{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T20:46:07Z","timestamp":1782333967817,"version":"3.54.5"},"reference-count":79,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2025,6,19]]},"abstract":"<jats:p>In recent years, the increase in ransomware attacks has significantly impacted individuals and organizations. Many strategies have been proposed to detect ransomware\u2019s file disruption operation. However, they rely on certain assumptions that gradually fail in the face of evolving ransomware attacks, which use more stealthy encryption methods or benign-imitation-based I\/O orchestration.  To mitigate this, we propose an approach to detect ransomware attacks through temporal correlation between encryption and I\/O behaviors. Its key idea is that there is a strong temporal correlation inherent in ransomware\u2019s encryption and I\/O behaviors. To disrupt files, ransomware must first read the file data from the disk into memory, encrypt it, and then write the encrypted data back to the disk. This process creates a pronounced temporal correlation between the computation load of the encryption operations and the size of the files being encrypted. Based on this invariant, we implement a prototype called RansomRadar and evaluate its effectiveness against 411 latest ransomware samples from 89 families. Experimental results show that it achieves a detection rate of 100.00% with 2.68% false alarms. Its F1-score is 96.03, higher than the existing detectors for 31.82 on average.<\/jats:p>","DOI":"10.1145\/3715725","type":"journal-article","created":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T15:16:02Z","timestamp":1750346162000},"page":"197-218","source":"Crossref","is-referenced-by-count":2,"title":["Ransomware Detection through Temporal Correlation between Encryption and I\/O Behavior"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4336-7190","authenticated-orcid":false,"given":"Lihua","family":"Guo","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5808-9553","authenticated-orcid":false,"given":"Yiwei","family":"Hou","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6446-247X","authenticated-orcid":false,"given":"Chijin","family":"Zhou","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7778-4243","authenticated-orcid":false,"given":"Quan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0955-503X","authenticated-orcid":false,"given":"Yu","family":"Jiang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,6,19]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"The State of Ransomware","year":"2023","unstructured":"Sophos. 2023. The State of Ransomware 2023.. https:\/\/www.sophos.com\/en-us\/whitepaper\/state-of-ransomware (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_2_1","volume-title":"What to do after a ransomware attack? https:\/\/www.softwareone.com\/en\/blog\/articles\/2021\/07\/02\/ransomware-attack-enterprise-guide (Online","year":"2023","unstructured":"SoftwareOne. 2023. What to do after a ransomware attack? https:\/\/www.softwareone.com\/en\/blog\/articles\/2021\/07\/02\/ransomware-attack-enterprise-guide (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_3_1","volume-title":"These ransomware victims are paying more to recover data.. https:\/\/www.zdnet.com\/article\/these-ransomware-victims-are-paying-more-to-recover-data\/ (Online","year":"2023","unstructured":"ZDNet. 2023. These ransomware victims are paying more to recover data.. https:\/\/www.zdnet.com\/article\/these-ransomware-victims-are-paying-more-to-recover-data\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_4_1","volume-title":"2023 IEEE Symposium on Security and Privacy. 2584\u20132601","author":"Zhou Chijin","year":"2023","unstructured":"Chijin Zhou, Lihua Guo, Yiwei Hou, Zhenya Ma, Quan Zhang, Mingzhe Wang, Zhe Liu, and Yu Jiang. 2023. Limits of I\/O Based Ransomware Detection: An Imitation Based Attack. In 2023 IEEE Symposium on Security and Privacy. 2584\u20132601."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. 1\u201312","author":"Hou Yiwei","year":"2024","unstructured":"Yiwei Hou, Lihua Guo, Chijin Zhou, Yiwen Xu, Zijing Yin, Shanshan Li, Chengnian Sun, and Yu Jiang. 2024. An Empirical Study of Data Disruption by Ransomware Attacks. In Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. 1\u201312. https:\/\/doi.org\/10.1145\/3597503.3639090 10.1145\/3597503.3639090"},{"key":"e_1_2_1_6_1","volume-title":"https:\/\/www.blackberry.com\/us\/en\/solutions\/endpoint-security\/ransomware-protection\/blackcat (Online","author":"BlackCat","year":"2023","unstructured":"BlackBerry. 2023. BlackCat Malware (AKA ALPHV).. https:\/\/www.blackberry.com\/us\/en\/solutions\/endpoint-security\/ransomware-protection\/blackcat (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_7_1","doi-asserted-by":"crossref","first-page":"4355","DOI":"10.3390\/s23094355","article-title":"Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation","volume":"23","author":"Alqahtani Abdullah","year":"2023","unstructured":"Abdullah Alqahtani and Frederick T Sheldon. 2023. Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation. Sensors, 23, 9 (2023), 4355.","journal-title":"Sensors"},{"key":"e_1_2_1_8_1","volume-title":"RAID 2017, Atlanta, GA, USA, September 18\u201320, 2017, Proceedings. 98\u2013119","author":"Kharraz Amin","year":"2017","unstructured":"Amin Kharraz and Engin Kirda. 2017. Redemption: Real-time protection against ransomware at end-hosts. In Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18\u201320, 2017, Proceedings. 98\u2013119."},{"key":"e_1_2_1_9_1","volume-title":"UNVEIL: A Large-Scale, automated approach to detecting ransomware. In 25th USENIX security symposium. 757\u2013772.","author":"Kharaz Amin","year":"2016","unstructured":"Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. 2016. UNVEIL: A Large-Scale, automated approach to detecting ransomware. In 25th USENIX security symposium. 757\u2013772."},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 32nd annual conference on computer security applications. 336\u2013347","author":"Continella Andrea","year":"2016","unstructured":"Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi. 2016. Shieldfs: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd annual conference on computer security applications. 336\u2013347."},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the 2017 ACM on Asia conference on computer and communications security. 599\u2013611","author":"Kolodenker Eugene","year":"2017","unstructured":"Eugene Kolodenker, William Koch, Gianluca Stringhini, and Manuel Egele. 2017. Paybreak: Defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia conference on computer and communications security. 599\u2013611."},{"key":"e_1_2_1_12_1","first-page":"600","article-title":"Deepware: Imaging performance counters with deep learning to detect ransomware","volume":"72","author":"Ganfure Gaddisa Olani","year":"2022","unstructured":"Gaddisa Olani Ganfure, Chun-Feng Wu, Yuan-Hao Chang, and Wei-Kuan Shih. 2022. Deepware: Imaging performance counters with deep learning to detect ransomware. IEEE Trans. Comput., 72, 3 (2022), 600\u2013613.","journal-title":"IEEE Trans. Comput."},{"key":"e_1_2_1_13_1","volume-title":"Saqib Hakak, and Muhammad Khurram Khan.","author":"Beaman Craig","year":"2021","unstructured":"Craig Beaman, Ashley Barkworth, Toluwalope David Akande, Saqib Hakak, and Muhammad Khurram Khan. 2021. Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111 (2021), 1\u201322, 102490."},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 2231\u20132244","author":"Huang Jian","year":"2017","unstructured":"Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, and Moinuddin K Qureshi. 2017. FlashGuard: Leveraging intrinsic flash properties to defend against encryption ransomware. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 2231\u20132244."},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the 39th IEEE Symposium on Security and Privacy. 618\u2013631","author":"Huang Danny Yuxing","year":"2018","unstructured":"Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin, Kirill Levchenko, Alex C Snoeren, and Damon McCoy. 2018. Tracking ransomware end-to-end. In Proceedings of the 39th IEEE Symposium on Security and Privacy. 618\u2013631."},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 726\u2013739","author":"Reidys Benjamin","year":"2022","unstructured":"Benjamin Reidys, Peng Liu, and Jian Huang. 2022. Rssd: Defend against ransomware with hardware-isolated network-storage codesign and post-attack analysis. In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 726\u2013739."},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TDSC.2022.3214781","article-title":"Seamlessly Safeguarding Data Against Ransomware Attacks","volume":"20","author":"Elkhail Abdulrahman Abu","year":"2023","unstructured":"Abdulrahman Abu Elkhail, Nada Lachtar, Duha Ibdah, Rustam Aslam, Hamza Khan, Anys Bacha, and Hafiz Malik. 2023. Seamlessly Safeguarding Data Against Ransomware Attacks. IEEE Transactions on Dependable and Secure Computing, 20, 1 (2023), 1\u201316.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2258\u20132260","author":"Paik Joon-Young","year":"2018","unstructured":"Joon-Young Paik, Joong-Hyun Choi, Rize Jin, Jianming Wang, and Eun-Sun Cho. 2018. A storage-level detection mechanism against crypto-ransomware. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2258\u20132260."},{"key":"e_1_2_1_19_1","volume-title":"Proceeding of the 46th International Conference on Software Engineering.","author":"Hou Yiwei","year":"2024","unstructured":"Yiwei Hou, Lihua Guo, Chijin Zhou, Yiwen Xu, Zijing Yin, Shanshan Li, Chengnian Sun, and Yu Jiang. 2024. An Empirical Study of Data Disruption by Ransomware Attacks. In Proceeding of the 46th International Conference on Software Engineering."},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the 56th Annual Design Automation Conference. 1\u20136.","author":"Park Jisung","year":"2019","unstructured":"Jisung Park, Youngdon Jung, Jonghoon Won, Minji Kang, Sungjin Lee, and Jihong Kim. 2019. RansomBlocker: A low-overhead ransomware-proof SSD. In Proceedings of the 56th Annual Design Automation Conference. 1\u20136."},{"key":"e_1_2_1_21_1","first-page":"2038","article-title":"A content-based ransomware detection and backup solid-state drive for ransomware defense","volume":"41","author":"Min Donghyun","year":"2021","unstructured":"Donghyun Min, Yungwoo Ko, Ryan Walker, Junghee Lee, and Youngjae Kim. 2021. A content-based ransomware detection and backup solid-state drive for ransomware defense. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 41, 7 (2021), 2038\u20132051.","journal-title":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 3335\u20133337","author":"Chen Niusen","year":"2022","unstructured":"Niusen Chen, Josh Dafoe, and Bo Chen. 2022. Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 3335\u20133337."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 341\u2013355","author":"Ma Boyang","year":"2023","unstructured":"Boyang Ma, Yilin Yang, Jinku Li, Fengwei Zhang, Wenbo Shen, Yajin Zhou, and Jianfeng Ma. 2023. Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data Recovery. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 341\u2013355."},{"key":"e_1_2_1_24_1","volume-title":"https:\/\/perf.wiki.kernel.org\/ (Online","author":"Wiki Perf","year":"2023","unstructured":"2023. Perf Wiki.. https:\/\/perf.wiki.kernel.org\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_25_1","volume-title":"https:\/\/icl.utk.edu\/papi\/ (Online","author":"University of Tennessee Innovative Computing Laboratory. 2023. PAPI..","year":"2023","unstructured":"University of Tennessee Innovative Computing Laboratory. 2023. PAPI.. https:\/\/icl.utk.edu\/papi\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_26_1","volume-title":"Windows Performance Recorder.. https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/test\/wpt\/windows-performance-recorder (Online","year":"2023","unstructured":"MicroSoft. 2023. Windows Performance Recorder.. https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/test\/wpt\/windows-performance-recorder (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the 48th ACM\/IEEE Annual International Symposium on Computer Architecture. 112\u2013125","author":"Yuan Yifan","year":"2021","unstructured":"Yifan Yuan, Mohammad Alian, Yipeng Wang, Ren Wang, Ilia Kurakin, Charlie Tai, and Nam Sung Kim. 2021. Don\u2019t forget the I\/O when allocating your LLC. In Proceedings of the 48th ACM\/IEEE Annual International Symposium on Computer Architecture. 112\u2013125."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 55th IEEE\/ACM International Symposium on Microarchitecture. 19\u201334","author":"Khan Tanvir Ahmed","year":"2022","unstructured":"Tanvir Ahmed Khan, Muhammed Ugur, Krishnendra Nathella, Dam Sunwoo, Heiner Litz, Daniel A Jim\u00e9nez, and Baris Kasikci. 2022. Whisper: Profile-guided branch misprediction elimination for data center applications. In Proceedings of the 55th IEEE\/ACM International Symposium on Microarchitecture. 19\u201334."},{"key":"e_1_2_1_29_1","volume-title":"International symposium on research in attacks, intrusions, and defenses. 114\u2013136","author":"Mehnaz Shagufta","year":"2018","unstructured":"Shagufta Mehnaz, Anand Mudgerikar, and Elisa Bertino. 2018. Rwguard: A real-time detection system against cryptographic ransomware. In International symposium on research in attacks, intrusions, and defenses. 114\u2013136."},{"key":"e_1_2_1_30_1","volume-title":"CryptoAPI System Architecture.. https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/seccrypto\/cryptoapi-system-architecture (Online","year":"2023","unstructured":"MicroSoft. 2023. CryptoAPI System Architecture.. https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/seccrypto\/cryptoapi-system-architecture (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_31_1","volume-title":"OpenSSL cryptography and SSL\/TLS toolkit.. https:\/\/www.openssl.org\/ (Online","author":"Project Authors SSL","year":"2023","unstructured":"OpenSSL Project Authors. 2023. OpenSSL cryptography and SSL\/TLS toolkit.. https:\/\/www.openssl.org\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_32_1","volume-title":"Cryptography.. https:\/\/cryptography.io\/en\/latest\/ (Online","author":"Contributors Individual","year":"2023","unstructured":"Individual Contributors. 2023. Cryptography.. https:\/\/cryptography.io\/en\/latest\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","first-page":"4373","DOI":"10.1109\/TCAD.2022.3200908","article-title":"MIDAS: safeguarding iot devices against malware via real-time behavior auditing","volume":"41","author":"Xu Yiwen","year":"2022","unstructured":"Yiwen Xu, Zijing Yin, Yiwei Hou, Jianzhong Liu, and Yu Jiang. 2022. MIDAS: safeguarding iot devices against malware via real-time behavior auditing. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 41, 11 (2022), 4373\u20134384.","journal-title":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems"},{"key":"e_1_2_1_34_1","doi-asserted-by":"crossref","first-page":"101997","DOI":"10.1016\/j.cose.2020.101997","article-title":"RansomSpector: An introspection-based approach to detect crypto ransomware","volume":"97","author":"Tang Fei","year":"2020","unstructured":"Fei Tang, Boyang Ma, Jinku Li, Fengwei Zhang, Jipeng Su, and Jianfeng Ma. 2020. RansomSpector: An introspection-based approach to detect crypto ransomware. Computers & Security, 97 (2020), 101997.","journal-title":"Computers & Security"},{"key":"e_1_2_1_35_1","volume-title":"Event Tracing for Windows (ETW).. https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/event-tracing-for-windows\u2013etw- (Online","year":"2023","unstructured":"MicroSoft. 2023. Event Tracing for Windows (ETW).. https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/event-tracing-for-windows\u2013etw- (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_36_1","volume-title":"scikit-learn.. https:\/\/scikit-learn.org\/stable\/ (Online","year":"2023","unstructured":"2023. scikit-learn.. https:\/\/scikit-learn.org\/stable\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_37_1","volume-title":"https:\/\/pytorch.org\/ (Online","author":"Foundation The Linux","year":"2023","unstructured":"The Linux Foundation. 2023. PyTorch.. https:\/\/pytorch.org\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_38_1","volume-title":"https:\/\/www.virustotal.com\/gui\/contact-us\/premium-services (Online","year":"2023","unstructured":"2023. VirusTotal. https:\/\/www.virustotal.com\/gui\/contact-us\/premium-services (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_39_1","volume-title":"http:\/\/vxvault.net\/ViriList.php (Online","author":"Vault VX","year":"2023","unstructured":"2023. VX Vault. http:\/\/vxvault.net\/ViriList.php (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_40_1","volume-title":"tutorialjinni. https:\/\/www.tutorialjinni.com\/download-free-malware-samples.htm (Online","year":"2023","unstructured":"2023. tutorialjinni. https:\/\/www.tutorialjinni.com\/download-free-malware-samples.htm (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_41_1","volume-title":"https:\/\/samples.vx-underground.org\/samples\/Blocks\/InTheWild%20Collection\/ (Online","year":"2023","unstructured":"2023. InTheWild. https:\/\/samples.vx-underground.org\/samples\/Blocks\/InTheWild%20Collection\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_42_1","volume-title":"https:\/\/bazaar.abuse.ch\/browse\/ (Online","year":"2023","unstructured":"2023. Bazaar. https:\/\/bazaar.abuse.ch\/browse\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_43_1","volume-title":"theZoo. https:\/\/thezoo.morirt.com\/ (Online","year":"2023","unstructured":"2023. theZoo. https:\/\/thezoo.morirt.com\/ (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_44_1","volume-title":"vx-underground. https:\/\/www.vx-underground.org\/malware.html (Online","year":"2023","unstructured":"2023. vx-underground. https:\/\/www.vx-underground.org\/malware.html (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_45_1","unstructured":"dhuertas. 2024. AES. https:\/\/github.com\/dhuertas\/AES"},{"key":"e_1_2_1_46_1","unstructured":"dhuertas. 2019. block-cipher-modes. https:\/\/github.com\/dhuertas\/block-cipher-modes"},{"key":"e_1_2_1_47_1","unstructured":"waterJuice. 2018. WjCryptLib. https:\/\/github.com\/WaterJuice\/WjCryptLib"},{"key":"e_1_2_1_48_1","unstructured":"kokke. 2024. tiny-AES-c. https:\/\/github.com\/kokke\/tiny-AES-c"},{"key":"e_1_2_1_49_1","unstructured":"B-con. 2015. crypto-algorithms. https:\/\/github.com\/B-Con\/crypto-algorithms"},{"key":"e_1_2_1_50_1","unstructured":"matt wu. 2017. AES. https:\/\/github.com\/matt-wu\/AES"},{"key":"e_1_2_1_51_1","unstructured":"SergeBel. 2024. AES. https:\/\/github.com\/SergeyBel\/AES"},{"key":"e_1_2_1_52_1","unstructured":"alepacheco. 2017. FileEncryption. https:\/\/github.com\/alepacheco\/FileEncryption"},{"key":"e_1_2_1_53_1","unstructured":"wumansgy. 2022. goEncrypt. https:\/\/github.com\/wumansgy\/goEncrypt"},{"key":"e_1_2_1_54_1","unstructured":"haomanxing. 2018. go-aes-ecb. https:\/\/github.com\/haowanxing\/go-aes-ecb"},{"key":"e_1_2_1_55_1","unstructured":"mervick. 2024. aes-everywhere. https:\/\/github.com\/mervick\/aes-everywhere"},{"key":"e_1_2_1_56_1","unstructured":"simplephp. 2021. encrypt-decrypt. https:\/\/github.com\/simplephp\/encrypt-decrypt"},{"key":"e_1_2_1_57_1","unstructured":"bozhu. 2015. AES-python. https:\/\/github.com\/bozhu\/AES-Python"},{"key":"e_1_2_1_58_1","unstructured":"ricmoo. 2017. pyaes. https:\/\/github.com\/ricmoo\/pyaes"},{"key":"e_1_2_1_59_1","unstructured":"the javapocal. 2022. Python-File-Encryptor. https:\/\/github.com\/the-javapocalypse\/Python-File-Encryptor"},{"key":"e_1_2_1_60_1","unstructured":"marcobellaccini. 2023. pyAESCrypt. https:\/\/github.com\/marcobellaccini\/pyAesCrypt"},{"key":"e_1_2_1_61_1","unstructured":"pcaro90. 2013. Python-AES. https:\/\/github.com\/pcaro90\/Python-AES"},{"key":"e_1_2_1_62_1","unstructured":"keepsimple1. 2023. libaes. https:\/\/github.com\/keepsimple1\/libaes"},{"key":"e_1_2_1_63_1","unstructured":"adrgs. 2020. rust-aes. https:\/\/github.com\/adrgs\/rust-aes"},{"key":"e_1_2_1_64_1","unstructured":"anoadragon453. 2018. rust-aes. https:\/\/github.com\/anoadragon453\/rust-aes\/"},{"key":"e_1_2_1_65_1","volume-title":"https:\/\/github.com\/microsoft\/diskspd (Online","year":"2023","unstructured":"MicroSoft. 2023. DISKSPD.. https:\/\/github.com\/microsoft\/diskspd (Online; accessed on Nov 10, 2023)"},{"key":"e_1_2_1_66_1","doi-asserted-by":"crossref","unstructured":"Kenan Begovic Abdulaziz Al-Ali and Qutaibah Malluhi. 2023. Cryptographic ransomware encryption detection: Survey. Computers & Security 103349.","DOI":"10.1016\/j.cose.2023.103349"},{"key":"e_1_2_1_67_1","volume-title":"Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011","author":"Gr\u00f6bert Felix","year":"2011","unstructured":"Felix Gr\u00f6bert, Carsten Willems, and Thorsten Holz. 2011. Automated identification of cryptographic primitives in binary programs. In Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011. 41\u201360."},{"key":"e_1_2_1_68_1","volume-title":"Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. 203\u2013214","author":"Lestringant Pierre","year":"2015","unstructured":"Pierre Lestringant, Fr\u00e9d\u00e9ric Guih\u00e9ry, and Pierre-Alain Fouque. 2015. Automated identification of cryptographic primitives in binary code with data flow graph isomorphism. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. 203\u2013214."},{"key":"e_1_2_1_69_1","volume-title":"30th USENIX Security Symposium. 555\u2013572","author":"Meijer Carlo","year":"2021","unstructured":"Carlo Meijer, Veelasha Moonsamy, and Jos Wetzels. 2021. Where\u2019s Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code. In 30th USENIX Security Symposium. 555\u2013572."},{"key":"e_1_2_1_70_1","volume-title":"2018 International Conference on Advances in Computing, Communications and Informatics. 983\u2013987","author":"Sheen Shina","year":"2018","unstructured":"Shina Sheen and Ashwitha Yadav. 2018. Ransomware detection by mining API call usage. In 2018 International Conference on Advances in Computing, Communications and Informatics. 983\u2013987."},{"key":"e_1_2_1_71_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment: 15th International Conference. 234\u2013255.","author":"Gen\u00e7 Ziya Alper","unstructured":"Ziya Alper Gen\u00e7, Gabriele Lenzini, and Peter YA Ryan. 2018. No random, no ransom: a key to stop cryptographic ransomware. In Detection of Intrusions and Malware, and Vulnerability Assessment: 15th International Conference. 234\u2013255."},{"key":"e_1_2_1_72_1","volume-title":"International Symposium on Pervasive Systems, Algorithms and Networks. 133\u2013139","author":"Lee Kyungroul","year":"2019","unstructured":"Kyungroul Lee, Sun-Young Lee, and Kangbin Yim. 2019. Effective ransomware detection using entropy estimation of files for cloud services. In International Symposium on Pervasive Systems, Algorithms and Networks. 133\u2013139."},{"key":"e_1_2_1_73_1","doi-asserted-by":"crossref","first-page":"299","DOI":"10.1007\/s11416-021-00384-0","article-title":"Signature-less ransomware detection and mitigation","volume":"17","author":"Joshi Yash Shashikant","year":"2021","unstructured":"Yash Shashikant Joshi, Harsh Mahajan, Sumedh Nitin Joshi, Kshitij Pradeep Gupta, and Aarti Amod Agarkar. 2021. Signature-less ransomware detection and mitigation. Journal of Computer Virology and Hacking Techniques, 17, 4 (2021), 299\u2013306.","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"key":"e_1_2_1_74_1","doi-asserted-by":"crossref","first-page":"102512","DOI":"10.1016\/j.cose.2021.102512","article-title":"Rcryptect: Real-time detection of cryptographic function in the user-space filesystem","volume":"112","author":"Lee Seungkwang","year":"2022","unstructured":"Seungkwang Lee, Nam-su Jho, Doyoung Chung, Yousung Kang, and Myungchul Kim. 2022. Rcryptect: Real-time detection of cryptographic function in the user-space filesystem. Computers & Security, 112 (2022), 102512.","journal-title":"Computers & Security"},{"key":"e_1_2_1_75_1","doi-asserted-by":"crossref","first-page":"1433","DOI":"10.1109\/TIFS.2023.3240025","article-title":"RTrap: Trapping and Containing Ransomware With Machine Learning","volume":"18","author":"Ganfure Gaddisa Olani","year":"2023","unstructured":"Gaddisa Olani Ganfure, Chun-Feng Wu, Yuan-Hao Chang, and Wei-Kuan Shih. 2023. RTrap: Trapping and Containing Ransomware With Machine Learning. IEEE Transactions on Information Forensics and Security, 18 (2023), 1433\u20131448.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_2_1_76_1","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","article-title":"R-Locker: Thwarting ransomware action through a honeyfile-based approach","volume":"73","author":"G\u00f3mez-Hern\u00e1ndez Jos\u00e9 Antonio","year":"2018","unstructured":"Jos\u00e9 Antonio G\u00f3mez-Hern\u00e1ndez, L \u00c1lvarez-Gonz\u00e1lez, and Pedro Garc\u00eda-Teodoro. 2018. R-Locker: Thwarting ransomware action through a honeyfile-based approach. Computers & Security, 73 (2018), 389\u2013398.","journal-title":"Computers & Security"},{"key":"e_1_2_1_77_1","doi-asserted-by":"crossref","first-page":"102461","DOI":"10.1016\/j.cose.2021.102461","article-title":"Dynamic user-centric access control for detection of ransomware attacks","volume":"111","author":"McIntosh Timothy","year":"2021","unstructured":"Timothy McIntosh, ASM Kayes, Yi-Ping Phoebe Chen, Alex Ng, and Paul Watters. 2021. Dynamic user-centric access control for detection of ransomware attacks. Computers & Security, 111 (2021), 102461.","journal-title":"Computers & Security"},{"key":"e_1_2_1_78_1","volume-title":"2020 IEEE International Conference on Intelligence and Security Informatics. 1\u20136.","author":"Ganfure Gaddisa Olani","year":"2020","unstructured":"Gaddisa Olani Ganfure, Chun-Feng Wu, Yuan-Hao Chang, and Wei-Kuan Shih. 2020. DeepGuard: Deep generative user-behavior analytics for ransomware detection. In 2020 IEEE International Conference on Intelligence and Security Informatics. 1\u20136."},{"key":"e_1_2_1_79_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1\u20133.","author":"Sanvito Davide","year":"2022","unstructured":"Davide Sanvito, Giuseppe Siracusano, Roberto Gonzalez, and Roberto Bifulco. 2022. MUSTARD-Adaptive Behavioral Analysis for Ransomware Detection. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1\u20133."}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3715725","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T15:20:14Z","timestamp":1750346414000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715725"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,19]]},"references-count":79,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2025,6,19]]}},"alternative-id":["10.1145\/3715725"],"URL":"https:\/\/doi.org\/10.1145\/3715725","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,19]]}}}