{"id":"https://openalex.org/W4390879901","doi":"https://doi.org/10.3390/info15010046","title":"A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization","display_name":"A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization","publication_year":2024,"publication_date":"2024-01-14","ids":{"openalex":"https://openalex.org/W4390879901","doi":"https://doi.org/10.3390/info15010046"},"language":"en","primary_location":{"id":"doi:10.3390/info15010046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info15010046","pdf_url":"https://www.mdpi.com/2078-2489/15/1/46/pdf?version=1705215735","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2078-2489/15/1/46/pdf?version=1705215735","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010560252","display_name":"Bahaa Yamany","orcid":null},"institutions":[{"id":"https://openalex.org/I57629906","display_name":"Nile University","ror":"https://ror.org/03cg7cp61","country_code":"EG","type":"education","lineage":["https://openalex.org/I57629906"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Bahaa Yamany","raw_affiliation_strings":["School of Information Technology and Computer Science, Nile University, Cairo 12566, Egypt"],"affiliations":[{"raw_affiliation_string":"School of Information Technology and Computer Science, Nile University, Cairo 12566, Egypt","institution_ids":["https://openalex.org/I57629906"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088141347","display_name":"Mahmoud Said Elsayed","orcid":"https://orcid.org/0000-0003-2416-7481"},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":true,"raw_author_name":"Mahmoud Said Elsayed","raw_affiliation_strings":["School of Computer Science, University College Dublin, Belfield, D04 V1W8 Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, University College Dublin, Belfield, D04 V1W8 Dublin, Ireland","institution_ids":["https://openalex.org/I100930933"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022546955","display_name":"Anca Delia Jurcut","orcid":"https://orcid.org/0000-0002-2705-1823"},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Anca D. Jurcut","raw_affiliation_strings":["School of Computer Science, University College Dublin, Belfield, D04 V1W8 Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, University College Dublin, Belfield, D04 V1W8 Dublin, Ireland","institution_ids":["https://openalex.org/I100930933"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075177859","display_name":"Nashwa Abdelbaki","orcid":"https://orcid.org/0000-0002-2724-6209"},"institutions":[{"id":"https://openalex.org/I57629906","display_name":"Nile University","ror":"https://ror.org/03cg7cp61","country_code":"EG","type":"education","lineage":["https://openalex.org/I57629906"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Nashwa Abdelbaki","raw_affiliation_strings":["School of Information Technology and Computer Science, Nile University, Cairo 12566, Egypt"],"affiliations":[{"raw_affiliation_string":"School of Information Technology and Computer Science, Nile University, Cairo 12566, Egypt","institution_ids":["https://openalex.org/I57629906"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026193065","display_name":"Marianne A. Azer","orcid":"https://orcid.org/0000-0002-8068-5120"},"institutions":[{"id":"https://openalex.org/I4210165434","display_name":"National Telecommunications Institute","ror":"https://ror.org/05g82f642","country_code":"EG","type":"education","lineage":["https://openalex.org/I4210165434"]},{"id":"https://openalex.org/I57629906","display_name":"Nile University","ror":"https://ror.org/03cg7cp61","country_code":"EG","type":"education","lineage":["https://openalex.org/I57629906"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Marianne A. Azer","raw_affiliation_strings":["Computers and Systems Department, National Telecommunication Institute, Cairo 11768, Egypt","School of Information Technology and Computer Science, Nile University, Cairo 12566, Egypt"],"affiliations":[{"raw_affiliation_string":"Computers and Systems Department, National Telecommunication Institute, Cairo 11768, Egypt","institution_ids":["https://openalex.org/I4210165434"]},{"raw_affiliation_string":"School of Information Technology and Computer Science, Nile University, Cairo 12566, Egypt","institution_ids":["https://openalex.org/I57629906"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5088141347"],"corresponding_institution_ids":["https://openalex.org/I100930933"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":7.4709,"has_fulltext":true,"cited_by_count":20,"citation_normalized_percentile":{"value":0.9797612,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"15","issue":"1","first_page":"46","last_page":"46"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9745000004768372,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9656999707221985,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.8813408613204956},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.807375967502594},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.7497612833976746},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6707664728164673},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.597492516040802},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5046285390853882},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.41379544138908386},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.39172518253326416},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.18579956889152527},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.16784578561782837}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.8813408613204956},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.807375967502594},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.7497612833976746},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6707664728164673},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.597492516040802},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5046285390853882},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.41379544138908386},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.39172518253326416},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.18579956889152527},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.16784578561782837},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/info15010046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info15010046","pdf_url":"https://www.mdpi.com/2078-2489/15/1/46/pdf?version=1705215735","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:8288baec17fb4ff3b627bb8b8aa100b8","is_oa":true,"landing_page_url":"https://doaj.org/article/8288baec17fb4ff3b627bb8b8aa100b8","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Information, Vol 15, Iss 1, p 46 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/info15010046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info15010046","pdf_url":"https://www.mdpi.com/2078-2489/15/1/46/pdf?version=1705215735","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8100000023841858,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4390879901.pdf"},"referenced_works_count":50,"referenced_works":["https://openalex.org/W2531260576","https://openalex.org/W2601116080","https://openalex.org/W2784113120","https://openalex.org/W2799784398","https://openalex.org/W2802074386","https://openalex.org/W2892886244","https://openalex.org/W2954539634","https://openalex.org/W2980038013","https://openalex.org/W2980075242","https://openalex.org/W2986013500","https://openalex.org/W3015800066","https://openalex.org/W3035775076","https://openalex.org/W3039088822","https://openalex.org/W3045044533","https://openalex.org/W3086410687","https://openalex.org/W3087100893","https://openalex.org/W3093612846","https://openalex.org/W3111126165","https://openalex.org/W3113154577","https://openalex.org/W3114681532","https://openalex.org/W3132588576","https://openalex.org/W3201124227","https://openalex.org/W3205483739","https://openalex.org/W3214926740","https://openalex.org/W3217164279","https://openalex.org/W4200054136","https://openalex.org/W4206089482","https://openalex.org/W4206724648","https://openalex.org/W4210579926","https://openalex.org/W4210935918","https://openalex.org/W4220801425","https://openalex.org/W4220962397","https://openalex.org/W4223646500","https://openalex.org/W4288436242","https://openalex.org/W4290829900","https://openalex.org/W4296438248","https://openalex.org/W4306377502","https://openalex.org/W4306877232","https://openalex.org/W4307574285","https://openalex.org/W4309569390","https://openalex.org/W4311493459","https://openalex.org/W4313216189","https://openalex.org/W4328130280","https://openalex.org/W4388116289","https://openalex.org/W4388571407","https://openalex.org/W4389220936","https://openalex.org/W6750762285","https://openalex.org/W6805146165","https://openalex.org/W6846364358","https://openalex.org/W6847486076"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4253977752","https://openalex.org/W2964829536","https://openalex.org/W3120595989","https://openalex.org/W4232561318","https://openalex.org/W2904586340","https://openalex.org/W2942879794","https://openalex.org/W3202245533"],"abstract_inverted_index":{"Ransomware":[0],"is":[1,22,160],"a":[2,9,23,48,97,135,150,177,242],"type":[3],"of":[4,57,72,99,137,153,157,163,174,190,231,240,249,266,273,281],"malicious":[5],"software":[6],"that":[7,29,142,223],"encrypts":[8],"victim\u2019s":[10],"files":[11],"and":[12,26,34,38,65,82,105,128,140,170,180,193,202,221,258,263,292],"demands":[13],"payment":[14],"in":[15,176,229,278],"exchange":[16],"for":[17,260],"the":[18,41,55,70,108,119,147,161,188,238,247,261,271,279],"decryption":[19],"key.":[20],"It":[21,268],"rapidly":[24],"growing":[25],"evolving":[27],"threat":[28],"has":[30,187],"caused":[31],"significant":[32],"damage":[33],"disruption":[35],"to":[36,76,83,102,117,168,200,212],"individuals":[37],"organizations":[39],"around":[40],"world.":[42],"In":[43,183],"this":[44],"paper,":[45],"we":[46],"propose":[47],"comprehensive":[49,243],"ransomware":[50,80,138,175,205,283],"classification":[51,214,232,265,284],"approach":[52,68,133,159,211,225,244],"based":[53,87,216,245],"on":[54,88,217,246],"comparison":[56,100,248],"similarity":[58,85,112],"matrices":[59,86,92],"derived":[60],"from":[61,79],"static,":[62],"dynamic":[63,196,256],"analysis,":[64,255,257],"visualization.":[66],"Our":[67],"involves":[69],"use":[71,162],"multiple":[73,250,275],"analysis":[74,186,197,219,251,276],"techniques":[75,220,277],"extract":[77],"features":[78],"samples":[81,120,139,148],"generate":[84],"these":[89,227],"features.":[90],"These":[91],"are":[93,114],"then":[94,115],"compared":[95],"using":[96,134,241],"variety":[98],"algorithms":[101],"identify":[103],"similarities":[104],"differences":[106],"between":[107],"samples.":[109,206,294],"The":[110],"resulting":[111],"scores":[113],"used":[116],"classify":[118,146,169,201],"into":[121],"different":[122],"categories,":[123],"such":[124],"as":[125],"families,":[126],"variants,":[127],"versions.":[129],"We":[130,207],"evaluate":[131],"our":[132,158,210,224,235],"dataset":[136],"demonstrate":[141],"it":[143],"can":[144],"accurately":[145],"with":[149,289],"high":[151],"degree":[152],"accuracy.":[154,233],"One":[155],"advantage":[156,189],"visualization,":[164,259],"which":[165],"allows":[166,198],"us":[167,199],"cluster":[171,203],"large":[172,290],"datasets":[173,291],"more":[178],"intuitive":[179],"effective":[181,282],"way.":[182],"addition,":[184],"static":[185,254],"being":[191],"fast":[192],"accurate,":[194],"while":[195],"packed":[204,293],"also":[208,269],"compare":[209],"other":[213],"approaches":[215,228],"single":[218],"show":[222],"outperforms":[226],"terms":[230],"Overall,":[234],"study":[236],"demonstrates":[237],"potential":[239],"techniques,":[252],"including":[253],"accurate":[262],"efficient":[264],"ransomware.":[267],"highlights":[270],"importance":[272],"considering":[274],"development":[280],"methods,":[285],"especially":[286],"when":[287],"dealing":[288]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":9}],"updated_date":"2026-01-22T23:29:09.771500","created_date":"2025-10-10T00:00:00"}