{"id":"https://openalex.org/W4405898319","doi":"https://doi.org/10.1016/j.array.2026.100911","title":"GUARD: Graph-based utility for adversarial ransomware detection using structural and behavioural characteristics","display_name":"GUARD: Graph-based utility for adversarial ransomware detection using structural and behavioural characteristics","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4405898319","doi":"https://doi.org/10.1016/j.array.2026.100911"},"language":"en","primary_location":{"id":"doi:10.1016/j.array.2026.100911","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.array.2026.100911","pdf_url":null,"source":{"id":"https://openalex.org/S4210194039","display_name":"Array","issn_l":"2590-0056","issn":["2590-0056"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Array","raw_type":"journal-article"},"type":"preprint","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1016/j.array.2026.100911","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018462739","display_name":"Senthilkumar Mathi","orcid":"https://orcid.org/0000-0002-7134-8448"},"institutions":[{"id":"https://openalex.org/I81556334","display_name":"Amrita Vishwa Vidyapeetham","ror":"https://ror.org/03am10p12","country_code":"IN","type":"education","lineage":["https://openalex.org/I81556334"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Senthilkumar Mathi","raw_affiliation_strings":["Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India"],"raw_orcid":"https://orcid.org/0000-0002-7134-8448","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Gowtham Ramesh","orcid":null},"institutions":[{"id":"https://openalex.org/I81556334","display_name":"Amrita Vishwa Vidyapeetham","ror":"https://ror.org/03am10p12","country_code":"IN","type":"education","lineage":["https://openalex.org/I81556334"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Gowtham Ramesh","raw_affiliation_strings":["Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115704327","display_name":"V Dayanand","orcid":null},"institutions":[{"id":"https://openalex.org/I81556334","display_name":"Amrita Vishwa Vidyapeetham","ror":"https://ror.org/03am10p12","country_code":"IN","type":"education","lineage":["https://openalex.org/I81556334"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Dayanand Vinod","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115704328","display_name":"Abhinav Surendran","orcid":null},"institutions":[{"id":"https://openalex.org/I81556334","display_name":"Amrita Vishwa Vidyapeetham","ror":"https://ror.org/03am10p12","country_code":"IN","type":"education","lineage":["https://openalex.org/I81556334"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Abhinav Surendran","raw_affiliation_strings":["Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049460909","display_name":"Anand R. Nair","orcid":"https://orcid.org/0000-0003-1598-616X"},"institutions":[{"id":"https://openalex.org/I81556334","display_name":"Amrita Vishwa Vidyapeetham","ror":"https://ror.org/03am10p12","country_code":"IN","type":"education","lineage":["https://openalex.org/I81556334"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Anand R. Nair","raw_affiliation_strings":["TIFAC-CORE in Cybersecurity, Amrita Vishwa Vidyapeetham, Coimbatore, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"TIFAC-CORE in Cybersecurity, Amrita Vishwa Vidyapeetham, Coimbatore, India","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Sudhay Senthilkumar","orcid":null},"institutions":[{"id":"https://openalex.org/I81556334","display_name":"Amrita Vishwa Vidyapeetham","ror":"https://ror.org/03am10p12","country_code":"IN","type":"education","lineage":["https://openalex.org/I81556334"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Sudhay Senthilkumar","raw_affiliation_strings":["Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Coimbatore, India","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059077090","display_name":"Salil S. Kanhere","orcid":"https://orcid.org/0000-0002-1835-3475"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Salil Kanhere","raw_affiliation_strings":["Department of Computer Science and Engineering, UNSW Sydney, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, UNSW Sydney, Australia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5018462739"],"corresponding_institution_ids":["https://openalex.org/I81556334"],"apc_list":{"value":1350,"currency":"USD","value_usd":1350},"apc_paid":{"value":1350,"currency":"USD","value_usd":1350},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.25039729,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"30","issue":null,"first_page":"100911","last_page":"100911"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9775999784469604,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9746999740600586,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.8339213728904724},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7920981049537659},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.6511831283569336},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5723093748092651},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5501086711883545},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.448905885219574},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.28137725591659546},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.26317572593688965},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.22078609466552734}],"concepts":[{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.8339213728904724},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7920981049537659},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.6511831283569336},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5723093748092651},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5501086711883545},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.448905885219574},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.28137725591659546},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26317572593688965},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.22078609466552734},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1016/j.array.2026.100911","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.array.2026.100911","pdf_url":null,"source":{"id":"https://openalex.org/S4210194039","display_name":"Array","issn_l":"2590-0056","issn":["2590-0056"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Array","raw_type":"journal-article"},{"id":"doi:10.2139/ssrn.5077029","is_oa":true,"landing_page_url":"https://doi.org/10.2139/ssrn.5077029","pdf_url":null,"source":{"id":"https://openalex.org/S4210172589","display_name":"SSRN Electronic Journal","issn_l":"1556-5068","issn":["1556-5068"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1318003438","host_organization_name":"RELX Group (Netherlands)","host_organization_lineage":["https://openalex.org/I1318003438"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"posted-content"}],"best_oa_location":{"id":"doi:10.1016/j.array.2026.100911","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.array.2026.100911","pdf_url":null,"source":{"id":"https://openalex.org/S4210194039","display_name":"Array","issn_l":"2590-0056","issn":["2590-0056"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Array","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1584505081","https://openalex.org/W1892063863","https://openalex.org/W2003568760","https://openalex.org/W2005662348","https://openalex.org/W2513529237","https://openalex.org/W2532962075","https://openalex.org/W2559964890","https://openalex.org/W2784113120","https://openalex.org/W2895892359","https://openalex.org/W2900633536","https://openalex.org/W2915893383","https://openalex.org/W2962700793","https://openalex.org/W2969904462","https://openalex.org/W2982596671","https://openalex.org/W3000953536","https://openalex.org/W3037617129","https://openalex.org/W3083177412","https://openalex.org/W3164425124","https://openalex.org/W3186739895","https://openalex.org/W4205194689","https://openalex.org/W4255756278","https://openalex.org/W4285189699","https://openalex.org/W4394862626","https://openalex.org/W4408357886"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W3202245533","https://openalex.org/W4253977752","https://openalex.org/W2942879794","https://openalex.org/W4243136610","https://openalex.org/W2155665570","https://openalex.org/W4399685216"],"abstract_inverted_index":{"Malware":[0],"has":[1,50,214],"become":[2,51],"a":[3,28,136,232,287],"significant":[4],"hazard":[5],"in":[6,13,58,88,105],"cyberspace,":[7],"especially":[8],"with":[9,111,255,286],"the":[10,19,55,67,74,85,143,171,198,211,228],"exponential":[11],"growth":[12],"Internet":[14],"adoption":[15],"and":[16,36,40,54,122,159,178,192,242,264,278,295,301,306],"dependence.":[17],"Among":[18],"various":[20],"types":[21],"of":[22,32,69,163,201,210,221,227],"malware,":[23],"ransomware":[24,49,71,92,110,128,138,152,176,202,234,261,274],"stands":[25],"out":[26],"as":[27],"particular":[29],"threat,":[30],"capable":[31],"targeting":[33],"both":[34],"individuals":[35],"businesses":[37],"by":[38,84,153],"encrypting":[39],"extorting":[41],"sensitive":[42],"data":[43],"for":[44],"ransom.":[45],"In":[46],"recent":[47,86],"years,":[48],"increasingly":[52],"prevalent,":[53],"encryption":[56],"deployed":[57],"ransomware-infected":[59],"devices":[60],"is":[61,81,93,130],"often":[62],"considered":[63],"practically":[64],"irreversible.":[65],"Despite":[66],"existence":[68],"numerous":[70],"deterrent":[72,98],"systems,":[73],"resulting":[75],"damage":[76],"remains":[77],"substantial.":[78],"This":[79,149,165],"situation":[80],"further":[82],"exacerbated":[83],"surge":[87],"adversarial":[89,183,224,273,296],"attacks,":[90],"where":[91],"engineered":[94],"to":[95,114,174,258],"evade":[96,115],"these":[97,126],"systems.":[99],"There":[100],"are":[101,187],"sophisticated":[102,127],"attack":[103],"kits":[104],"place":[106],"that":[107,291],"can":[108],"generate":[109],"code-level":[112],"variations":[113],"detection.":[116],"Consequently,":[117],"establishing":[118],"effective":[119],"early":[120],"detection":[121,139,235,262,285],"mitigation":[123],"methods":[124],"against":[125,182,223,272],"strains":[129],"imperative.":[131],"The":[132,208],"proposed":[133,212],"research":[134,229],"presents":[135],"novel":[137],"system":[140,150],"based":[141],"on":[142,303],"Attributed":[144],"Control":[145],"Flow":[146],"Graph":[147,190],"(ACFG).":[148],"detects":[151],"extracting":[154],"structural":[155,199,244,252],"features":[156,200,253],"from":[157],"ACFG":[158],"distinctive":[160],"behavioural":[161,238,256,279],"characteristics":[162,257],"ransomware.":[164],"comprehensive":[166],"feature":[167],"set":[168],"significantly":[169,259],"enhances":[170],"system's":[172],"ability":[173],"detect":[175],"samples":[177,186],"increases":[179],"its":[180,205],"resilience":[181,271],"samples.":[184,225],"Adversarial":[185],"generated":[188],"through":[189],"Embedding":[191],"Augmentation":[193],"techniques":[194],"(GEA),":[195],"which":[196],"manipulate":[197],"while":[203],"retaining":[204],"malicious":[206],"behaviour.":[207],"efficacy":[209],"approach":[213],"been":[215],"validated,":[216],"yielding":[217],"impressive":[218],"classification":[219],"accuracy":[220,300],"98.5%":[222],"Highlights":[226],"\u2022":[230,249,268,282],"Proposes":[231],"unified":[233],"framework":[236],"integrating":[237],"traits,":[239],"block-level":[240],"features,":[241],"ACFG-based":[243,251],"properties":[245],"using":[246],"static":[247],"analysis.":[248],"Leverages":[250],"combined":[254],"improve":[260],"capability":[263],"reduce":[265],"false":[266],"positives.":[267],"3.Demonstrates":[269],"strong":[270],"samples,":[275,297],"including":[276],"obfuscation":[277],"evasion":[280],"techniques.":[281],"Advances":[283],"malware":[284],"unified,":[288],"efficient":[289],"model":[290],"handles":[292],"benign,":[293],"malicious,":[294],"achieves":[298],"98.56%":[299],"robustness":[302],"real-world":[304],"binaries,":[305],"offers":[307],"lower":[308],"computational":[309],"complexity.":[310]},"counts_by_year":[],"updated_date":"2026-06-19T17:40:00.097472","created_date":"2025-10-10T00:00:00"}