{"id":"https://openalex.org/W4416961692","doi":"https://doi.org/10.1109/pst65910.2025.11268847","title":"Detecting Ransomware Before It Bites: A Hybrid Model Approach for Early Ransomware Detection","display_name":"Detecting Ransomware Before It Bites: A Hybrid Model Approach for Early Ransomware Detection","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416961692","doi":"https://doi.org/10.1109/pst65910.2025.11268847"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268847","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268847","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085994972","display_name":"S M Jamil Uddin","orcid":"https://orcid.org/0000-0002-6829-1487"},"institutions":[{"id":"https://openalex.org/I3129222093","display_name":"University of Fredericton","ror":"https://ror.org/01c3s4w91","country_code":"CA","type":"education","lineage":["https://openalex.org/I3129222093"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Sk Mahtab Uddin","raw_affiliation_strings":["Canadian Institute for Cybersecurity Fredericton,Department of Computer Science,Canada"],"affiliations":[{"raw_affiliation_string":"Canadian Institute for Cybersecurity Fredericton,Department of Computer Science,Canada","institution_ids":["https://openalex.org/I3129222093"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075610474","display_name":"Saqib Hakak","orcid":"https://orcid.org/0000-0002-8718-0336"},"institutions":[{"id":"https://openalex.org/I3129222093","display_name":"University of Fredericton","ror":"https://ror.org/01c3s4w91","country_code":"CA","type":"education","lineage":["https://openalex.org/I3129222093"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Saqib Hakak","raw_affiliation_strings":["Canadian Institute for Cybersecurity Fredericton,Department of Computer Science,Canada"],"affiliations":[{"raw_affiliation_string":"Canadian Institute for Cybersecurity Fredericton,Department of Computer Science,Canada","institution_ids":["https://openalex.org/I3129222093"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047036764","display_name":"Miguel Garz\u00f3n","orcid":null},"institutions":[{"id":"https://openalex.org/I9374425","display_name":"Ottawa University","ror":"https://ror.org/04jscf286","country_code":"US","type":"education","lineage":["https://openalex.org/I9374425"]},{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA","US"],"is_corresponding":false,"raw_author_name":"Miguel Garz\u00f3n","raw_affiliation_strings":["University of Ottawa,School of Electrical Engineering Computer Science,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"University of Ottawa,School of Electrical Engineering Computer Science,Ottawa,Canada","institution_ids":["https://openalex.org/I153718931","https://openalex.org/I9374425"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5085994972"],"corresponding_institution_ids":["https://openalex.org/I3129222093"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.49021152,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.0008999999845400453,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":9.999999747378752e-05,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9702000021934509},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.6536999940872192},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.6219000220298767},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.5579000115394592},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.54339998960495},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5083000063896179},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.4860000014305115},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4415999948978424}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9702000021934509},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7347000241279602},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.6536999940872192},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.6219000220298767},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.5579000115394592},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.54339998960495},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5083000063896179},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.4860000014305115},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48179998993873596},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4415999948978424},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.37929999828338623},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.34360000491142273},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.3424000144004822},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.32019999623298645},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.27570000290870667},{"id":"https://openalex.org/C112505250","wikidata":"https://www.wikidata.org/wiki/Q787116","display_name":"Automaton","level":2,"score":0.2736999988555908},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.2736000120639801},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.2712000012397766},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.26420000195503235}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/pst65910.2025.11268847","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268847","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W3040422908","https://openalex.org/W3201224956","https://openalex.org/W4205839607","https://openalex.org/W4324284890","https://openalex.org/W4379879883","https://openalex.org/W4381744946","https://openalex.org/W4383981974","https://openalex.org/W4386988695","https://openalex.org/W4390423677","https://openalex.org/W4394893882","https://openalex.org/W4399412863","https://openalex.org/W4401515386","https://openalex.org/W4403537689","https://openalex.org/W4405812804"],"related_works":[],"abstract_inverted_index":{"Ransomware":[0],"attacks":[1],"are":[2,29],"a":[3,60,93,133,142],"growing":[4],"threat":[5],"to":[6,31,36,43,54,96,111,123,151],"organizations":[7],"worldwide,":[8],"with":[9],"sensitive":[10],"data":[11],"encrypted":[12],"and":[13,26,49,71,89,100],"held":[14],"hostage":[15],"for":[16,135,144],"ransom.":[17],"Although":[18],"traditional":[19],"ransomware":[20,38,66,77,113,125,137,153],"detection":[21,61,146],"methods,":[22],"such":[23],"as":[24],"signature-based":[25],"heuristic":[27],"detection,":[28,138],"effective":[30],"some":[32],"extent,":[33],"they":[34],"struggle":[35],"identify":[37,65,124],"before":[39,127],"encryption":[40],"begins":[41],"due":[42],"evasion":[44],"techniques":[45],"like":[46],"code":[47],"obfuscation":[48],"polymorphism.":[50],"This":[51],"work":[52],"aims":[53],"address":[55],"this":[56,139],"gap":[57],"by":[58,68],"developing":[59],"method":[62],"that":[63,148],"can":[64,149],"early":[67,136],"analyzing":[69],"static":[70,80],"dynamic":[72,90],"features.":[73,101],"The":[74,120],"system":[75],"tests":[76],"samples":[78],"using":[79],"analysis":[81,91],"of":[82,104],"Portable":[83],"Executable":[84],"(PE)":[85],"files":[86],"without":[87],"execution":[88],"in":[92],"sandbox":[94],"environment":[95],"capture":[97],"pre-encryption":[98],"behaviors":[99],"A":[102],"set":[103],"state-of-the-art":[105],"machine":[106],"learning":[107],"algorithms":[108],"is":[109,122],"employed":[110],"classify":[112],"activity":[114,126],"based":[115],"on":[116],"these":[117],"behavioral":[118],"patterns.":[119],"goal":[121],"it":[128],"executes":[129],"encryption.":[130],"By":[131],"establishing":[132],"framework":[134],"study":[140],"provides":[141],"pathway":[143],"scalable":[145],"systems":[147],"adapt":[150],"evolving":[152],"threats.":[154]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-03T00:00:00"}