{"id":"https://openalex.org/W4387415286","doi":"https://doi.org/10.1109/access.2023.3322427","title":"Similarity Analysis of Ransomware Attacks Based on ATT&CK Matrix","display_name":"Similarity Analysis of Ransomware Attacks Based on ATT&CK Matrix","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4387415286","doi":"https://doi.org/10.1109/access.2023.3322427"},"language":"en","primary_location":{"id":"doi:10.1109/access.2023.3322427","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3322427","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10273710.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10273710.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040100338","display_name":"Zheyu Song","orcid":null},"institutions":[{"id":"https://openalex.org/I55654194","display_name":"Inner Mongolia University of Technology","ror":"https://ror.org/05564e019","country_code":"CN","type":"education","lineage":["https://openalex.org/I55654194"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zheyu Song","raw_affiliation_strings":["College of Data Science and Applications, Inner Mongolia University of Technology, Hohhot, China"],"affiliations":[{"raw_affiliation_string":"College of Data Science and Applications, Inner Mongolia University of Technology, Hohhot, China","institution_ids":["https://openalex.org/I55654194"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038699161","display_name":"Yonghong Tian","orcid":null},"institutions":[{"id":"https://openalex.org/I55654194","display_name":"Inner Mongolia University of Technology","ror":"https://ror.org/05564e019","country_code":"CN","type":"education","lineage":["https://openalex.org/I55654194"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yonghong Tian","raw_affiliation_strings":["College of Data Science and Applications, Inner Mongolia University of Technology, Hohhot, China"],"affiliations":[{"raw_affiliation_string":"College of Data Science and Applications, Inner Mongolia University of Technology, Hohhot, China","institution_ids":["https://openalex.org/I55654194"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083641842","display_name":"Junjin Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I55654194","display_name":"Inner Mongolia University of Technology","ror":"https://ror.org/05564e019","country_code":"CN","type":"education","lineage":["https://openalex.org/I55654194"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Junjin Zhang","raw_affiliation_strings":["College of Data Science and Applications, Inner Mongolia University of Technology, Hohhot, China"],"affiliations":[{"raw_affiliation_string":"College of Data Science and Applications, Inner Mongolia University of Technology, Hohhot, China","institution_ids":["https://openalex.org/I55654194"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5040100338"],"corresponding_institution_ids":["https://openalex.org/I55654194"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":2.2415,"has_fulltext":true,"cited_by_count":11,"citation_normalized_percentile":{"value":0.89089202,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"11","issue":null,"first_page":"111378","last_page":"111388"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9563000202178955,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.6979556083679199},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5836734175682068},{"id":"https://openalex.org/keywords/matrix","display_name":"Matrix (chemical analysis)","score":0.4263575077056885},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.4164888262748718},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.346244215965271},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3171798288822174},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2746083438396454},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.10293522477149963}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.6979556083679199},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5836734175682068},{"id":"https://openalex.org/C106487976","wikidata":"https://www.wikidata.org/wiki/Q685816","display_name":"Matrix (chemical analysis)","level":2,"score":0.4263575077056885},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.4164888262748718},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.346244215965271},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3171798288822174},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2746083438396454},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.10293522477149963},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2023.3322427","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3322427","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10273710.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:75d379399a0c4fd39f78f9a550845e65","is_oa":true,"landing_page_url":"https://doaj.org/article/75d379399a0c4fd39f78f9a550845e65","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 11, Pp 111378-111388 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2023.3322427","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3322427","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10273710.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.75}],"awards":[{"id":"https://openalex.org/G2328558998","display_name":null,"funder_award_id":"2020MS06026","funder_id":"https://openalex.org/F4320322868","funder_display_name":"Natural Science Foundation of Inner Mongolia"}],"funders":[{"id":"https://openalex.org/F4320322868","display_name":"Natural Science Foundation of Inner Mongolia","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387415286.pdf","grobid_xml":"https://content.openalex.org/works/W4387415286.grobid-xml"},"referenced_works_count":27,"referenced_works":["https://openalex.org/W2910470804","https://openalex.org/W2974072230","https://openalex.org/W2985193296","https://openalex.org/W2989588798","https://openalex.org/W3003433587","https://openalex.org/W3009137375","https://openalex.org/W3017363795","https://openalex.org/W3021147902","https://openalex.org/W3028767182","https://openalex.org/W3034363407","https://openalex.org/W3132588576","https://openalex.org/W3156636935","https://openalex.org/W3163378277","https://openalex.org/W3164269180","https://openalex.org/W3196654613","https://openalex.org/W3203444100","https://openalex.org/W3205163562","https://openalex.org/W4200055159","https://openalex.org/W4210404000","https://openalex.org/W4214850595","https://openalex.org/W4223944214","https://openalex.org/W4224923662","https://openalex.org/W4283215201","https://openalex.org/W4304759028","https://openalex.org/W4385573468","https://openalex.org/W6775874869","https://openalex.org/W6779603651"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W3202245533","https://openalex.org/W4253977752","https://openalex.org/W2942879794","https://openalex.org/W2964829536","https://openalex.org/W2904586340","https://openalex.org/W3120595989"],"abstract_inverted_index":{"In":[0,63],"recent":[1],"years,":[2],"there":[3,50],"has":[4,51],"been":[5,52],"an":[6],"increasingly":[7],"prevalent":[8],"trend":[9],"of":[10,44,55,65,88,165,169],"ransomware":[11,45,61,71,100,201],"attacks,":[12],"with":[13,60,200],"malicious":[14,185],"organizations":[15],"employing":[16],"various":[17],"techniques":[18,181],"to":[19,95,120,138,160,177,190],"gain":[20,161],"system":[21],"privileges":[22],"and":[23,98,111,150,195],"subsequently":[24],"engaging":[25],"in":[26],"extortion":[27],"through":[28,94],"methods":[29],"such":[30],"as":[31],"encrypting":[32],"files":[33],"or":[34],"leaking":[35],"information.":[36,113],"Current":[37],"research":[38],"predominantly":[39],"focuses":[40],"on":[41,77,129],"the":[42,56,78,117,122,134,140,155,166,170,178,197],"analysis":[43,74],"using":[46],"existing":[47],"features,":[48],"but":[49],"scarce":[53],"exploration":[54],"behavioral":[57,167],"patterns":[58,168],"associated":[59,199],"attacks.":[62,202],"light":[64],"this":[66,83],"situation,":[67],"we":[68,106,115,132,173],"propose":[69,174],"a":[70,85,162],"attack":[72,101,108,126,143,180],"similarity":[73,136,141],"method":[75],"based":[76],"ATT&CK":[79],"matrix.":[80],"To":[81],"initiate":[82],"analysis,":[84],"substantial":[86],"amount":[87],"network":[89,192],"threat":[90],"intelligence":[91],"is":[92],"sifted":[93],"select":[96],"reliable":[97],"comprehensive":[99],"incidents.":[102],"From":[103],"these":[104,130,184],"incidents,":[105],"extract":[107],"tactics,":[109],"techniques,":[110],"procedural":[112],"Subsequently,":[114],"employ":[116],"TF-IDF":[118],"algorithm":[119,137],"calculate":[121],"keyword":[123],"weights":[124],"within":[125],"descriptions.":[127],"Based":[128],"weights,":[131],"utilize":[133],"cosine":[135],"compare":[139],"between":[142],"events.":[144],"This":[145],"approach":[146],"reveals":[147],"critical":[148,179],"technical":[149],"tactical":[151],"information":[152],"employed":[153,182],"by":[154,183],"attacking":[156],"organizations,":[157],"enabling":[158],"researchers":[159],"deeper":[163],"understanding":[164],"attackers.":[171],"Finally,":[172],"countermeasures":[175,188],"corresponding":[176],"organizations.":[186],"These":[187],"aim":[189],"enhance":[191],"security":[193],"defenses":[194],"reduce":[196],"risks":[198]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2023-10-07T00:00:00"}