{"id":"https://openalex.org/W4309346266","doi":"https://doi.org/10.1109/cns56114.2022.9947244","title":"Ransomware Detection in Databases through Dynamic Analysis of Query Sequences","display_name":"Ransomware Detection in Databases through Dynamic Analysis of Query Sequences","publication_year":2022,"publication_date":"2022-10-03","ids":{"openalex":"https://openalex.org/W4309346266","doi":"https://doi.org/10.1109/cns56114.2022.9947244"},"language":"en","primary_location":{"id":"doi:10.1109/cns56114.2022.9947244","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns56114.2022.9947244","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056402938","display_name":"Christoph Sendner","orcid":"https://orcid.org/0000-0003-3766-783X"},"institutions":[{"id":"https://openalex.org/I25974101","display_name":"University of W\u00fcrzburg","ror":"https://ror.org/00fbnyb24","country_code":"DE","type":"education","lineage":["https://openalex.org/I25974101"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Christoph Sendner","raw_affiliation_strings":["University of Würzburg,Germany"],"affiliations":[{"raw_affiliation_string":"University of Würzburg,Germany","institution_ids":["https://openalex.org/I25974101"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001534207","display_name":"Lukas Iffl\u00e4nder","orcid":"https://orcid.org/0000-0002-8506-2758"},"institutions":[{"id":"https://openalex.org/I25974101","display_name":"University of W\u00fcrzburg","ror":"https://ror.org/00fbnyb24","country_code":"DE","type":"education","lineage":["https://openalex.org/I25974101"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lukas Ifflander","raw_affiliation_strings":["University of Würzburg,Germany"],"affiliations":[{"raw_affiliation_string":"University of Würzburg,Germany","institution_ids":["https://openalex.org/I25974101"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009877155","display_name":"Sebastian Schindler","orcid":"https://orcid.org/0000-0002-7054-5431"},"institutions":[{"id":"https://openalex.org/I25974101","display_name":"University of W\u00fcrzburg","ror":"https://ror.org/00fbnyb24","country_code":"DE","type":"education","lineage":["https://openalex.org/I25974101"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sebastian Schindler","raw_affiliation_strings":["University of Würzburg,Germany"],"affiliations":[{"raw_affiliation_string":"University of Würzburg,Germany","institution_ids":["https://openalex.org/I25974101"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015601790","display_name":"M. Jobst","orcid":null},"institutions":[{"id":"https://openalex.org/I25974101","display_name":"University of W\u00fcrzburg","ror":"https://ror.org/00fbnyb24","country_code":"DE","type":"education","lineage":["https://openalex.org/I25974101"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Jobst","raw_affiliation_strings":["University of Würzburg,Germany"],"affiliations":[{"raw_affiliation_string":"University of Würzburg,Germany","institution_ids":["https://openalex.org/I25974101"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042835341","display_name":"Alexandra Dmitrienko","orcid":"https://orcid.org/0000-0001-5637-7016"},"institutions":[{"id":"https://openalex.org/I25974101","display_name":"University of W\u00fcrzburg","ror":"https://ror.org/00fbnyb24","country_code":"DE","type":"education","lineage":["https://openalex.org/I25974101"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Alexandra Dmitrienko","raw_affiliation_strings":["University of Würzburg,Germany"],"affiliations":[{"raw_affiliation_string":"University of Würzburg,Germany","institution_ids":["https://openalex.org/I25974101"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013790674","display_name":"Samuel Kounev","orcid":"https://orcid.org/0000-0001-9742-2063"},"institutions":[{"id":"https://openalex.org/I25974101","display_name":"University of W\u00fcrzburg","ror":"https://ror.org/00fbnyb24","country_code":"DE","type":"education","lineage":["https://openalex.org/I25974101"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Samuel Kounev","raw_affiliation_strings":["University of Würzburg,Germany"],"affiliations":[{"raw_affiliation_string":"University of Würzburg,Germany","institution_ids":["https://openalex.org/I25974101"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5056402938"],"corresponding_institution_ids":["https://openalex.org/I25974101"],"apc_list":null,"apc_paid":null,"fwci":0.8915,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.72754087,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"326","last_page":"334"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.8780425190925598},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8309556245803833},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6322788000106812},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.49119994044303894},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.4151618778705597},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.35302186012268066},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2478111982345581},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.18229171633720398},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.1614077389240265}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.8780425190925598},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8309556245803833},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6322788000106812},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.49119994044303894},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.4151618778705597},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35302186012268066},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2478111982345581},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.18229171633720398},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.1614077389240265},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cns56114.2022.9947244","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns56114.2022.9947244","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W1658853941","https://openalex.org/W1867275324","https://openalex.org/W1881719794","https://openalex.org/W2014712522","https://openalex.org/W2025448348","https://openalex.org/W2062814932","https://openalex.org/W2096781418","https://openalex.org/W2103929851","https://openalex.org/W2144696387","https://openalex.org/W2145332315","https://openalex.org/W2168683140","https://openalex.org/W2176363081","https://openalex.org/W2559964890","https://openalex.org/W2747617717","https://openalex.org/W2946766896","https://openalex.org/W2976972209","https://openalex.org/W3098735943","https://openalex.org/W3173990800","https://openalex.org/W4241212268","https://openalex.org/W4302167780","https://openalex.org/W6639481167","https://openalex.org/W6675882192","https://openalex.org/W6685968906","https://openalex.org/W6762834621","https://openalex.org/W6785319648"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W4253977752","https://openalex.org/W2942879794","https://openalex.org/W2964829536","https://openalex.org/W2904586340","https://openalex.org/W3120595989","https://openalex.org/W4380791770"],"abstract_inverted_index":{"Ransomware":[0],"is":[1,22],"an":[2],"emerging":[3],"threat":[4],"that":[5],"imposed":[6],"a":[7,99,177],"$":[8,16,26],"5":[9],"billion":[10,18,28],"loss":[11],"in":[12,19,29,44,54],"2017,":[13],"rose":[14],"to":[15,24,41,86,142,153,204],"20":[17],"2021,":[20],"and":[21,52,90,112,123,159,176,199,208],"predicted":[23],"hit":[25],"256":[27],"2031.":[30],"While":[31],"initially":[32],"targeting":[33],"PC":[34],"(client)":[35],"platforms,":[36],"ransomware":[37,74],"recently":[38],"leaped":[39],"over":[40],"server-side":[42,72],"databases-starting":[43],"January":[45],"2017":[46],"with":[47,56],"the":[48,69,202],"MongoDB":[49],"Apocalypse":[50],"attack":[51,129],"continuing":[53],"2020":[55],"85,000":[57],"MySQL":[58,163],"instances":[59],"ransomed.":[60],"Previous":[61],"research":[62],"developed":[63],"countermeasures":[64],"against":[65],"client-side":[66],"ransomware.":[67],"However,":[68],"problem":[70],"of":[71,95,109,181],"database":[73],"has":[75],"received":[76],"little":[77],"attention":[78],"so":[79],"far.":[80],"In":[81],"our":[82,196,206],"work,":[83],"we":[84],"aim":[85],"bridge":[87],"this":[88],"gap":[89],"present":[91],"DIMAQS":[92,105],"(Dynamic":[93],"Identification":[94],"Malicious":[96],"Query":[97],"Sequences),":[98],"novel":[100,136],"anti-ransomware":[101],"solution":[102],"for":[103,128,173],"databases.":[104],"performs":[106],"runtime":[107],"monitoring":[108],"incoming":[110],"queries":[111],"pattern":[113],"matching":[114],"using":[115],"two":[116],"classification":[117],"approaches":[118,175],"(Colored":[119],"Petri":[120],"Nets":[121],"(CPNs)":[122],"Deep":[124],"Neural":[125],"Networks":[126],"(DNNs))":[127],"detection.":[130],"Our":[131,157],"system":[132],"design":[133],"exhibits":[134],"several":[135],"techniques":[137],"like":[138],"dynamic":[139],"color":[140],"generation":[141],"efficiently":[143],"detect":[144],"malicious":[145],"query":[146],"sequences":[147],"globally":[148],"(i.e.,":[149],"without":[150,170],"limiting":[151],"detection":[152],"distinct":[154],"user":[155],"connections).":[156],"proof-of-concept":[158],"ready-to-use":[160],"implementation":[161],"targets":[162],"servers.":[164],"The":[165],"evaluation":[166],"shows":[167],"high":[168],"efficiency":[169],"false":[171,178],"negatives":[172],"both":[174],"positive":[179],"rate":[180],"nearly":[182],"0%.":[183],"Both":[184],"classifiers":[185],"show":[186],"very":[187],"moderate":[188],"performance":[189],"overheads":[190],"below":[191],"6%.":[192],"We":[193],"will":[194],"publish":[195],"data":[197],"sets":[198],"implementation,":[200],"allowing":[201],"community":[203],"reproduce":[205],"tests":[207],"results.":[209]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}