{"id":"https://openalex.org/W2945500821","doi":"https://doi.org/10.1109/fuzz-ieee.2019.8858825","title":"Cyberthreat Hunting - Part 2: Tracking Ransomware Threat Actors using Fuzzy Hashing and Fuzzy C-Means Clustering","display_name":"Cyberthreat Hunting - Part 2: Tracking Ransomware Threat Actors using Fuzzy Hashing and Fuzzy C-Means Clustering","publication_year":2019,"publication_date":"2019-06-01","ids":{"openalex":"https://openalex.org/W2945500821","doi":"https://doi.org/10.1109/fuzz-ieee.2019.8858825","mag":"2945500821"},"language":"en","primary_location":{"id":"doi:10.1109/fuzz-ieee.2019.8858825","is_oa":false,"landing_page_url":"https://doi.org/10.1109/fuzz-ieee.2019.8858825","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://nrl.northumbria.ac.uk/id/eprint/38878/1/FUZZ_IEEE_19_CyberThreatHunting_II.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089628794","display_name":"Nitin Naik","orcid":"https://orcid.org/0000-0002-0659-9646"},"institutions":[{"id":"https://openalex.org/I1306956679","display_name":"Ministry of Defence","ror":"https://ror.org/01bvxzn29","country_code":"GB","type":"government","lineage":["https://openalex.org/I1306956679","https://openalex.org/I2802373619"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Nitin Naik","raw_affiliation_strings":["Defence School of Communications and Information Systems, Ministry of Defence, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Defence School of Communications and Information Systems, Ministry of Defence, United Kingdom","institution_ids":["https://openalex.org/I1306956679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064994129","display_name":"Paul Jenkins","orcid":"https://orcid.org/0000-0002-9854-9450"},"institutions":[{"id":"https://openalex.org/I1306956679","display_name":"Ministry of Defence","ror":"https://ror.org/01bvxzn29","country_code":"GB","type":"government","lineage":["https://openalex.org/I1306956679","https://openalex.org/I2802373619"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Paul Jenkins","raw_affiliation_strings":["Defence School of Communications and Information Systems, Ministry of Defence, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Defence School of Communications and Information Systems, Ministry of Defence, United Kingdom","institution_ids":["https://openalex.org/I1306956679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008471645","display_name":"Nick Savage","orcid":"https://orcid.org/0000-0001-9391-5100"},"institutions":[{"id":"https://openalex.org/I63072094","display_name":"University of Portsmouth","ror":"https://ror.org/03ykbk197","country_code":"GB","type":"education","lineage":["https://openalex.org/I63072094"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Nick Savage","raw_affiliation_strings":["School of Computing, University of Portsmouth, United Kingdom"],"affiliations":[{"raw_affiliation_string":"School of Computing, University of Portsmouth, United Kingdom","institution_ids":["https://openalex.org/I63072094"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065079117","display_name":"Longzhi Yang","orcid":"https://orcid.org/0000-0003-2115-4909"},"institutions":[{"id":"https://openalex.org/I32394136","display_name":"Northumbria University","ror":"https://ror.org/049e6bc10","country_code":"GB","type":"education","lineage":["https://openalex.org/I32394136"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Longzhi Yang","raw_affiliation_strings":["Department of Computer and Information Sciences, Northumbria University, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Department of Computer and Information Sciences, Northumbria University, United Kingdom","institution_ids":["https://openalex.org/I32394136"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5089628794"],"corresponding_institution_ids":["https://openalex.org/I1306956679"],"apc_list":null,"apc_paid":null,"fwci":3.3382,"has_fulltext":true,"cited_by_count":27,"citation_normalized_percentile":{"value":0.93104917,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.7801201343536377},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.6875990629196167},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6503410339355469},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6428608894348145},{"id":"https://openalex.org/keywords/fuzzy-clustering","display_name":"Fuzzy clustering","score":0.592715859413147},{"id":"https://openalex.org/keywords/fuzzy-logic","display_name":"Fuzzy logic","score":0.582119882106781},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.4674566388130188},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.43963128328323364},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4201659858226776},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.16549953818321228},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.10165750980377197},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.07803601026535034}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.7801201343536377},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.6875990629196167},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6503410339355469},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6428608894348145},{"id":"https://openalex.org/C17212007","wikidata":"https://www.wikidata.org/wiki/Q5511111","display_name":"Fuzzy clustering","level":3,"score":0.592715859413147},{"id":"https://openalex.org/C58166","wikidata":"https://www.wikidata.org/wiki/Q224821","display_name":"Fuzzy logic","level":2,"score":0.582119882106781},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.4674566388130188},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.43963128328323364},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4201659858226776},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.16549953818321228},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.10165750980377197},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.07803601026535034}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/fuzz-ieee.2019.8858825","is_oa":false,"landing_page_url":"https://doi.org/10.1109/fuzz-ieee.2019.8858825","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)","raw_type":"proceedings-article"},{"id":"pmh:oai:nrl.northumbria.ac.uk:38878","is_oa":true,"landing_page_url":null,"pdf_url":"http://nrl.northumbria.ac.uk/id/eprint/38878/1/FUZZ_IEEE_19_CyberThreatHunting_II.pdf","source":{"id":"https://openalex.org/S4306401884","display_name":"Northumbria Research Link (Northumbria University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I32394136","host_organization_name":"Northumbria University","host_organization_lineage":["https://openalex.org/I32394136"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference or Workshop Item"}],"best_oa_location":{"id":"pmh:oai:nrl.northumbria.ac.uk:38878","is_oa":true,"landing_page_url":null,"pdf_url":"http://nrl.northumbria.ac.uk/id/eprint/38878/1/FUZZ_IEEE_19_CyberThreatHunting_II.pdf","source":{"id":"https://openalex.org/S4306401884","display_name":"Northumbria Research Link (Northumbria University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I32394136","host_organization_name":"Northumbria University","host_organization_lineage":["https://openalex.org/I32394136"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference or Workshop Item"},"sustainable_development_goals":[{"score":0.7099999785423279,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2945500821.pdf"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W1549130775","https://openalex.org/W1591082683","https://openalex.org/W1990999691","https://openalex.org/W1995077566","https://openalex.org/W1995450389","https://openalex.org/W2035028362","https://openalex.org/W2038683228","https://openalex.org/W2120688485","https://openalex.org/W2126120381","https://openalex.org/W2167428023","https://openalex.org/W2168154523","https://openalex.org/W2172607710","https://openalex.org/W2468072172","https://openalex.org/W2528880615","https://openalex.org/W2556507683","https://openalex.org/W2587798408","https://openalex.org/W2614042168","https://openalex.org/W2705431144","https://openalex.org/W2746282326","https://openalex.org/W2747994176","https://openalex.org/W2768881458","https://openalex.org/W2780698577","https://openalex.org/W2891168291","https://openalex.org/W2897156262","https://openalex.org/W2897846265","https://openalex.org/W2902638435","https://openalex.org/W2902669569","https://openalex.org/W2907840713","https://openalex.org/W2912055266","https://openalex.org/W2913412946","https://openalex.org/W2913428813","https://openalex.org/W2944304051","https://openalex.org/W2980004293","https://openalex.org/W6685286602","https://openalex.org/W6737892506"],"related_works":["https://openalex.org/W2945382830","https://openalex.org/W4224807364","https://openalex.org/W2596632494","https://openalex.org/W2535986621","https://openalex.org/W1980197432","https://openalex.org/W2382432689","https://openalex.org/W2000612978","https://openalex.org/W4388110928","https://openalex.org/W1483228865","https://openalex.org/W4312412183"],"abstract_inverted_index":{"Threat":[0],"actors":[1],"are":[2,228],"constantly":[3],"seeking":[4],"new":[5],"attack":[6,15,86],"surfaces,":[7],"with":[8],"ransomeware":[9],"being":[10],"one":[11],"the":[12,30,82,85,104,132,182,192,199,209,219,239,243],"most":[13],"successful":[14],"vectors":[16],"that":[17],"have":[18],"been":[19,27],"used":[20],"for":[21,177],"financial":[22],"gain.":[23],"T":[24,116],"his":[25],"has":[26],"achieved":[28],"through":[29],"dispersion":[31],"of":[32,36,84,93,134,194,197,208],"unlimited":[33],"polymorphic":[34],"samples":[35,95,129],"ransomware":[37,49,94,128],"whilst":[38],"those":[39],"responsible":[40],"evade":[41],"detection":[42],"and":[43,109,114,140,161,218,225],"hide":[44],"their":[45,62,73,107,232],"identity.":[46],"Nonetheless,":[47],"every":[48],"threat":[50],"actor":[51],"adopts":[52],"some":[53,58],"similar":[54,165],"style":[55],"or":[56,100,203],"uses":[57],"common":[59],"patterns":[60],"in":[61,78],"malicious":[63],"code":[64],"writing,":[65],"which":[66,227],"can":[67,111,150],"be":[68,112],"significant":[69],"evidence":[70],"contributing":[71],"to":[72,80,88,126,172,236],"identification.":[74],"he":[75],"first":[76],"step":[77],"attempting":[79],"identify":[81],"source":[83],"is":[87,201,213],"cluster":[89,127,162],"a":[90,157],"large":[91],"number":[92],"based":[96,130,230],"on":[97,131,231],"very":[98],"little":[99],"no":[101],"information":[102],"about":[103],"samples,":[105],"accordingly,":[106],"traits":[108],"signatures":[110],"analysed":[113],"identified.":[115],"herefore,":[117],"this":[118],"paper":[119],"proposes":[120],"an":[121],"efficient":[122],"fuzzy":[123,136,138,141,158,187,211,221],"analysis":[124],"approach":[125],"combination":[133],"two":[135,220],"techniques":[137],"hashing":[139,159,222],"c-means":[142],"(FCM)":[143],"clustering.":[144,178],"Unlike":[145],"other":[146],"clustering":[147,217,234,244],"techniques,":[148],"FCM":[149,233],"directly":[151],"utilise":[152],"similarity":[153,188,240],"scores":[154,189],"generated":[155],"by":[156,185],"method":[160,212],"them":[163],"into":[164],"groups":[166],"without":[167],"requiring":[168],"additional":[169],"transformational":[170],"steps":[171],"obtain":[173],"distance":[174],"among":[175],"objects":[176],"Thus,":[179],"it":[180],"reduces":[181],"computational":[183],"overheads":[184],"utilising":[186],"obtained":[190],"at":[191],"time":[193],"initial":[195],"triaging":[196],"whether":[198],"sample":[200],"known":[202],"unknown":[204],"ransomware.":[205],"The":[206],"performance":[207],"proposed":[210],"compared":[214],"against":[215],"k-means":[216],"methods":[223],"SSDEEP":[224],"SDHASH":[226],"evaluated":[229],"results":[235],"understand":[237],"how":[238],"score":[241],"affects":[242],"results.":[245]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":4}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}