{"id":"https://openalex.org/W7152300029","doi":"https://doi.org/10.1016/j.cose.2026.104922","title":"Bending the curve: Operational cyber epidemiology for ransomware","display_name":"Bending the curve: Operational cyber epidemiology for ransomware","publication_year":2026,"publication_date":"2026-04-08","ids":{"openalex":"https://openalex.org/W7152300029","doi":"https://doi.org/10.1016/j.cose.2026.104922"},"language":"en","primary_location":{"id":"doi:10.1016/j.cose.2026.104922","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.cose.2026.104922","pdf_url":null,"source":{"id":"https://openalex.org/S12529635","display_name":"Computers & Security","issn_l":"0167-4048","issn":["0167-4048","1872-6208"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers &amp; Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.cose.2026.104922","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133161241","display_name":"Stephen V Flowerday","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Stephen V Flowerday","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0002-4591-3802","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079354128","display_name":"Nikolay Lipskiy","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nikolay Lipskiy","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133210810","display_name":"Steven Furnell","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Steven Furnell","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0003-0984-7542","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087816620","display_name":"Callum E. Flowerday","orcid":"https://orcid.org/0000-0003-4172-3910"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Callum E Flowerday","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0003-4172-3910","affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5116830881","display_name":"John Hale","orcid":"https://orcid.org/0000-0002-5956-8093"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"John Hale","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5133161241"],"corresponding_institution_ids":[],"apc_list":{"value":3190,"currency":"USD","value_usd":3190},"apc_paid":{"value":3190,"currency":"USD","value_usd":3190},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.7273622,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"167","issue":null,"first_page":"104922","last_page":"104922"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.5030999779701233,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.5030999779701233,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.21649999916553497,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.02630000002682209,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.8593000173568726},{"id":"https://openalex.org/keywords/bending","display_name":"Bending","score":0.4442000091075897},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.42480000853538513},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.36809998750686646},{"id":"https://openalex.org/keywords/cyber-physical-system","display_name":"Cyber-physical system","score":0.29109999537467957}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.8593000173568726},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6258999705314636},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5874999761581421},{"id":"https://openalex.org/C87210426","wikidata":"https://www.wikidata.org/wiki/Q1072476","display_name":"Bending","level":2,"score":0.4442000091075897},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.42480000853538513},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.36809998750686646},{"id":"https://openalex.org/C179768478","wikidata":"https://www.wikidata.org/wiki/Q1120057","display_name":"Cyber-physical system","level":2,"score":0.29109999537467957},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.27090001106262207},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.259799987077713},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.2305999994277954}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1016/j.cose.2026.104922","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.cose.2026.104922","pdf_url":null,"source":{"id":"https://openalex.org/S12529635","display_name":"Computers & Security","issn_l":"0167-4048","issn":["0167-4048","1872-6208"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers &amp; Security","raw_type":"journal-article"},{"id":"pmh:oai:nottingham-repository.worktribe.com:62735442","is_oa":true,"landing_page_url":"https://nottingham-repository.worktribe.com/output/62735442","pdf_url":null,"source":{"id":"https://openalex.org/S4306402483","display_name":"Repository@Nottingham (University of Nottingham)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I142263535","host_organization_name":"University of Nottingham","host_organization_lineage":["https://openalex.org/I142263535"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"publishedVersion"}],"best_oa_location":{"id":"doi:10.1016/j.cose.2026.104922","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.cose.2026.104922","pdf_url":null,"source":{"id":"https://openalex.org/S12529635","display_name":"Computers & Security","issn_l":"0167-4048","issn":["0167-4048","1872-6208"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers &amp; Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6827883124351501,"id":"https://metadata.un.org/sdg/3","display_name":"Good health and well-being"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2038195874","https://openalex.org/W2041572706","https://openalex.org/W2073627497","https://openalex.org/W2090554969","https://openalex.org/W2112680994","https://openalex.org/W2119956503","https://openalex.org/W2161728228","https://openalex.org/W2739789502","https://openalex.org/W2977319455","https://openalex.org/W3006642361","https://openalex.org/W3011048843","https://openalex.org/W3044517943","https://openalex.org/W4376648608","https://openalex.org/W4377821709","https://openalex.org/W4382173761","https://openalex.org/W4385978306","https://openalex.org/W4390673835","https://openalex.org/W4392164051","https://openalex.org/W4396952100","https://openalex.org/W4412538662"],"related_works":[],"abstract_inverted_index":{"Ransomware":[0],"is":[1,238],"often":[2,67],"treated":[3],"as":[4,153],"a":[5,19,77,222,239],"detection":[6,176],"problem.":[7],"Yet":[8],"the":[9,12,48,57,69,109,126,145],"incidents":[10,184],"with":[11,35,178],"greatest":[13],"operational":[14,42,70,241],"impact":[15],"unfold":[16],"like":[17],"outbreaks:":[18],"single":[20],"foothold":[21,78],"propagates":[22],"through":[23],"identities,":[24],"administrative":[25],"tools,":[26],"and":[27,65,102,108,117,133,147,163,188,206,220],"shared":[28,240],"services":[29],"while":[30],"responders":[31],"make":[32],"time-critical":[33],"decisions":[34,201,249],"limited":[36],"visibility.":[37],"This":[38],"paper":[39],"proposes":[40],"an":[41],"cyber":[43,58],"epidemiology":[44],"framework":[45,127],"that":[46,227,243],"adapts":[47],"Susceptible\u2013Exposed\u2013Infectious\u2013Removed":[49],"(SEIR)":[50,168],"model":[51],"to":[52,139,173,230,247],"ransomware":[53,130],"incident":[54],"management.":[55],"In":[56],"SEIR":[59],"ontology,":[60],"Exposed":[61],"represents":[62],"latent":[63],"compromise":[64],"staging,":[66],"overlapping":[68],"notion":[71],"of":[72,136],"dwell":[73],"time,":[74],"in":[75,95],"which":[76],"exists":[79],"but":[80],"has":[81],"not":[82],"yet":[83],"produced":[84],"confirmed":[85],"secondary":[86],"compromise,":[87],"whereas":[88],"Infectious":[89],"denotes":[90],"active":[91],"lateral":[92],"propagation.":[93],"Grounded":[94],"ISO":[96],"5477:2023":[97],"public":[98],"health":[99],"emergency":[100],"preparedness":[101],"response":[103],"(PH-EPR)":[104],"information":[105],"management":[106],"guidance":[107],"United":[110],"Nations":[111],"Office":[112],"for":[113,158,190],"Disaster":[114],"Risk":[115],"Reduction":[116],"International":[118],"Science":[119],"Council":[120],"(UNDRR-ISC)":[121],"2025":[122],"Hazard":[123],"Information":[124,137],"Profiles,":[125],"defines":[128],"interoperable":[129],"case":[131],"definitions":[132],"Essential":[134],"Elements":[135],"(EEIs)":[138],"support":[140],"cross-incident":[141],"comparison.":[142],"We":[143,209],"treat":[144],"basic":[146],"effective":[148],"reproduction":[149],"numbers":[150],"(R0,":[151],"Re)":[152],"directional,":[154],"near-real-time":[155],"decision":[156],"aids":[157],"security":[159],"operations":[160],"centers":[161],"(SOCs)":[162],"explicitly":[164],"separate":[165],"propagation":[166],"state":[167],"from":[169],"observation":[170],"status":[171],"(detected/undetected)":[172],"avoid":[174],"conflating":[175],"capability":[177],"spread":[179],"dynamics.":[180],"Using":[181],"publicly":[182],"reported":[183],"(WannaCry,":[185],"NotPetya,":[186],"SolarWinds,":[187],"MGM/Caesars)":[189],"illustration,":[191],"we":[192],"show":[193],"how":[194],"outbreak-style":[195],"measurements":[196],"translate":[197],"telemetry":[198,246],"into":[199],"earlier":[200],"about":[202],"isolation,":[203],"credential":[204],"containment,":[205],"restoration":[207],"sequencing.":[208],"also":[210],"derive":[211],"simple":[212],"protection":[213],"threshold":[214],"heuristics":[215],"(targeting":[216],"Re":[217],"<":[218],"1)":[219],"provide":[221],"tool":[223],"agnostic":[224],"playbook":[225],"card":[226],"links":[228],"EEIs":[229],"explicit":[231],"action":[232],"triggers.":[233],"The":[234],"framework\u2019s":[235],"primary":[236],"contribution":[237],"language":[242],"connects":[244],"technical":[245],"containment":[248],"under":[250],"resource":[251],"constraints.":[252]},"counts_by_year":[],"updated_date":"2026-04-29T09:16:38.111599","created_date":"2026-04-09T00:00:00"}