{"id":"https://openalex.org/W4413679681","doi":"https://doi.org/10.1109/csr64739.2025.11130028","title":"Hypervisor-based Double Extortion Ransomware Detection Method Using Kitsune Network Features","display_name":"Hypervisor-based Double Extortion Ransomware Detection Method Using Kitsune Network Features","publication_year":2025,"publication_date":"2025-08-04","ids":{"openalex":"https://openalex.org/W4413679681","doi":"https://doi.org/10.1109/csr64739.2025.11130028"},"language":"en","primary_location":{"id":"doi:10.1109/csr64739.2025.11130028","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130028","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2508.08655","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037753337","display_name":"Manabu Hirano","orcid":"https://orcid.org/0000-0001-9780-6454"},"institutions":[{"id":"https://openalex.org/I131361393","display_name":"National Institute of Technology, Toyota College","ror":"https://ror.org/01nw25822","country_code":"JP","type":"education","lineage":["https://openalex.org/I131361393"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Manabu Hirano","raw_affiliation_strings":["National Institute of Technology Toyota College,Department of Information and Computer Engineering,Toyota,Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Technology Toyota College,Department of Information and Computer Engineering,Toyota,Japan","institution_ids":["https://openalex.org/I131361393"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101610974","display_name":"Ryotaro Kobayashi","orcid":"https://orcid.org/0000-0001-5956-3455"},"institutions":[{"id":"https://openalex.org/I116465919","display_name":"Kogakuin University","ror":"https://ror.org/01wc2tq75","country_code":"JP","type":"education","lineage":["https://openalex.org/I116465919"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Ryotaro Kobayashi","raw_affiliation_strings":["Kogakuin University,Faculty of Informatics,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"Kogakuin University,Faculty of Informatics,Tokyo,Japan","institution_ids":["https://openalex.org/I116465919"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5037753337"],"corresponding_institution_ids":["https://openalex.org/I131361393"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.35784015,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"854","last_page":"860"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.988099992275238,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.988099992275238,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9283000230789185,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.951643705368042},{"id":"https://openalex.org/keywords/extortion","display_name":"Extortion","score":0.8496741056442261},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.8114947080612183},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6316930055618286},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4315353035926819},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4218360185623169},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26767635345458984},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.10708630084991455},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.08989977836608887}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.951643705368042},{"id":"https://openalex.org/C2779066997","wikidata":"https://www.wikidata.org/wiki/Q6452087","display_name":"Extortion","level":2,"score":0.8496741056442261},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.8114947080612183},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6316930055618286},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4315353035926819},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4218360185623169},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26767635345458984},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.10708630084991455},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.08989977836608887},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/csr64739.2025.11130028","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130028","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2508.08655","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2508.08655","pdf_url":"https://arxiv.org/pdf/2508.08655","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2508.08655","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2508.08655","pdf_url":"https://arxiv.org/pdf/2508.08655","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.5099999904632568}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W3178261856","https://openalex.org/W2886257824","https://openalex.org/W3010504543","https://openalex.org/W4406752207","https://openalex.org/W4410019695","https://openalex.org/W4400811107","https://openalex.org/W4411456184","https://openalex.org/W4232551112","https://openalex.org/W4405939430","https://openalex.org/W4409766150"],"abstract_inverted_index":{"Double":[0],"extortion":[1,35,92],"ransomware":[2,36,93],"attacks":[3],"have":[4],"become":[5],"mainstream":[6],"since":[7],"many":[8],"organizations":[9],"adopt":[10],"more":[11],"robust":[12],"and":[13,29,48,52,127],"resilient":[14],"data":[15,87,113],"backup":[16],"strategies":[17],"against":[18],"conventional":[19],"crypto-ransomware.":[20],"This":[21],"paper":[22],"presents":[23],"detailed":[24],"attack":[25],"stages,":[26],"tactics,":[27],"procedures,":[28],"tools":[30],"used":[31],"in":[32,90,106],"the":[33,74,86,100,107,112,121,124],"double":[34,91],"attacks.":[37,94],"We":[38,72],"then":[39],"present":[40],"a":[41,58,63],"novel":[42],"detection":[43,116],"method":[44,102,126],"using":[45],"low-level":[46],"storage":[47],"memory":[49],"behavioral":[50],"features":[51,55],"network":[53,82],"traffic":[54],"obtained":[56],"from":[57],"thin":[59],"hypervisor":[60],"to":[61,84],"establish":[62],"defense-in-depth":[64],"strategy":[65],"for":[66],"when":[67],"attackers":[68],"compromise":[69],"OS-level":[70],"protection.":[71],"employed":[73],"lightweight":[75],"\\emph{Kitsune}":[76],"Network":[77],"Intrusion":[78],"Detection":[79],"System":[80],"(NIDS)'s":[81],"feature":[83],"detect":[85],"exfiltration":[88,114],"phase":[89,115],"Our":[95],"experimental":[96],"results":[97],"showed":[98],"that":[99],"presented":[101,125],"improved":[103],"by":[104],"0.166":[105],"macro":[108],"F":[109],"score":[110],"of":[111,123],"rate.":[117],"Lastly,":[118],"we":[119],"discuss":[120],"limitations":[122],"future":[128],"work.":[129]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}