{"id":"https://openalex.org/W4410340981","doi":"https://doi.org/10.1109/access.2025.3569635","title":"iCNN-LSTM+: A Batch-Based Incremental Ransomware Detection System Using Sysmon","display_name":"iCNN-LSTM+: A Batch-Based Incremental Ransomware Detection System Using Sysmon","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4410340981","doi":"https://doi.org/10.1109/access.2025.3569635"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3569635","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3569635","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3569635","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050531980","display_name":"Jamil Ispahany","orcid":"https://orcid.org/0000-0001-8224-2924"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jamil Ispahany","raw_affiliation_strings":["Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8224-2924","affiliations":[{"raw_affiliation_string":"Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065820146","display_name":"Rafiqul Islam","orcid":"https://orcid.org/0000-0001-8317-5727"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Md Rafiqul Islam","raw_affiliation_strings":["Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8317-5727","affiliations":[{"raw_affiliation_string":"Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065309356","display_name":"M. Arif Khan","orcid":"https://orcid.org/0000-0001-6112-8874"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"M. Arif Khan","raw_affiliation_strings":["Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0001-6112-8874","affiliations":[{"raw_affiliation_string":"Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015246388","display_name":"Md Zahidul Islam","orcid":"https://orcid.org/0000-0002-4868-4945"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Md Zahidul Islam","raw_affiliation_strings":["Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0002-4868-4945","affiliations":[{"raw_affiliation_string":"Cyber Security Cooperative Research Centre (CSCRC), Kingston, ACT, Australia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":8.3997,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.97994443,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"13","issue":null,"first_page":"87978","last_page":"87998"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9707000255584717,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.912136435508728},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7587617039680481},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4542260468006134},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.3231428861618042},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.32180291414260864},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.21409597992897034}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.912136435508728},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7587617039680481},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4542260468006134},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3231428861618042},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32180291414260864},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.21409597992897034}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2025.3569635","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3569635","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:publications/480f8903-8aac-4792-a04a-f3835648e530","is_oa":true,"landing_page_url":"https://researchoutput.csu.edu.au/en/publications/480f8903-8aac-4792-a04a-f3835648e530","pdf_url":null,"source":{"id":"https://openalex.org/S7407055442","display_name":"Charles Sturt University Research Output (CRO)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Ispahany, J, Islam, M R, Khan, M A & Islam, M Z 2025, 'iCNN-LSTM+ : A batch-based incremental ransomware detection system using Sysmon', IEEE Access, vol. 13, pp. 87978-87998. https://doi.org/10.1109/ACCESS.2025.3569635","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:7216a274e2ca4d659d1b299663ce1c42","is_oa":true,"landing_page_url":"https://doaj.org/article/7216a274e2ca4d659d1b299663ce1c42","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 87978-87998 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3569635","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3569635","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.41999998688697815}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":53,"referenced_works":["https://openalex.org/W34738725","https://openalex.org/W2050143826","https://openalex.org/W2064675550","https://openalex.org/W2071072418","https://openalex.org/W2131427446","https://openalex.org/W2326063669","https://openalex.org/W2493916176","https://openalex.org/W2621191914","https://openalex.org/W2799908179","https://openalex.org/W2810114801","https://openalex.org/W2887506070","https://openalex.org/W2925507233","https://openalex.org/W2949676527","https://openalex.org/W2953056235","https://openalex.org/W2958060654","https://openalex.org/W2972552958","https://openalex.org/W2974072230","https://openalex.org/W2981052417","https://openalex.org/W2985407284","https://openalex.org/W2991232789","https://openalex.org/W3034402928","https://openalex.org/W3045604105","https://openalex.org/W3101124703","https://openalex.org/W3110420963","https://openalex.org/W3111126165","https://openalex.org/W3127186144","https://openalex.org/W3138102940","https://openalex.org/W3165106224","https://openalex.org/W3193645636","https://openalex.org/W3203932070","https://openalex.org/W3210164130","https://openalex.org/W3212046143","https://openalex.org/W4210496140","https://openalex.org/W4296367487","https://openalex.org/W4308351818","https://openalex.org/W4364382428","https://openalex.org/W4366447842","https://openalex.org/W4382397550","https://openalex.org/W4384835155","https://openalex.org/W4385569740","https://openalex.org/W4385872253","https://openalex.org/W4386996799","https://openalex.org/W4387097414","https://openalex.org/W4389454898","https://openalex.org/W4390505226","https://openalex.org/W4392121297","https://openalex.org/W4396712725","https://openalex.org/W4400765867","https://openalex.org/W4402775759","https://openalex.org/W6640036494","https://openalex.org/W6674330103","https://openalex.org/W6737135848","https://openalex.org/W6754950502"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W4387369504","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Ransomware":[0],"remains":[1],"a":[2,17,89,105,153],"persistent":[3],"and":[4,10,55,78,84,112,155],"evolving":[5],"cyber":[6],"threat,":[7],"requiring":[8],"adaptive":[9],"efficient":[11],"detection":[12,20,64,110],"mechanisms.":[13],"This":[14],"study":[15],"presents":[16],"novel":[18,106],"CNN-LSTM-based":[19],"system":[21,141],"that":[22,108],"leverages":[23],"Sysmon":[24],"logs":[25],"for":[26,52,143,158],"real-time":[27,159],"analysis":[28],"on":[29],"Windows":[30],"endpoints.":[31],"Through":[32],"the":[33,39,50,58,100,118,140,149,164],"integration":[34],"of":[35,73,82],"batch-based":[36],"incremental":[37],"learning,":[38],"model":[40,116],"achieves":[41,69],"continuous":[42],"adaptation":[43],"to":[44],"previously":[45],"unseen":[46],"ransomware":[47,160],"variants,":[48],"eliminating":[49],"necessity":[51],"full":[53],"retraining":[54],"effectively":[56,162],"addressing":[57],"constraints":[59],"associated":[60],"with":[61,75,134],"conventional":[62],"static":[63],"methodologies.":[65],"The":[66,114],"proposed":[67],"framework":[68,151],"an":[70],"average":[71],"F2-score":[72],"99.65%,":[74],"false":[76,79],"positive":[77],"negative":[80],"rates":[81],"0.16%":[83],"3.96%,":[85],"respectively,":[86],"even":[87],"in":[88,127],"highly":[90],"imbalanced":[91],"dataset.":[92],"To":[93],"comprehensively":[94],"evaluate":[95],"its":[96,125],"performance,":[97],"we":[98],"introduce":[99],"Weighted":[101],"Efficiency":[102],"Score":[103],"(WES),":[104],"metric":[107],"balances":[109],"accuracy":[111],"throughput.":[113],"iCNN-LSTM+":[115,150],"attains":[117],"highest":[119],"WES":[120],"among":[121],"CNN-LSTM":[122],"architectures,":[123],"demonstrating":[124],"efficiency":[126],"real-world":[128],"applications.":[129],"Furthermore,":[130],"parallel":[131],"LSTM":[132],"processing":[133],"attention":[135],"mechanisms":[136],"enhances":[137],"throughput,":[138],"making":[139],"scalable":[142],"large-scale":[144],"deployments.":[145],"These":[146],"findings":[147],"establish":[148],"as":[152],"resilient":[154],"adaptable":[156],"solution":[157],"detection,":[161],"mitigating":[163],"risks":[165],"posed":[166],"by":[167],"emerging":[168],"threats.":[169]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5}],"updated_date":"2026-06-14T07:44:22.658603","created_date":"2025-10-10T00:00:00"}