{"id":"https://openalex.org/W4362496444","doi":"https://doi.org/10.1109/kst57286.2023.10086910","title":"RANDES: A Ransomware Detection System based on Machine Learning","display_name":"RANDES: A Ransomware Detection System based on Machine Learning","publication_year":2023,"publication_date":"2023-02-21","ids":{"openalex":"https://openalex.org/W4362496444","doi":"https://doi.org/10.1109/kst57286.2023.10086910"},"language":"en","primary_location":{"id":"doi:10.1109/kst57286.2023.10086910","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/kst57286.2023.10086910","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 15th International Conference on Knowledge and Smart Technology (KST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001864649","display_name":"Tanasart Phuangtong","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":true,"raw_author_name":"Tanasart Phuangtong","raw_affiliation_strings":["Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand"],"affiliations":[{"raw_affiliation_string":"Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]},{"raw_affiliation_string":"School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088236653","display_name":"Nitipoom Jaroonchaipipat","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Nitipoom Jaroonchaipipat","raw_affiliation_strings":["Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand"],"affiliations":[{"raw_affiliation_string":"Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]},{"raw_affiliation_string":"School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021444705","display_name":"Nontawat Thanundonsuk","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Nontawat Thanundonsuk","raw_affiliation_strings":["Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand"],"affiliations":[{"raw_affiliation_string":"Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]},{"raw_affiliation_string":"School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000718224","display_name":"Parich Sakda","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Parich Sakda","raw_affiliation_strings":["Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand"],"affiliations":[{"raw_affiliation_string":"Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]},{"raw_affiliation_string":"School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065674337","display_name":"Somchart Fugkeaw","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Somchart Fugkeaw","raw_affiliation_strings":["Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand"],"affiliations":[{"raw_affiliation_string":"Thammasat University,Sirindhorn International Institute of Technology,School of Information, Computer, and Communication Technology (ICT),Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]},{"raw_affiliation_string":"School of Information, Computer, and Communication Technology (ICT), Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I108108428"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5001864649"],"corresponding_institution_ids":["https://openalex.org/I108108428"],"apc_list":null,"apc_paid":null,"fwci":0.4066,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.53389247,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9871000051498413,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9729951620101929},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7838793992996216},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7783379554748535},{"id":"https://openalex.org/keywords/tree-traversal","display_name":"Tree traversal","score":0.5110174417495728},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4568210244178772},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.44046127796173096},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4180501699447632},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.41461506485939026},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.35639941692352295},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.33519208431243896},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.30818474292755127}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9729951620101929},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7838793992996216},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7783379554748535},{"id":"https://openalex.org/C140745168","wikidata":"https://www.wikidata.org/wiki/Q1210082","display_name":"Tree traversal","level":2,"score":0.5110174417495728},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4568210244178772},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.44046127796173096},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4180501699447632},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.41461506485939026},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.35639941692352295},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.33519208431243896},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.30818474292755127},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/kst57286.2023.10086910","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/kst57286.2023.10086910","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 15th International Conference on Knowledge and Smart Technology (KST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6899999976158142}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2461373307","https://openalex.org/W2752929869","https://openalex.org/W2761652379","https://openalex.org/W2775582065","https://openalex.org/W2789729245","https://openalex.org/W2970545278","https://openalex.org/W2974072230","https://openalex.org/W3086410687","https://openalex.org/W4285723986","https://openalex.org/W4286795917","https://openalex.org/W6601404591","https://openalex.org/W6745537798","https://openalex.org/W6797464607"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4253977752","https://openalex.org/W2964829536","https://openalex.org/W3120595989","https://openalex.org/W4232561318","https://openalex.org/W1995118279","https://openalex.org/W4240624848","https://openalex.org/W3214090987"],"abstract_inverted_index":{"Ransomware":[0],"is":[1,45,121,134],"one":[2,52],"of":[3,24,33,59],"the":[4,14,18,22,31,41,49,57,62,91,98],"most":[5],"prevalent":[6],"cybercrimes":[7],"where":[8],"an":[9],"attacker":[10],"steals":[11],"or":[12],"freezes":[13],"organizational":[15],"data":[16,19],"through":[17],"encryption.":[20],"Thus,":[21,78],"task":[23],"ransomware":[25,87],"detection":[26,88],"has":[27],"great":[28],"importance":[29],"in":[30,38,56,67],"field":[32],"cyber":[34],"security.":[35],"One":[36],"thing":[37],"common":[39],"with":[40],"existing":[42],"models":[43],"today":[44],"that":[46,130],"they":[47],"treated":[48],"assemblies":[50,99],"as":[51],"long":[53],"text.":[54],"While":[55],"execution":[58],"real":[60,137],"code,":[61],"program":[63],"counter":[64],"may":[65],"jump":[66],"between":[68],"lines,":[69],"making":[70],"it":[71],"more":[72],"like":[73],"graph":[74],"traversal":[75],"than":[76],"linear.":[77],"we":[79,108,125],"proposed":[80,132],"a":[81,117,122],"new":[82],"deep":[83],"learning":[84],"model":[85],"for":[86,136],"based":[89],"on":[90],"executable":[92,119],"file":[93,120],"disassembling":[94],"analysis.":[95],"We":[96],"split":[97],"into":[100],"non-branching":[101],"sequences":[102],"and":[103],"apply":[104],"per-sequence":[105],"embedding.":[106],"Then,":[107],"employed":[109],"Graph":[110],"Attention":[111],"Network":[112],"(GAT)":[113],"to":[114,128],"classify":[115],"whether":[116],"suspect":[118],"ransomware.":[123],"Finally,":[124],"conducted":[126],"experiments":[127],"show":[129],"our":[131],"system":[133],"efficient":[135],"deployment.":[138]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-01-13T01:12:25.745995","created_date":"2025-10-10T00:00:00"}