cryptographic APIs with the I\/O Request Packets (IRPs) based on the timestamp for pre-encryption boundary delineation. The process extracts the various features from the pre-encryption dataset for use in early detection model training. Several machine and deep learning classifiers are used to evaluate the accuracy of the proposed solution. Preliminary results show that this newly proposed approach can achieve higher detection accuracy compared to those reported elsewhere.<\/jats:p>","DOI":"10.3390\/s23094355","type":"journal-article","created":{"date-parts":[[2023,4,28]],"date-time":"2023-04-28T04:36:15Z","timestamp":1682656575000},"page":"4355","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation"],"prefix":"10.3390","volume":"23","author":[{"given":"Abdullah","family":"Alqahtani","sequence":"first","affiliation":[{"name":"College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia"},{"name":"Department of Computer Science, University of Idaho, Moscow, ID 83844, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1241-2750","authenticated-orcid":false,"given":"Frederick T.","family":"Sheldon","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Moscow, ID 83844, USA"}]}],"member":"1968","published-online":{"date-parts":[[2023,4,28]]},"reference":[{"key":"ref_1","first-page":"2236","article-title":"Automated analysis approach for the detection of high survivable ransomware","volume":"14","author":"Ahmed","year":"2020","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Alghofaili, Y., Albattah, A., Alrajeh, N., Rassam, M.A., and Al-Rimy, B.A.S. (2021). Secure Cloud Infrastructure: A Survey on Issues, Current Solutions, and Open Challenges. Appl. Sci., 11.","DOI":"10.3390\/app11199005"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"5542919","DOI":"10.1155\/2021\/5542919","article-title":"An adaptive protection of flooding attacks model for complex network environments","volume":"2021","author":"Khalaf","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Hussain, S., Mustafa, M.W., Al-Shqeerat, K.H.A., Saeed, F., and Al-Rimy, B.A.S. (2021). A Novel Feature-Engineered\u2013NGBoost Machine-Learning Framework for Fraud Detection in Electric Power Consumption Data. Sensors, 21.","DOI":"10.3390\/s21248423"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"2143001","DOI":"10.1142\/S2424922X21430014","article-title":"A Review of Anomaly Intrusion Detection Systems in IoT using Deep Learning Techniques","volume":"13","author":"Alsoufi","year":"2021","journal-title":"Adv. Data Sci. Adapt. Anal."},{"key":"ref_6","unstructured":"Kean, C., Ghaleb, B., Mcclelland, B., Ahmad, J., Wadhaj, I., and Thomson, C. (2022). Proceedings of the 2nd International Conference on Emerging Technologies and Intelligent Systems, Springer."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Olaimat, M.N., Maarof, M.A., and Al-rimy, B.A.S. (2021, January 29\u201331). Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions. Proceedings of the 2021 3rd International Cyber Resilience Conference (CRC), Online.","DOI":"10.1109\/CRC50527.2021.9392529"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"140586","DOI":"10.1109\/ACCESS.2020.3012674","article-title":"A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction","volume":"8","author":"Maarof","year":"2020","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions","volume":"74","author":"Maarof","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Urooj, U., Al-rimy, B.A.S., Zainal, A., Ghaleb, F.A., and Rassam, M.A. (2022). Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions. Appl. Sci., 12.","DOI":"10.3390\/app12010172"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.future.2019.06.005","article-title":"Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection","volume":"101","author":"Maarof","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_12","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., and Lupu, E.C. (2016). Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1109\/TETC.2017.2756908","article-title":"Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence","volume":"8","author":"Homayoun","year":"2017","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"ref_14","first-page":"82","article-title":"Zero-day aware decision fusion-based model for crypto-ransomware early detection","volume":"10","author":"Maarof","year":"2018","journal-title":"Int. J. Integr. Eng."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Ahmed, Y.A., Huda, S., Al-Rimy, B.A.S., Alharbi, N., Saeed, F., Ghaleb, F.A., and Ali, I.M. (2022). A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT. Sustainability, 14.","DOI":"10.3390\/su14031231"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Urooj, U., Maarof, M.A.B., and Al-rimy, B.A.S. (2021, January 29\u201331). A proposed Adaptive Pre-Encryption Crypto-Ransomware Early Detection Model. Proceedings of the 2021 3rd International Cyber Resilience Conference (CRC), Langkawi Island, Malaysia.","DOI":"10.1109\/CRC50527.2021.9392548"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Alqahtani, A., Gazzan, M., and Sheldon, F.T. (2020, January 6\u20138). A proposed Crypto-Ransomware Early Detection (CRED) Model using an Integrated Deep Learning and Vector Space Model Approach. Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC47524.2020.9031182"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1016\/j.future.2022.09.022","article-title":"SCTD: A spatiotemporal correlation truth discovery scheme for security management of data platform","volume":"139","author":"Mo","year":"2023","journal-title":"Futur. Gener. Comput. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1007\/s10773-022-05009-w","article-title":"Verifiable multi-dimensional (t, n) threshold quantum secret sharing based on quantum walk","volume":"61","author":"Wang","year":"2022","journal-title":"Int. J. Theor. Phys."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Kirda, E. (2017, January 20\u201324). UNVEIL: A large-scale automated approach to detecting ransomware (keynote). Proceedings of the 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), Klagenfurt, Austria.","DOI":"10.1109\/SANER.2017.7884603"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","article-title":"R-locker: Thwarting ransomware action through a honey file-based approach","volume":"73","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_22","first-page":"2946735","article-title":"The effective ransomware prevention technique using process monitoring on Android platform","volume":"2016","author":"Song","year":"2016","journal-title":"Mobile Inf. Syst."},{"key":"ref_23","unstructured":"Mbol, F., Robert, J.-M., and Sadighian, A. (2016). International Conference on Cryptology and Network Security, Proceedings of the 15th International Conference, CANS 2016, Milan, Italy, 14\u201316 November 2016, Springer."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.jnca.2018.09.013","article-title":"Ransomware early detection by the analysis of file sharing traffic","volume":"124","author":"Morato","year":"2018","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., and Butler, K.R.B. (2016, January 27\u201330). CryptoLock (and drop It): Stopping ransomware attacks on user data. Proceedings of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), Nara, Japan.","DOI":"10.1109\/ICDCS.2016.46"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Moussaileb, R., Bouget, B., Palisse, A., Le Bouder, H., Cuppens, N., and Lanet, J.L. (2018, January 27\u201330). Ransomware\u2019s early mitigation mechanisms. Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany.","DOI":"10.1145\/3230833.3234691"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Chen, Z.-G., Kang, H.-S., Yin, S.-N., and Kim, S.-R. (2017, January 20\u201323). Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph. Proceedings of the International Conference on Research in Adaptive and Convergent Systems, New York, NY, USA.","DOI":"10.1145\/3129676.3129704"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1016\/j.eswa.2018.02.039","article-title":"Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory","volume":"102","author":"Cohen","year":"2018","journal-title":"Expert Syst. Appl."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Ahmadian, M.M., and Shahriari, H.R. (2016, January 7\u20138). 2entFOX: A framework for high survivable ransomwares detection. Proceedings of the 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), Tehran, Iran.","DOI":"10.1109\/ISCISC.2016.7736455"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"578","DOI":"10.1016\/j.cose.2018.05.010","article-title":"Early-stage malware prediction using recurrent neural networks","volume":"77","author":"Rhode","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1007\/978-3-030-00470-5_6","article-title":"RWGuard: A real-time detection system against cryptographic ransomware","volume":"Volume 11050","author":"Mehnaz","year":"2018","journal-title":"Research in Attacks Intrusions and Defense"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Cusack, G., Michel, O., and Keller, E. (2018, January 21). Machine learning-based detection of ransomware using SDN. Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Tempe, AZ, USA.","DOI":"10.1145\/3180465.3180467"},{"key":"ref_33","first-page":"201","article-title":"Network activity analysis of cryptowall ransomware","volume":"91","author":"KCabaj","year":"2015","journal-title":"Prz. Elektrotech."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1016\/j.compeleceng.2017.10.012","article-title":"Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics","volume":"66","author":"Cabaj","year":"2018","journal-title":"Comput. Electr. Eng."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Le Guernic, C., and Legay, A. (2016, January 5\u20137). Ransomware and the Legacy Crypto API. Proceedings of the Risks and Security of Internet and Systems: 11th International Conference, CRiSIS 2016, Roscoff, France.","DOI":"10.1007\/978-3-319-54876-0_2"},{"key":"ref_36","unstructured":"Christensen, J.B., and Beuschau, N. (2017). Ransomware Detection and Mitigation Tool. [Master\u2019s Thesis, Technical University of Denmark]."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"102753","DOI":"10.1016\/j.jnca.2020.102753","article-title":"A system call refinement-based enhanced Minimum Redundancy Maximum Relevance method for ransomware early detection","volume":"167","author":"Ahmed","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_38","unstructured":"Ioanid, A., Scarlat, C., and Militaru, G. (2017, January 21\u201322). The Effect of Cybercrime on Romanian SMEs in the Context of Wannacry Ransomware Attacks. Proceedings of the 12th European Conference on Innovation and Entrepreneurship ECIE, Paris, France."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Pandey, S.K., and Mehtre, B.M. (2014, January 8\u201310). Performance of malware detection tools: A comparison. Proceedings of the 2014 IEEE International Conference on Advanced Communication, Control and Computing Technologies, ICACCCT 2014, Ramanathapuram, India.","DOI":"10.1109\/ICACCCT.2014.7019422"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"641","DOI":"10.1016\/j.future.2020.10.002","article-title":"Redundancy Coefficient Gradual Up-weighting-based Mutual Information Feature Selection technique for Crypto-ransomware early detection","volume":"115","author":"Maarof","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Popli, N.K., and Girdhar, A. (2019). Behavioural Analysis of Recent Ransomwares and Prediction of Future Attacks by Polymorphic and Metamorphic Ransomware, Springer.","DOI":"10.1007\/978-981-13-1135-2_6"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Gen\u00e7, Z.A., Lenzini, G., and Ryan, P. (2018, January 15\u201316). Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware. Proceedings of the Central European Cybersecurity Conference, Ljubljana, Slovenia.","DOI":"10.1145\/3277570.3277577"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Maniath, S., Ashok, A., Poornachandran, P., Sujadevi, V., Prem Sankar, A.U., and Jan, S. (2017, January 26\u201327). Deep learning LSTM based ransomware detection. Proceedings of the 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE), Noida, India.","DOI":"10.1109\/RDCAPE.2017.8358312"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., and van Steen, M. (2012, January 20\u201323). Prudent practices for designing malware experiments: Status quo and outlook. Proceedings of the 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP.2012.14"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/9\/4355\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:25:24Z","timestamp":1760124324000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/9\/4355"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,28]]},"references-count":44,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2023,5]]}},"alternative-id":["s23094355"],"URL":"https:\/\/doi.org\/10.3390\/s23094355","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2023,4,28]]}}}