{"id":"https://openalex.org/W4413680158","doi":"https://doi.org/10.1109/csr64739.2025.11130044","title":"Explainable Ransomware Detection through Static Analysis and Machine Learning","display_name":"Explainable Ransomware Detection through Static Analysis and Machine Learning","publication_year":2025,"publication_date":"2025-08-04","ids":{"openalex":"https://openalex.org/W4413680158","doi":"https://doi.org/10.1109/csr64739.2025.11130044"},"language":"en","primary_location":{"id":"doi:10.1109/csr64739.2025.11130044","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130044","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007424361","display_name":"Giovanni Ciaramella","orcid":"https://orcid.org/0009-0002-9512-0621"},"institutions":[{"id":"https://openalex.org/I127077003","display_name":"IMT School for Advanced Studies Lucca","ror":"https://ror.org/035gh3a49","country_code":"IT","type":"education","lineage":["https://openalex.org/I127077003"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Giovanni Ciaramella","raw_affiliation_strings":["IMT School for Advanced Studies Lucca,Lucca,Italy"],"affiliations":[{"raw_affiliation_string":"IMT School for Advanced Studies Lucca,Lucca,Italy","institution_ids":["https://openalex.org/I127077003"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101546784","display_name":"Fabio Martinelli","orcid":"https://orcid.org/0000-0002-6721-9395"},"institutions":[{"id":"https://openalex.org/I4210155236","display_name":"National Research Council","ror":"https://ror.org/04zaypm56","country_code":"IT","type":"funder","lineage":["https://openalex.org/I4210155236"]},{"id":"https://openalex.org/I3005160176","display_name":"Institute for High Performance Computing and Networking","ror":"https://ror.org/04r5fge26","country_code":"IT","type":"facility","lineage":["https://openalex.org/I3005160176","https://openalex.org/I4210155236"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio Martinelli","raw_affiliation_strings":["Institute for High Performance Computing and Networking,National Research Council of Italy (CNR),Rende,Italy"],"affiliations":[{"raw_affiliation_string":"Institute for High Performance Computing and Networking,National Research Council of Italy (CNR),Rende,Italy","institution_ids":["https://openalex.org/I3005160176","https://openalex.org/I4210155236"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004599844","display_name":"Antonella Santone","orcid":"https://orcid.org/0000-0002-2634-4456"},"institutions":[{"id":"https://openalex.org/I129627893","display_name":"University of Molise","ror":"https://ror.org/04z08z627","country_code":"IT","type":"education","lineage":["https://openalex.org/I129627893"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Antonella Santone","raw_affiliation_strings":["University of Molise,Campobasso,Italy"],"affiliations":[{"raw_affiliation_string":"University of Molise,Campobasso,Italy","institution_ids":["https://openalex.org/I129627893"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023695406","display_name":"Francesco Mercaldo","orcid":"https://orcid.org/0000-0002-9425-1657"},"institutions":[{"id":"https://openalex.org/I129627893","display_name":"University of Molise","ror":"https://ror.org/04z08z627","country_code":"IT","type":"education","lineage":["https://openalex.org/I129627893"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Francesco Mercaldo","raw_affiliation_strings":["University of Molise,Campobasso,Italy"],"affiliations":[{"raw_affiliation_string":"University of Molise,Campobasso,Italy","institution_ids":["https://openalex.org/I129627893"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5007424361"],"corresponding_institution_ids":["https://openalex.org/I127077003"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33118511,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"91","last_page":"98"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9790999889373779,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9771000146865845,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9671250581741333},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7170053124427795},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5621065497398376},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4240304231643677},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38631683588027954},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3731255829334259},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32104599475860596},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10670268535614014}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9671250581741333},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7170053124427795},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5621065497398376},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4240304231643677},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38631683588027954},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3731255829334259},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32104599475860596},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10670268535614014}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr64739.2025.11130044","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130044","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4000000059604645,"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320311419","display_name":"Ministry of Health","ror":null},{"id":"https://openalex.org/F4320338440","display_name":"HORIZON EUROPE Health","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W2610659201","https://openalex.org/W4285507391","https://openalex.org/W3107556205","https://openalex.org/W2805262980","https://openalex.org/W2067547021","https://openalex.org/W4234891089"],"abstract_inverted_index":{"Cybersecurity":[0],"has":[1],"recently":[2],"become":[3],"crucial":[4],"in":[5,168],"daily":[6],"life":[7],"routines":[8],"due":[9],"to":[10,30,41,143,166],"several":[11,25],"attacks":[12],"performed":[13,125],"by":[14],"malicious":[15],"users.":[16],"Over":[17],"the":[18,54,81,84,98,109,113,131,160],"years,":[19],"researchers":[20],"and":[21,45,76,83,106,135],"experts":[22],"have":[23],"proposed":[24],"solutions":[26],"leveraging":[27,50],"artificial":[28],"intelligence":[29],"curb":[31],"these":[32],"problems.":[33],"This":[34],"research":[35],"proposes":[36],"a":[37,59,152],"malware":[38],"detector":[39],"able":[40],"classify":[42],"malware,":[43],"ransomware,":[44],"trusted":[46],"Windows":[47],"executable":[48],"files":[49,70],"machine":[51],"learning.":[52],"As":[53],"first":[55],"step,":[56],"we":[57,73,96,124,129,157],"created":[58],"dataset":[60,99],"of":[61,86,116],"approximately":[62],"$\\mathbf{1":[63],"5,":[64],"0":[65,66],"0}$":[67],"Portable":[68],"Executable":[69],"from":[71],"which":[72,146],"extracted":[74],"opcodes":[75],"computed":[77],"feature":[78],"vectors":[79],"like":[80],"frequency":[82],"distribution":[85],"each":[87,90],"opcode":[88,164],"for":[89,151],"file":[91],"taken":[92],"under":[93],"analysis.":[94],"Once":[95],"concluded":[97],"creation":[100],"phase,":[101],"multiple":[102],"classifiers":[103],"were":[104,148],"trained":[105],"evaluated,":[107],"with":[108],"Gradient":[110],"Boosting":[111],"achieving":[112],"highest":[114],"accuracy":[115],"$\\mathbf{0.":[117],"8":[118],"7":[119],"0}$.":[120],"To":[121],"ensure":[122],"robustness,":[123],"5-fold":[126],"cross-validation.":[127],"Moreover,":[128],"identified":[130],"best":[132],"two":[133],"models":[134],"applied":[136],"explainability":[137],"using":[138],"Local":[139],"Interpretable":[140],"Model-Agnostic":[141],"Explanations":[142],"understand":[144],"better":[145],"features":[147],"most":[149,161],"relevant":[150],"specific":[153],"classification.":[154,170],"In":[155],"conclusion,":[156],"also":[158],"analyzed":[159],"frequently":[162],"used":[163],"classes":[165],"aid":[167],"their":[169]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}