{"id":"https://openalex.org/W2968819276","doi":"https://doi.org/10.1109/bigdata47090.2019.9005540","title":"A King\u2019s Ransom for Encryption: Ransomware Classification using Augmented One-Shot Learning and Bayesian Approximation","display_name":"A King\u2019s Ransom for Encryption: Ransomware Classification using Augmented One-Shot Learning and Bayesian Approximation","publication_year":2019,"publication_date":"2019-12-01","ids":{"openalex":"https://openalex.org/W2968819276","doi":"https://doi.org/10.1109/bigdata47090.2019.9005540","mag":"2968819276"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata47090.2019.9005540","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata47090.2019.9005540","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1908.06750","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013030358","display_name":"Amir Atapour\u2013Abarghouei","orcid":"https://orcid.org/0000-0002-4242-4579"},"institutions":[{"id":"https://openalex.org/I84884186","display_name":"Newcastle University","ror":"https://ror.org/01kj2bm70","country_code":"GB","type":"education","lineage":["https://openalex.org/I84884186"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Amir Atapour-Abarghouei","raw_affiliation_strings":["School of Computing, Newcastle University, Newcastle, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Newcastle University, Newcastle, UK","institution_ids":["https://openalex.org/I84884186"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075279338","display_name":"Stephen Bonner","orcid":"https://orcid.org/0000-0001-6008-358X"},"institutions":[{"id":"https://openalex.org/I84884186","display_name":"Newcastle University","ror":"https://ror.org/01kj2bm70","country_code":"GB","type":"education","lineage":["https://openalex.org/I84884186"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Stephen Bonner","raw_affiliation_strings":["School of Computing, Newcastle University, Newcastle, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Newcastle University, Newcastle, UK","institution_ids":["https://openalex.org/I84884186"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078307880","display_name":"A. Stephen McGough","orcid":"https://orcid.org/0000-0001-5626-0934"},"institutions":[{"id":"https://openalex.org/I84884186","display_name":"Newcastle University","ror":"https://ror.org/01kj2bm70","country_code":"GB","type":"education","lineage":["https://openalex.org/I84884186"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Andrew Stephen McGough","raw_affiliation_strings":["School of Computing, Newcastle University, Newcastle, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Newcastle University, Newcastle, UK","institution_ids":["https://openalex.org/I84884186"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5013030358"],"corresponding_institution_ids":["https://openalex.org/I84884186"],"apc_list":null,"apc_paid":null,"fwci":0.32836018,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.55313669,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1601","last_page":"1606"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9679999947547913,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.965399980545044,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.97432941198349},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7415063977241516},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5298910737037659},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5021896362304688},{"id":"https://openalex.org/keywords/naive-bayes-classifier","display_name":"Naive Bayes classifier","score":0.4443693161010742},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.44335776567459106},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37283921241760254},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.309139609336853},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.2581382095813751},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.10184144973754883}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.97432941198349},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7415063977241516},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5298910737037659},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5021896362304688},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.4443693161010742},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.44335776567459106},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37283921241760254},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.309139609336853},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2581382095813751},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.10184144973754883}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1109/bigdata47090.2019.9005540","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata47090.2019.9005540","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1908.06750","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1908.06750","pdf_url":"https://arxiv.org/pdf/1908.06750","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:2968819276","is_oa":true,"landing_page_url":"http://export.arxiv.org/pdf/1908.06750","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"pmh:oai:durham-repository.worktribe.com:1138135","is_oa":true,"landing_page_url":"https://durham-repository.worktribe.com/output/1138135","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Presentation / Conference Contribution"},{"id":"doi:10.48550/arxiv.1908.06750","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1908.06750","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1908.06750","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1908.06750","pdf_url":"https://arxiv.org/pdf/1908.06750","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3037747109","display_name":null,"funder_award_id":"EP/P011772/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G3688699135","display_name":null,"funder_award_id":"EP/M020576/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5985745339","display_name":null,"funder_award_id":"EP/P01187X/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G7904777936","display_name":null,"funder_award_id":"EP/R007209/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W1522301498","https://openalex.org/W1531782611","https://openalex.org/W1686810756","https://openalex.org/W1910686388","https://openalex.org/W2095705004","https://openalex.org/W2115733720","https://openalex.org/W2119359024","https://openalex.org/W2183341477","https://openalex.org/W2194775991","https://openalex.org/W2279098554","https://openalex.org/W2408712009","https://openalex.org/W2432717477","https://openalex.org/W2460937040","https://openalex.org/W2513529237","https://openalex.org/W2549139847","https://openalex.org/W2550109527","https://openalex.org/W2613718673","https://openalex.org/W2767630563","https://openalex.org/W2773511604","https://openalex.org/W2784113120","https://openalex.org/W2787931603","https://openalex.org/W2796438033","https://openalex.org/W2798405286","https://openalex.org/W2798414551","https://openalex.org/W2803125181","https://openalex.org/W2900786531","https://openalex.org/W2904530326","https://openalex.org/W2916670550","https://openalex.org/W2925310131","https://openalex.org/W2950133940","https://openalex.org/W2950517871","https://openalex.org/W2951595529","https://openalex.org/W2962756421","https://openalex.org/W2963163009","https://openalex.org/W2963446712","https://openalex.org/W2963711523","https://openalex.org/W2964059111","https://openalex.org/W2964250774","https://openalex.org/W3037590790","https://openalex.org/W3091905774","https://openalex.org/W6617145748","https://openalex.org/W6631190155","https://openalex.org/W6631877889","https://openalex.org/W6637373629","https://openalex.org/W6638836233","https://openalex.org/W6639216784","https://openalex.org/W6674330103","https://openalex.org/W6695314431","https://openalex.org/W6735443497","https://openalex.org/W6743806954","https://openalex.org/W6748061875","https://openalex.org/W6751030608","https://openalex.org/W6753767121","https://openalex.org/W6756040250","https://openalex.org/W6783596713"],"related_works":["https://openalex.org/W2550109527","https://openalex.org/W3127601194","https://openalex.org/W3004344696","https://openalex.org/W3005676508","https://openalex.org/W2785743295","https://openalex.org/W2887954984","https://openalex.org/W3209949477","https://openalex.org/W2663860788","https://openalex.org/W3110037972","https://openalex.org/W2945832014","https://openalex.org/W3014902384","https://openalex.org/W3126403418","https://openalex.org/W3005124797","https://openalex.org/W3110432551","https://openalex.org/W3120537061","https://openalex.org/W2978822875","https://openalex.org/W2766662076","https://openalex.org/W3085263333","https://openalex.org/W3202594349","https://openalex.org/W2994117628"],"abstract_inverted_index":{"Newly":[0],"emerging":[1],"variants":[2,178],"of":[3,15,23,64,78,109,113,131,137,194,200],"ransomware":[4,37,46,67,116,138,177,205],"pose":[5],"an":[6],"ever-growing":[7],"threat":[8],"to":[9,202],"computer":[10],"systems":[11],"governing":[12],"every":[13],"aspect":[14],"modern":[16,95],"life":[17],"through":[18],"the":[19,39,49,62,66,79,83,110,192],"handling":[20,184],"and":[21,35,100,153,175,185],"analysis":[22],"big":[24],"data.":[25],"While":[26],"various":[27],"recent":[28],"security-based":[29],"approaches":[30],"have":[31],"focused":[32],"on":[33,75],"detecting":[34],"classifying":[36,65],"at":[38],"network":[40],"or":[41,82],"system":[42,69],"level,":[43],"easy-to-use":[44],"post-infection":[45],"classification":[47],"for":[48,182,204],"lay":[50],"user":[51],"has":[52],"not":[53,186],"been":[54],"attempted":[55],"before.":[56],"In":[57,118],"this":[58],"paper,":[59],"we":[60,104,140,165],"investigate":[61],"possibility":[63],"a":[68,76,88,106,122,133],"is":[70,126],"infected":[71],"with":[72,197],"simply":[73],"based":[74],"screenshot":[77,142],"splash":[80,111],"screen":[81],"ransom":[84],"note":[85],"captured":[86],"using":[87,158],"consumer":[89],"camera":[90],"commonly":[91],"found":[92],"in":[93],"any":[94],"mobile":[96],"device.":[97],"To":[98],"train":[99],"evaluate":[101],"our":[102,119,195],"system,":[103],"create":[105],"sample":[107],"dataset":[108,136],"screens":[112],"50":[114],"well-known":[115],"variants.":[117],"dataset,":[120],"only":[121],"single":[123],"training":[124,135],"image":[125],"available":[127],"per":[128],"ransomware.":[129],"Instead":[130],"creating":[132],"large":[134],"screenshots,":[139],"simulate":[141],"capture":[143],"conditions":[144],"via":[145,162],"carefully":[146],"designed":[147],"data":[148],"augmentation":[149],"techniques,":[150],"enabling":[151],"simple":[152],"efficient":[154],"one-shot":[155],"learning.":[156],"Moreover,":[157],"model":[159],"uncertainty":[160],"obtained":[161],"Bayesian":[163],"approximation,":[164],"ensure":[166],"special":[167,183],"input":[168],"cases":[169],"such":[170],"as":[171],"unrelated":[172],"non-ransomware":[173],"images":[174],"previously-unseen":[176],"are":[179],"correctly":[180],"identified":[181],"mis-classified.":[187],"Extensive":[188],"experimental":[189],"evaluation":[190],"demonstrates":[191],"efficacy":[193],"work,":[196],"accuracy":[198],"levels":[199],"up":[201],"93.6%":[203],"classification.":[206]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}