Ransomware Analysis: Knowledge Extraction and Classification for Advanced Cyber Threat Intelligence
暫譯: 勒索病毒分析：高級網路威脅情報的知識提取與分類

本書介紹了一種分類方案的開發，旨在通過實施一種以領域特定源文件的語義註釋為中心的創新方法，來組織和表示勒索病毒威脅知識。

Claudia Lanza is currently a Research Fellow at the University of Calabria. After a yearly visting abroad period as PhD student with the TALN group at the University of Nantes, she obtained a PhD title in 2021 in ICT on a thesis focusing on the Semantic control within the Cybersecurity domain. In 2023 she was Visiting Researcher in Nancy at LORIA working on the creation of cyber-attacks classification tools as a means of guaranteeing a monitoring semantic activity in Cybersecurity triaging procedures. Her research interests cover Information Science, Documentation, Information Retrieval, Knowledge organization and representation, and Specialized domain-oriented terminology systematization.

In this monograph Claudia Lanza is the author specifically of the whole Chapter 1; for Chapter 2 is the author of Section 2.1; for Chapter 3 is the author of Section 3.2. and Sub-section 3.2.1; for Chapter 4 is the author of Section 4.1. and Sub-sections 4.1.1., 4.1.2, 4.1.2.1, 4.1.2.2, Section 4.2. and Sub-sections 4.2.1, 4.2.2, and Sub-section 4.3.2.

Abdelkader Lahmadi is an associate professor in computer science at University of Lorraine, teaching at ENSEM engineering school and doing research at LORIA and Inria in RESIST research team. Abdelkader's research interests are in the area of cybersecurity and threat analysis in networked systems (IoT, industrial systems, 5G, etc.). More in detail, he is investigating innovative solutions in the area of automated cyber security using AI for anomaly detection, mitigation, and proactive approaches. In this area, he developed and patented a technology, named SCUBA, for discovering in an automated way the attack paths that can be exploited by an attacker through the assets of a given network. He has a Ph.D. and engineering degree in computer science. Since 2018, he has been the head of ISN (Digital Systems Engineers) degree at the ENSEM engineering school in Nancy. He has been scientific director of the LHS (High Security Laboratory) in Nancy since 2020, specializing in experimentation and analysis for cybersecurity research. Throughout his professional career, Abdelkader has contributed to numerous software developments and prototypes to validate his scientific research. He is a co-founder of CYBI, a spin-off of University of Lorraine and Inria focused on automated cybersecurity solutions using AI systems for attack path management.

Jérôme François is a senior research scientist at the university of Luxembourg in the research group SEDAN (Service and Data Management) at SnT (https: //wwwen.uni.lu/snt/research/sedan) and is an affiliate member of LORIA and INRIA Lab in Nancy, France where he was a researcher and deputy team leader of RESIST team from 2014 to 2023. He received a Ph.D. degree in computer science from the University of Lorraine, France, in December 2009. His area of research is is network and service management but with a focus on security management. He developed a strong scientific expertise and practical experience in the adaptation and application of Machine Learning methods in this area. This covers different topics such as that anomaly detection, phishing prevention, botnet modelling, or honeypot and darknet monitoring as endorsed by his publications.
He participated in different national and European projects (SPARTA European Cybersecurity Competence Network, French EPR on cybersecurity, H2020 AI@EDGE, H2020 SecureIoT) and was leading the NATO international research project ThreatPredict. He developed strong partnerships with industries (e.g. Orange, Thales) and academia (joint teams with University of Waterloo in Canada and Osaka in Japan). He is a core member of network and service management community by taking several responsibilities regarding conference organization and by leading IRTF Network Management Research Group (NMRG). He is the co-founder of Cybi (https: //www.cybi.fr/), a cybersecurity startup built on top of research results regarding attack path management.

In this monograph Abdelkader Lahmadi and Jérôme François are the authors specifically of the whole Chapter 2 except for just Section 2.1; for Chapter 3 are the authors of Section 3.1, and Sub-sections 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, Section 3.3. 3.3. and Sub-sections 3.3.1, 3.3.2; for Chapter 4 are the authors of Sub-section 4.1.2.3, Section 4.3 and Sub-section 4.3.1. The three authors jointly collaborated for the Preface and Conclusion sections.

Claudia Lanza 目前是卡拉布里亞大學的研究員。在法國南特大學的TALN小組作為博士生進行了一年的海外訪問後，她於2021年獲得資訊與通信技術（ICT）博士學位，論文專注於網絡安全領域的語義控制。2023年，她在南錫的LORIA擔任訪問研究員，致力於創建網絡攻擊分類工具，以確保在網絡安全分流程序中的監控語義活動。她的研究興趣涵蓋資訊科學、文獻學、資訊檢索、知識組織與表示，以及專業領域的術語系統化。

在本專著中，Claudia Lanza是第一章的全篇作者；第二章中是2.1節的作者；第三章中是3.2節及子節3.2.1的作者；第四章中是4.1節及子節4.1.1、4.1.2、4.1.2.1、4.1.2.2、4.2節及子節4.2.1、4.2.2，以及子節4.3.2的作者。

Abdelkader Lahmadi 是洛林大學的計算機科學副教授，在ENSEM工程學院授課，並在LORIA和Inria的RESIST研究小組進行研究。Abdelkader的研究興趣集中在網絡系統（物聯網、工業系統、5G等）的網絡安全和威脅分析領域。更具體地說，他正在研究使用人工智慧進行自動化網絡安全的創新解決方案，以進行異常檢測、緩解和主動應對。在這一領域，他開發並獲得專利的技術名為SCUBA，旨在自動發現攻擊者可以通過特定網絡資產利用的攻擊路徑。他擁有計算機科學的博士學位和工程學位。自2018年以來，他一直是南錫ENSEM工程學院數位系統工程（ISN）學位的負責人。自2020年以來，他擔任南錫高安全實驗室（LHS）的科學主任，專注於網絡安全研究的實驗和分析。在他的職業生涯中，Abdelkader為眾多軟體開發和原型設計做出了貢獻，以驗證他的科學研究。他是CYBI的共同創辦人，這是一家專注於使用人工智慧系統進行攻擊路徑管理的自動化網絡安全解決方案的洛林大學和Inria的衍生公司。

Jérôme François 是盧森堡大學的高級研究科學家，隸屬於SnT的SEDAN（服務與數據管理）研究小組（https://wwwen.uni.lu/snt/research/sedan），並且是法國南錫的LORIA和INRIA實驗室的附屬成員，曾於2014年至2023年擔任RESIST小組的研究員和副小組長。他於2009年12月在法國洛林大學獲得計算機科學博士學位。他的研究領域是網絡和服務管理，但重點在於安全管理。他在這一領域內發展了強大的科學專業知識和實踐經驗，特別是在機器學習方法的適應和應用方面。這涵蓋了不同主題，如異常檢測、釣魚防範、僵屍網絡建模或蜜罐和黑暗網監控，這些都在他的出版物中得到了證實。他參與了多個國家和歐洲項目（如SPARTA歐洲網絡安全能力網絡、法國EPR網絡安全、H2020 AI@EDGE、H2020 SecureIoT），並主導了北約國際研究項目ThreatPredict。他與行業（如Orange、Thales）和學術界（與加拿大滑鐵盧大學和日本大阪大學的聯合團隊）建立了強大的合作夥伴關係。他是網絡和服務管理社群的核心成員，擔任多個會議組織的責任，並領導IRTF網絡管理研究小組（NMRG）。他是Cybi（https://www.cybi.fr/）的共同創辦人，這是一家基於攻擊路徑管理研究成果的網絡安全初創公司。

在本專著中，Abdelkader Lahmadi和Jérôme François是第二章的全篇作者，除了2.1節；第三章中是3.1節及子節3.1.1、3.1.2、3.1.3、3.1.4、3.1.5、3.3節及子節3.3.1、3.3.2的作者；第四章中是子節4.1.2.3、4.3節及子節4.3.1的作者。三位作者共同合作撰寫了前言和結論部分。