{"id":"https://openalex.org/W4392350538","doi":"https://doi.org/10.1007/s10207-024-00819-x","title":"Real-time system call-based ransomware detection","display_name":"Real-time system call-based ransomware detection","publication_year":2024,"publication_date":"2024-03-02","ids":{"openalex":"https://openalex.org/W4392350538","doi":"https://doi.org/10.1007/s10207-024-00819-x"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-024-00819-x","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-024-00819-x","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-024-00819-x.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-024-00819-x.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104251508","display_name":"Christopher Jun Wen Chew","orcid":null},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":true,"raw_author_name":"Christopher Jun Wen Chew","raw_affiliation_strings":["Department of Computer Science, University of Waikato, Hamilton, New Zealand"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Waikato, Hamilton, New Zealand","institution_ids":["https://openalex.org/I52179390"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024729513","display_name":"Vimal Kumar","orcid":"https://orcid.org/0000-0002-4955-3058"},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Vimal Kumar","raw_affiliation_strings":["Department of Computer Science, University of Waikato, Hamilton, New Zealand"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Waikato, Hamilton, New Zealand","institution_ids":["https://openalex.org/I52179390"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056585882","display_name":"Panos Patros","orcid":null},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Panos Patros","raw_affiliation_strings":["Department of Software Engineering, University of Waikato, Hamilton, New Zealand"],"affiliations":[{"raw_affiliation_string":"Department of Software Engineering, University of Waikato, Hamilton, New Zealand","institution_ids":["https://openalex.org/I52179390"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009427975","display_name":"Robi Malik","orcid":"https://orcid.org/0000-0002-6118-8129"},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Robi Malik","raw_affiliation_strings":["Department of Software Engineering, University of Waikato, Hamilton, New Zealand"],"affiliations":[{"raw_affiliation_string":"Department of Software Engineering, University of Waikato, Hamilton, New Zealand","institution_ids":["https://openalex.org/I52179390"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5104251508"],"corresponding_institution_ids":["https://openalex.org/I52179390"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":6.3756,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.973177,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"23","issue":"3","first_page":"1839","last_page":"1858"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9887999892234802,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.915470540523529},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7554464340209961},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.5100281834602356},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4629531502723694},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3500288128852844},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3395138382911682},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.32758280634880066},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.289919376373291}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.915470540523529},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7554464340209961},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.5100281834602356},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4629531502723694},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3500288128852844},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3395138382911682},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.32758280634880066},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.289919376373291}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-024-00819-x","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-024-00819-x","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-024-00819-x.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-024-00819-x","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-024-00819-x","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-024-00819-x.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7699999809265137}],"awards":[],"funders":[{"id":"https://openalex.org/F4320311746","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4392350538.pdf"},"referenced_works_count":47,"referenced_works":["https://openalex.org/W1495745096","https://openalex.org/W1832277845","https://openalex.org/W1971497680","https://openalex.org/W1975966552","https://openalex.org/W1997931601","https://openalex.org/W2057787526","https://openalex.org/W2060537671","https://openalex.org/W2060692877","https://openalex.org/W2070386561","https://openalex.org/W2090061444","https://openalex.org/W2106649514","https://openalex.org/W2116698025","https://openalex.org/W2118372007","https://openalex.org/W2132874238","https://openalex.org/W2140564944","https://openalex.org/W2296579688","https://openalex.org/W2367504390","https://openalex.org/W2577741565","https://openalex.org/W2619422284","https://openalex.org/W2738263528","https://openalex.org/W2774497716","https://openalex.org/W2780577826","https://openalex.org/W2783466036","https://openalex.org/W2784113120","https://openalex.org/W2876466190","https://openalex.org/W2890196927","https://openalex.org/W2900313743","https://openalex.org/W2906631928","https://openalex.org/W2910470804","https://openalex.org/W2911311548","https://openalex.org/W2921764420","https://openalex.org/W2963204406","https://openalex.org/W2964150020","https://openalex.org/W2999461149","https://openalex.org/W3006992647","https://openalex.org/W3083340158","https://openalex.org/W3117368983","https://openalex.org/W3132588576","https://openalex.org/W3183410303","https://openalex.org/W3204960723","https://openalex.org/W4213449907","https://openalex.org/W4224288244","https://openalex.org/W4244726870","https://openalex.org/W4288080275","https://openalex.org/W4297889842","https://openalex.org/W4388107905","https://openalex.org/W4399522541"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W4253977752","https://openalex.org/W3120595989","https://openalex.org/W2964829536","https://openalex.org/W2904586340","https://openalex.org/W2942879794","https://openalex.org/W3202245533"],"abstract_inverted_index":{"Abstract":[0],"Ransomware,":[1],"particularly":[2],"crypto":[3,77,106],"ransomware,":[4,78],"has":[5],"emerged":[6],"as":[7,21,23,128],"the":[8,40,45,57,86],"go-to":[9],"malware":[10,98],"for":[11,55,96,104],"threat":[12],"actors":[13],"aiming":[14],"to":[15,122],"compromise":[16],"data":[17],"on":[18,36,134],"Android":[19,135],"devices":[20],"well":[22],"in":[24,39,109],"general.":[25],"In":[26],"this":[27],"paper,":[28],"we":[29],"present":[30,67],"a":[31,89,131],"ransomware":[32,107],"detection":[33],"technique":[34,126],"based":[35],"behaviours":[37,99,108],"observed":[38],"system":[41,58,71,133],"calls":[42],"performed":[43],"by":[44,76],"malware.":[46,138],"We":[47,63,83],"first":[48],"describe":[49,85],"our":[50,115,124],"repeatable":[51],"and":[52,61,66,79,100],"extensible":[53],"methodology":[54],"extracting":[56],"call":[59,72],"log":[60],"patterns.":[62,82],"then":[64],"identify":[65],"some":[68],"common":[69],"high-level":[70],"behavioural":[73],"patterns":[74],"exhibited":[75],"evaluate":[80],"these":[81],"further":[84],"implementation":[87,91],"of":[88,114,117,130],"streaming":[90],"that":[92],"utilises":[93],"regular":[94],"expressions":[95],"modelling":[97],"finite":[101],"state":[102],"machines":[103],"detecting":[105],"real":[110],"time.":[111],"The":[112],"success":[113],"proof":[116],"concept":[118],"evaluation":[119],"allows":[120],"us":[121],"envision":[123],"proposed":[125],"applied":[127],"part":[129],"self-protection":[132],"phones":[136],"against":[137]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":4}],"updated_date":"2026-02-25T08:12:03.925757","created_date":"2025-10-10T00:00:00"}