{"id":"https://openalex.org/W7128473072","doi":"https://doi.org/10.1007/s10207-026-01212-6","title":"SPECTRE: a hybrid and adaptive cyber threats detection and response in volatile memory","display_name":"SPECTRE: a hybrid and adaptive cyber threats detection and response in volatile memory","publication_year":2026,"publication_date":"2026-02-11","ids":{"openalex":"https://openalex.org/W7128473072","doi":"https://doi.org/10.1007/s10207-026-01212-6"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-026-01212-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01212-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01212-6.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01212-6.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113281593","display_name":"Abdul Momin Syed","orcid":null},"institutions":[{"id":"https://openalex.org/I112048516","display_name":"BG Group (United Kingdom)","ror":"https://ror.org/01g312x22","country_code":"GB","type":"company","lineage":["https://openalex.org/I112048516"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Arslan Tariq Syed","raw_affiliation_strings":["BGC Group, London, UK"],"affiliations":[{"raw_affiliation_string":"BGC Group, London, UK","institution_ids":["https://openalex.org/I112048516"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101549630","display_name":"Mohamed Chahine Ghanem","orcid":"https://orcid.org/0000-0002-7067-7848"},"institutions":[{"id":"https://openalex.org/I146655781","display_name":"University of Liverpool","ror":"https://ror.org/04xs57h96","country_code":"GB","type":"education","lineage":["https://openalex.org/I146655781"]},{"id":"https://openalex.org/I56007636","display_name":"Keele University","ror":"https://ror.org/00340yn33","country_code":"GB","type":"education","lineage":["https://openalex.org/I56007636"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Mohamed Chahine Ghanem","raw_affiliation_strings":["Cybersecurity Institute, University of Liverpool, Liverpool, UK","School of Computer Sciences and Mathematics, Keele University, Newcastle, UK"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Institute, University of Liverpool, Liverpool, UK","institution_ids":["https://openalex.org/I146655781"]},{"raw_affiliation_string":"School of Computer Sciences and Mathematics, Keele University, Newcastle, UK","institution_ids":["https://openalex.org/I56007636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091070496","display_name":"Elhadj Benkhalifa","orcid":null},"institutions":[{"id":"https://openalex.org/I198012923","display_name":"University of Staffordshire","ror":"https://ror.org/00d6k8y35","country_code":"GB","type":"education","lineage":["https://openalex.org/I198012923"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Elhadj Benkhalifa","raw_affiliation_strings":["Smart Systems, AI and Cybersecurity Research Centre, University of Staffordshire, Stafford, UK"],"affiliations":[{"raw_affiliation_string":"Smart Systems, AI and Cybersecurity Research Centre, University of Staffordshire, Stafford, UK","institution_ids":["https://openalex.org/I198012923"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5125537862","display_name":"Fauzia Abro Idrees","orcid":null},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Fauzia Abro Idrees","raw_affiliation_strings":["Department of Information Security, Royal Holloway University of London, Egham, UK"],"affiliations":[{"raw_affiliation_string":"Department of Information Security, Royal Holloway University of London, Egham, UK","institution_ids":["https://openalex.org/I184558857"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5101549630"],"corresponding_institution_ids":["https://openalex.org/I146655781","https://openalex.org/I56007636"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.72836725,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"25","issue":"2","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.8892999887466431,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.8892999887466431,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.016599999740719795,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.013399999588727951,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.5432000160217285},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.48980000615119934},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.476500004529953},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4426000118255615},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.42489999532699585},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.4196000099182129},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.37389999628067017},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3644999861717224},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.34619998931884766},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.33309999108314514}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8378000259399414},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6335999965667725},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.5432000160217285},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.48980000615119934},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.476500004529953},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4426000118255615},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.42489999532699585},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.4196000099182129},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.37389999628067017},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3644999861717224},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.34619998931884766},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.33309999108314514},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3305000066757202},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.3287999927997589},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.3246999979019165},{"id":"https://openalex.org/C2781357168","wikidata":"https://www.wikidata.org/wiki/Q5276084","display_name":"Digital evidence","level":3,"score":0.31929999589920044},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.2896000146865845},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.28540000319480896},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.2847000062465668},{"id":"https://openalex.org/C556601545","wikidata":"https://www.wikidata.org/wiki/Q878553","display_name":"Computer forensics","level":3,"score":0.28349998593330383},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.28299999237060547},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.28049999475479126},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.2802000045776367},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.2768999934196472},{"id":"https://openalex.org/C138101251","wikidata":"https://www.wikidata.org/wiki/Q213092","display_name":"Thread (computing)","level":2,"score":0.272599995136261},{"id":"https://openalex.org/C147494362","wikidata":"https://www.wikidata.org/wiki/Q2078905","display_name":"Troubleshooting","level":2,"score":0.2596000134944916},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2563000023365021},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.2549999952316284},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.2540000081062317},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.25200000405311584},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.25049999356269836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-026-01212-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01212-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01212-6.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-026-01212-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01212-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01212-6.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7128473072.pdf"},"referenced_works_count":26,"referenced_works":["https://openalex.org/W2579276500","https://openalex.org/W2982241386","https://openalex.org/W3015040203","https://openalex.org/W3139597027","https://openalex.org/W3169281546","https://openalex.org/W4210783895","https://openalex.org/W4226507652","https://openalex.org/W4231362234","https://openalex.org/W4286005470","https://openalex.org/W4288050716","https://openalex.org/W4293414950","https://openalex.org/W4377101894","https://openalex.org/W4379534564","https://openalex.org/W4381054309","https://openalex.org/W4387001715","https://openalex.org/W4388676551","https://openalex.org/W4388722750","https://openalex.org/W4390323023","https://openalex.org/W4391333914","https://openalex.org/W4399855877","https://openalex.org/W4400235483","https://openalex.org/W4400817539","https://openalex.org/W4401943274","https://openalex.org/W4406563968","https://openalex.org/W4407786363","https://openalex.org/W4409882847"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"The":[1,123],"increasing":[2],"sophistication":[3],"of":[4],"modern":[5],"cyber":[6,235],"threats,":[7],"particularly":[8],"file-less":[9],"malware":[10],"relying":[11],"on":[12],"\u201cliving":[13],"off":[14],"the":[15,139],"land\u201d":[16],"techniques,":[17],"poses":[18],"significant":[19],"challenges":[20],"to":[21,33,63,180],"traditional":[22],"detection":[23,125],"mechanisms.":[24],"Memory":[25],"forensics":[26,141],"has":[27],"emerged":[28],"as":[29,75,111],"a":[30,56,219],"critical":[31,128],"approach":[32],"detecting":[34],"such":[35,110],"threats":[36],"by":[37,146],"analysing":[38],"dynamic":[39],"changes":[40],"in":[41,172,232],"system":[42,61],"memory.":[43],"This":[44],"research":[45,231],"introduces":[46],"SPECTRE":[47,79,217],"(Snapshot":[48],"Processing,":[49],"Emulation,":[50],"Comparison,":[51],"and":[52,68,87,95,114,121,134,152,169,176,197,206,214,229],"Threat":[53],"Reporting":[54],"Engine),":[55],"modular":[57],"Cyber":[58],"incident":[59],"response":[60],"designed":[62],"enhance":[64],"threat":[65,144,225],"detection,":[66,137,226],"investigation,":[67],"visualization.":[69],"By":[70],"adopting":[71],"Volatility\u2019s":[72],"JSON":[73],"format":[74],"an":[76],"intermediate":[77],"output,":[78],"ensures":[80],"compatibility":[81],"with":[82,188],"widely":[83],"used":[84],"Digital":[85],"Forensics":[86],"Response":[88],"(DFIR)":[89],"tools,":[90],"minimizing":[91],"manual":[92],"data":[93,162],"transformations":[94],"enabling":[96],"seamless":[97],"integration":[98],"into":[99,163],"established":[100],"workflows.":[101],"Its":[102],"emulation":[103],"capabilities":[104],"safely":[105],"replicate":[106],"realistic":[107],"attack":[108,129],"scenarios,":[109],"credential":[112],"dumping":[113],"malicious":[115,135],"process":[116],"injections,":[117],"for":[118,203,223],"controlled":[119],"experimentation":[120],"validation.":[122],"anomaly":[124],"module":[126,142],"addresses":[127],"vectors,":[130],"including":[131],"RunDLL32":[132],"abuse":[133],"IP":[136,140],"while":[138],"enhances":[143],"intelligence":[145],"integrating":[147],"tools":[148],"like":[149],"Virus":[150],"Total":[151],"geolocation":[153],"APIs.":[154],"SPECTRE\u2019s":[155,186],"advanced":[156],"visualization":[157],"techniques":[158],"transform":[159],"raw":[160],"memory":[161,213],"actionable":[164],"insights,":[165],"aiding":[166],"Red,":[167],"Blue,":[168],"Purple":[170],"teams":[171],"refining":[173],"their":[174],"strategies":[175],"responding":[177],"more":[178],"effectively":[179],"emerging":[181],"threats.":[182,236],"Comprehensive":[183],"evaluation":[184],"demonstrates":[185],"efficiency,":[187],"high":[189],"throughput,":[190],"low-latency":[191],"response,":[192],"robust":[193,221],"accuracy,":[194],"scalable":[195],"performance,":[196],"resource-conscious":[198],"design,":[199],"making":[200],"it":[201],"well-suited":[202],"both":[204],"large-scale":[205],"constrained":[207],"forensic":[208,230],"environments.":[209],"Bridging":[210],"gaps":[211],"between":[212],"network":[215],"forensics,":[216],"offers":[218],"scalable,":[220],"platform":[222],"advancing":[224],"team":[227],"training,":[228],"combating":[233],"sophisticated":[234]},"counts_by_year":[],"updated_date":"2026-02-13T13:36:01.753593","created_date":"2026-02-11T00:00:00"}