{"id":"https://openalex.org/W2795382384","doi":"https://doi.org/10.1109/cybersecpods.2018.8560667","title":"Dynamic Opcode Analysis of Ransomware","display_name":"Dynamic Opcode Analysis of Ransomware","publication_year":2018,"publication_date":"2018-06-01","ids":{"openalex":"https://openalex.org/W2795382384","doi":"https://doi.org/10.1109/cybersecpods.2018.8560667","mag":"2795382384"},"language":"en","primary_location":{"id":"doi:10.1109/cybersecpods.2018.8560667","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecpods.2018.8560667","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://pureadmin.qub.ac.uk/ws/files/149741697/PID5317323.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080315320","display_name":"Domhnall Carlin","orcid":"https://orcid.org/0000-0002-8424-2757"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Domhnall Carlin","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen&#x0027;s University, Belfast, Northern Ireland","Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen&#x0027;s University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017537630","display_name":"Philip O\u2019Kane","orcid":"https://orcid.org/0000-0002-7792-336X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Philip O'Kane","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen&#x0027;s University, Belfast, Northern Ireland","Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen&#x0027;s University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103745938","display_name":"Sakir Sezer","orcid":null},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sakir Sezer","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen&#x0027;s University, Belfast, Northern Ireland","Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen&#x0027;s University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5080315320"],"corresponding_institution_ids":["https://openalex.org/I126231945"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.02761998,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9886000156402588,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/opcode","display_name":"Opcode","score":0.990108072757721},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9771811962127686},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7902172803878784},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7489995360374451},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7461821436882019},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5888413190841675},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.5372398495674133},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.506468653678894},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48586270213127136},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4468728005886078},{"id":"https://openalex.org/keywords/tracing","display_name":"Tracing","score":0.4459880590438843},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.357815146446228},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.32278963923454285},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2077268660068512},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.0707886815071106}],"concepts":[{"id":"https://openalex.org/C52173422","wikidata":"https://www.wikidata.org/wiki/Q766483","display_name":"Opcode","level":2,"score":0.990108072757721},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9771811962127686},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7902172803878784},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7489995360374451},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7461821436882019},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5888413190841675},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.5372398495674133},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.506468653678894},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48586270213127136},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4468728005886078},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.4459880590438843},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.357815146446228},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.32278963923454285},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2077268660068512},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0707886815071106}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/cybersecpods.2018.8560667","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecpods.2018.8560667","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.qub.ac.uk/portal:openaire/43bce616-e65f-4c89-ad9b-8ec417345778","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/43bce616-e65f-4c89-ad9b-8ec417345778","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/149741697/PID5317323.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Carlin, D, O'Kane, P & Sezer, S 2018, Dynamic Opcode Analysis of Ransomware. in Proceedings of International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018). Institute of Electrical and Electronics Engineers Inc., International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, United Kingdom, 11/06/2018. https://doi.org/10.1109/CyberSecPODS.2018.8560667","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:pure.qub.ac.uk/portal:openaire/43bce616-e65f-4c89-ad9b-8ec417345778","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/43bce616-e65f-4c89-ad9b-8ec417345778","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/149741697/PID5317323.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Carlin, D, O'Kane, P & Sezer, S 2018, Dynamic Opcode Analysis of Ransomware. in Proceedings of International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018). Institute of Electrical and Electronics Engineers Inc., International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, United Kingdom, 11/06/2018. https://doi.org/10.1109/CyberSecPODS.2018.8560667","raw_type":"info:eu-repo/semantics/conferenceObject"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.800000011920929,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2241406505","display_name":null,"funder_award_id":"EP/R007187/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5445011987","display_name":null,"funder_award_id":"EP/K004379/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G6577499357","display_name":null,"funder_award_id":"EP/N508664/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2795382384.pdf","grobid_xml":"https://content.openalex.org/works/W2795382384.grobid-xml"},"referenced_works_count":12,"referenced_works":["https://openalex.org/W1973211701","https://openalex.org/W2027721581","https://openalex.org/W2053724458","https://openalex.org/W2140564944","https://openalex.org/W2153393809","https://openalex.org/W2245015425","https://openalex.org/W2493960021","https://openalex.org/W2513529237","https://openalex.org/W2526582864","https://openalex.org/W2544488729","https://openalex.org/W2594561196","https://openalex.org/W2886257824"],"related_works":["https://openalex.org/W2795382384","https://openalex.org/W3202003292","https://openalex.org/W3211159634","https://openalex.org/W4388157251","https://openalex.org/W3126761238","https://openalex.org/W4401734693","https://openalex.org/W2945832014","https://openalex.org/W4390475200","https://openalex.org/W4214835142","https://openalex.org/W4385749679"],"abstract_inverted_index":{"The":[0,143],"explosion":[1],"of":[2,21,32,51,57,87,95,122,154],"ransomware":[3,39,96,156],"in":[4,36,60,75,112,115,140,157],"recent":[5],"years":[6],"has":[7,17],"served":[8],"as":[9],"a":[10,48,84,106,120],"costly":[11],"reminder":[12],"that":[13,20,83,116,148],"the":[14,30,55,61,67,76,113,137],"malware":[15],"threatscape":[16],"moved":[18],"from":[19,40],"socially-inept":[22],"hobbyists":[23],"to":[24,66,71,99,160],"career":[25],"criminals.":[26],"This":[27],"paper":[28],"investigates":[29],"efficacy":[31],"dynamic":[33,53,149],"opcode":[34,150],"analysis":[35],"distinguishing":[37],"cryptographic":[38],"benignware,":[41],"and":[42],"presents":[43],"several":[44],"novel":[45,80],"contributions.":[46],"Firstly,":[47],"new":[49],"dataset":[50],"cryptoransomware":[52],"run-traces,":[54],"largest":[56],"its":[58],"kind":[59],"literature.":[62],"We":[63],"release":[64],"this":[65],"wider":[68],"research":[69,74,144],"community":[70],"foster":[72],"further":[73],"field.":[77],"Our":[78],"second":[79],"contribution":[81],"demonstrates":[82,147],"short":[85],"runlength":[86],"32k":[88],"opcodes":[89],"can":[90,118],"provide":[91],"highly":[92],"accurate":[93],"detection":[94],"(99.56%)":[97],"compared":[98],"benign":[100,123],"software.":[101],"Third,":[102],"our":[103,141],"model":[104],"offers":[105],"distinct":[107],"advantage":[108],"over":[109],"other":[110],"models":[111],"literature,":[114],"it":[117],"detect":[119],"form":[121],"encryption":[124],"(i.e.":[125],"file":[126],"zipping)":[127],"with":[128],"100%":[129],"accuracy":[130],"against":[131],"not":[132],"only":[133],"ransomware,":[134],"but":[135],"also":[136],"non-encrypting":[138],"benignware":[139],"dataset.":[142],"presented":[145],"here":[146],"tracing":[151],"is":[152],"capable":[153],"detecting":[155],"comparable":[158],"times":[159],"static":[161],"analysis,":[162],"without":[163],"being":[164],"thwarted":[165],"by":[166],"obfuscation":[167],"tactics.":[168]},"counts_by_year":[{"year":2023,"cited_by_count":4}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}