{"id":"https://openalex.org/W7134189699","doi":"https://doi.org/10.1186/s13635-026-00229-7","title":"Ransomware detection based on server-side file operation logs using machine learning","display_name":"Ransomware detection based on server-side file operation logs using machine learning","publication_year":2026,"publication_date":"2026-03-09","ids":{"openalex":"https://openalex.org/W7134189699","doi":"https://doi.org/10.1186/s13635-026-00229-7"},"language":"en","primary_location":{"id":"doi:10.1186/s13635-026-00229-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-026-00229-7","pdf_url":null,"source":{"id":"https://openalex.org/S5407056161","display_name":"Journal on Information Security","issn_l":"3091-4515","issn":["3091-4515"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal on Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1186/s13635-026-00229-7","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057177066","display_name":"G\u00e1bor Aranyi","orcid":"https://orcid.org/0000-0002-4543-0886"},"institutions":[{"id":"https://openalex.org/I140275651","display_name":"University of Pannonia","ror":"https://ror.org/03y5egs41","country_code":"HU","type":"education","lineage":["https://openalex.org/I140275651"]}],"countries":["HU"],"is_corresponding":true,"raw_author_name":"G\u00e1bor Ar\u00e1nyi","raw_affiliation_strings":["Department of Electrical Engineering and Information Systems, University of Pannonia, 10 Egyetem str., Veszpr\u00e9m, 8200, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Information Systems, University of Pannonia, 10 Egyetem str., Veszpr\u00e9m, 8200, Hungary","institution_ids":["https://openalex.org/I140275651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061887883","display_name":"Tam\u00e1s Miseta","orcid":"https://orcid.org/0009-0000-8035-720X"},"institutions":[{"id":"https://openalex.org/I140275651","display_name":"University of Pannonia","ror":"https://ror.org/03y5egs41","country_code":"HU","type":"education","lineage":["https://openalex.org/I140275651"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Tam\u00e1s Miseta","raw_affiliation_strings":["Department of Electrical Engineering and Information Systems, University of Pannonia, 10 Egyetem str., Veszpr\u00e9m, 8200, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Information Systems, University of Pannonia, 10 Egyetem str., Veszpr\u00e9m, 8200, Hungary","institution_ids":["https://openalex.org/I140275651"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085979574","display_name":"Veronika Sz\u00fccs","orcid":"https://orcid.org/0000-0001-5967-1405"},"institutions":[{"id":"https://openalex.org/I140275651","display_name":"University of Pannonia","ror":"https://ror.org/03y5egs41","country_code":"HU","type":"education","lineage":["https://openalex.org/I140275651"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Veronika Sz\u00fccs","raw_affiliation_strings":["Department of Electrical Engineering and Information Systems, University of Pannonia, 10 Egyetem str., Veszpr\u00e9m, 8200, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Information Systems, University of Pannonia, 10 Egyetem str., Veszpr\u00e9m, 8200, Hungary","institution_ids":["https://openalex.org/I140275651"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5057177066"],"corresponding_institution_ids":["https://openalex.org/I140275651"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.35136392,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2026","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9873999953269958,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9873999953269958,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.003100000089034438,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.0019000000320374966,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9663000106811523},{"id":"https://openalex.org/keywords/file-system","display_name":"File system","score":0.47999998927116394},{"id":"https://openalex.org/keywords/supervised-learning","display_name":"Supervised learning","score":0.3939000070095062},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.34940001368522644},{"id":"https://openalex.org/keywords/binary-classification","display_name":"Binary classification","score":0.32899999618530273},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.3075000047683716},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.29190000891685486}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9663000106811523},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8198000192642212},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6353999972343445},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.49140000343322754},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.47999998927116394},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.3939000070095062},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.37139999866485596},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.34940001368522644},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33809998631477356},{"id":"https://openalex.org/C66905080","wikidata":"https://www.wikidata.org/wiki/Q17005494","display_name":"Binary classification","level":3,"score":0.32899999618530273},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.32030001282691956},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3075000047683716},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.29190000891685486},{"id":"https://openalex.org/C88520388","wikidata":"https://www.wikidata.org/wiki/Q1126823","display_name":"SSH File Transfer Protocol","level":4,"score":0.2786000072956085},{"id":"https://openalex.org/C21200559","wikidata":"https://www.wikidata.org/wiki/Q7451068","display_name":"Sensitivity (control systems)","level":2,"score":0.27399998903274536},{"id":"https://openalex.org/C120524526","wikidata":"https://www.wikidata.org/wiki/Q1709148","display_name":"Reboot","level":2,"score":0.26829999685287476},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.2667999863624573},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.2574000060558319},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.25380000472068787}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1186/s13635-026-00229-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-026-00229-7","pdf_url":null,"source":{"id":"https://openalex.org/S5407056161","display_name":"Journal on Information Security","issn_l":"3091-4515","issn":["3091-4515"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal on Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1186/s13635-026-00229-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-026-00229-7","pdf_url":null,"source":{"id":"https://openalex.org/S5407056161","display_name":"Journal on Information Security","issn_l":"3091-4515","issn":["3091-4515"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal on Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5689433813095093,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[{"id":"https://openalex.org/F3080106780","display_name":"Pannon Egyetem","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W138280488","https://openalex.org/W2049398379","https://openalex.org/W2112743888","https://openalex.org/W2533784697","https://openalex.org/W2761152885","https://openalex.org/W2923501234","https://openalex.org/W3005738624","https://openalex.org/W3023835802","https://openalex.org/W3092771185","https://openalex.org/W3118910683","https://openalex.org/W3176551042","https://openalex.org/W3202594349","https://openalex.org/W4281725204","https://openalex.org/W4296367487","https://openalex.org/W4309939034","https://openalex.org/W4316690373","https://openalex.org/W4321365946","https://openalex.org/W4322493038","https://openalex.org/W4322730961","https://openalex.org/W4381890377","https://openalex.org/W4384948742","https://openalex.org/W4385183718","https://openalex.org/W4388193636","https://openalex.org/W4389454898","https://openalex.org/W4391333914","https://openalex.org/W4400939031","https://openalex.org/W4401752408","https://openalex.org/W4402806338","https://openalex.org/W4403064601","https://openalex.org/W4403912191","https://openalex.org/W4404036821","https://openalex.org/W4408750169","https://openalex.org/W4409333561","https://openalex.org/W6903315026"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Purpose":[1],"This":[2,260],"research":[3],"examines":[4],"the":[5,160,173,192,198,250],"feasibility":[6],"and":[7,31,65,80,94,105,116,123,128,142,180,223,247,274,300],"effectiveness":[8],"of":[9,20,159,178,195,200],"detecting":[10,227],"ransomware":[11,25,99,189,228,294],"attacks":[12,97,229],"in":[13,29,41,197,206,278,293],"quasi":[14,63,265],"real-time":[15,64,266],"by":[16,98],"leveraging":[17],"AI-based":[18],"monitoring":[19,55],"centralized":[21,217],"file":[22,92,120,149,212,218,244],"operations.":[23],"As":[24],"continues":[26],"to":[27,50,118,233],"evolve":[28],"speed":[30],"complexity,":[32],"traditional":[33],"endpoint":[34,281],"protection":[35,282],"mechanisms":[36],"often":[37],"fall":[38],"short,":[39],"especially":[40,276],"environments":[42],"with":[43,57,175,210],"limited":[44],"client-side":[45],"defense.":[46],"The":[47,156,186,287],"goal":[48],"is":[49,275,283],"determine":[51],"whether":[52],"lightweight,":[53],"server-side":[54],"combined":[56],"machine":[58,130],"learning":[59,131,146],"can":[60],"provide":[61],"a":[62,176,207,221,263],"accurate":[66],"detection":[67,168,267],"mechanism":[68,111],"without":[69,230],"relying":[70],"on":[71,147],"client":[72,234],"instrumentation.":[73],"Applied":[74],"methodology":[75],"A":[76,107],"virtualized":[77],"SME":[78],"(small-":[79],"medium-sized":[81],"enterprise)":[82],"infrastructure":[83],"was":[84,112],"developed,":[85],"simulating":[86],"realistic":[87],"user":[88],"behavior":[89],"through":[90],"automated":[91],"operations":[93],"randomly":[95],"triggered":[96],"samples":[100],"(Ryuk,":[101],"NotPetya,":[102],"Lockbit,":[103],"Teslacrypt,":[104],"WannaCry).":[106],"nanosecond-scale":[108],"time-stamped":[109],"logging":[110],"implemented":[113],"using":[114,144,152,240],"Fluentbit":[115],"InfluxDB":[117],"track":[119],"creation,":[121],"renaming,":[122],"deletion":[124],"events.":[125],"Five":[126],"classic":[127],"ensemble":[129],"models":[132,161],"(Random":[133],"Forest,":[134],"Decision":[135],"Tree,":[136],"SVM,":[137],"AdaBoost,":[138],"XGBoost)":[139],"were":[140],"trained":[141],"optimized":[143],"supervised":[145],"aggregated":[148],"operation":[150,245],"sequences":[151],"one-second":[153],"intervals.":[154],"Results":[155],"comparative":[157],"evaluation":[158],"showed":[162],"that":[163,269,296],"all":[164],"five":[165],"achieved":[166],"reliable":[167],"performance,":[169,299],"but":[170],"XGBoost":[171],"outperformed":[172],"others":[174],"sensitivity":[177],"91.87%":[179],"prediction":[181],"speeds":[182],"below":[183],"1":[184],"ms.":[185],"model":[187],"identified":[188],"activity":[190,219],"during":[191],"early":[193],"phases":[194],"execution":[196],"majority":[199],"test":[201],"cases,":[202],"even":[203],"when":[204],"operating":[205],"high-noise":[208],"environment":[209],"real-world":[211],"usage":[213],"patterns.":[214],"Conclusions":[215],"Monitoring":[216],"offers":[220],"practical":[222],"efficient":[224],"means":[225],"for":[226],"requiring":[231],"access":[232],"systems":[235],"or":[236,285],"process-level":[237],"telemetry.":[238],"By":[239],"only":[241],"three":[242],"simple":[243],"metrics":[246],"binary":[248],"classification,":[249],"system":[251],"does":[252],"not":[253],"require":[254],"complex,":[255],"resource-intensive":[256],"behavioral":[257],"models.":[258],"Contribution":[259],"study":[261],"presents":[262],"scalable,":[264],"framework":[268],"complements":[270],"existing":[271],"security":[272],"layers":[273],"valuable":[277],"scenarios":[279],"where":[280],"weak":[284],"inconsistent.":[286],"findings":[288],"highlight":[289],"an":[290],"alternative":[291],"direction":[292],"defense":[295],"emphasizes":[297],"simplicity,":[298],"deployability.":[301]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2026-03-09T00:00:00"}
