{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T16:16:59Z","timestamp":1776788219484,"version":"3.51.2"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J. Comput. Sci. Technol."],"published-print":{"date-parts":[[2025,5]]},"DOI":"10.1007\/s11390-025-4497-x","type":"journal-article","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:32:43Z","timestamp":1752139963000},"page":"887-903","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["AB-DHD: An Attention Mechanism and Bi-Directional Gated Recurrent Unit Based Model for Dynamic Link Library Hijacking Vulnerability Discovery"],"prefix":"10.1007","volume":"40","author":[{"given":"Xiao","family":"Chen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Le-Tian","family":"Sha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fu","family":"Xiao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jia-Ye","family":"Pan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jian-Kuo","family":"Dong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,7,9]]},"reference":[{"key":"4497_CR1","first-page":"2345","volume-title":"Proc. the 30th USENIX Security Symposium","author":"X Han","year":"2021","unstructured":"Han X, Yu X, Pasquier T, Li D, Rhee J, Mickens J, Seltzer M, Chen H. SIGL: Securing software installations through deep graph learning. In Proc. the 30th USENIX Security Symposium, Aug. 2021, pp.2345\u20132362."},{"key":"4497_CR2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE59016.2024.10444377","volume-title":"Proc. the 2024 IEEE International Conference on Consumer Electronics (ICCE)","author":"J Park","year":"2024","unstructured":"Park J, Yoo D, Yun N, Lee J, Kim D. A thread chaining attack for bypassing a DLL injection monitoring system. In Proc. the 2024 IEEE International Conference on Consumer Electronics (ICCE), Jan. 2024. DOI: https:\/\/doi.org\/10.1109\/ICCE59016.2024.10444377."},{"key":"4497_CR3","doi-asserted-by":"publisher","DOI":"10.1109\/ACDSA59508.2024.10467679","volume-title":"Proc. the 2024 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA)","author":"M Ashawa","year":"2024","unstructured":"Ashawa M, Owoh N P, Riley J, Osamor J, Hosseinzadeh S. An exploration of shared code execution for malware analysis. In Proc. the 2024 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA), Feb. 2024. DOI: https:\/\/doi.org\/10.1109\/ACDSA59508.2024.10467679."},{"key":"4497_CR4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23038","volume-title":"Proc. the 2024 Network and Distributed System Security Symposium","author":"C Yu","year":"2024","unstructured":"Yu C, Xiao Y, Lu J, Li Y, Li Y, Li L, Dong Y, Wang J, Shi J, Bo D, Huo W. File hijacking vulnerability: The elephant in the room. In Proc. the 2024 Network and Distributed System Security Symposium, Feb. 26\u2013Mar. 1, 2024. DOI: https:\/\/doi.org\/10.14722\/ndss.2024.23038."},{"key":"4497_CR5","series-title":"Technical Report","volume-title":"DLL side-loading: A thorn in the side of the anti-virus (AV) industry","author":"A Stewart","year":"2025","unstructured":"Stewart A. DLL side-loading: A thorn in the side of the anti-virus (AV) industry. Technical Report, FireEye Inc, 2014. https:\/\/www.mandiant.com\/sites\/default\/files\/2021-09\/rpt-dll-sideloading.pdf, May 2025."},{"issue":"4","key":"4497_CR6","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MAHC.2018.2877913","volume":"40","author":"S Dick","year":"2018","unstructured":"Dick S, Volmar D. DLL hell: Software dependencies, failure, and the maintenance of Microsoft Windows. IEEE Annals of the History of Computing, 2018, 40(4): 28\u201351. DOI: https:\/\/doi.org\/10.1109\/MAHC.2018.2877913.","journal-title":"IEEE Annals of the History of Computing"},{"key":"4497_CR7","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1109\/SACI60582.2024.10619849","volume-title":"Proc. the 18th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI)","author":"J R Dora","year":"2024","unstructured":"Dora J R, Hluchy L. Exploitation of thick client application vulnerabilities and a synopsis of mitigation: *How to conduct attacks to abuse weaknesses present in a Windows executable file. In Proc. the 18th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI), May 2024, pp.431\u2013436. DOI: https:\/\/doi.org\/10.1109\/SACI60582.2024.10619849."},{"key":"4497_CR8","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1145\/3243734.3243771","volume-title":"Proc. the 2018 ACM SIGSAC Conference on Computer and Communications Security","author":"B Cheng","year":"2018","unstructured":"Cheng B, Ming J, Fu J, Peng G, Chen T, Zhang X, Marion J Y. Towards paving the way for large-scale Windows malware analysis: Generic binary unpacking with orders-of-magnitude performance boost. In Proc. the 2018 ACM SIGSAC Conference on Computer and Communications Security, Oct. 2018, pp.395\u2013411. DOI: https:\/\/doi.org\/10.1145\/3243734.3243771."},{"key":"4497_CR9","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.procs.2020.08.010","volume":"176","author":"Z Gittins","year":"2020","unstructured":"Gittins Z, Soltys M. Malware persistence mechanisms. Procedia Computer Science, 2020, 176: 88\u201397. DOI: https:\/\/doi.org\/10.1016\/j.procs.2020.08.010.","journal-title":"Procedia Computer Science"},{"key":"4497_CR10","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1145\/1831708.1831722","volume-title":"Proc. the 19th International Symposium on Software Testing and Analysis","author":"T Kwon","year":"2010","unstructured":"Kwon T, Su Z. Automatic detection of unsafe component loadings. In Proc. the 19th International Symposium on Software Testing and Analysis, Jul. 2010, pp.107\u2013118. DOI: https:\/\/doi.org\/10.1145\/1831708.1831722."},{"issue":"2","key":"4497_CR11","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1109\/TSE.2011.108","volume":"38","author":"T Kwon","year":"2012","unstructured":"Kwon T, Su Z. Automatic detection of unsafe dynamic component loadings. IEEE Trans. Software Engineering, 2012, 38(2): 293\u2013313. DOI: https:\/\/doi.org\/10.1109\/TSE.2011.108.","journal-title":"IEEE Trans. Software Engineering"},{"key":"4497_CR12","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1007\/978-3-642-28652-0_7","volume-title":"Proc. the 21st International Conference on Compiler Construction","author":"T Kwon","year":"2012","unstructured":"Kwon T, Su Z. Static detection of unsafe component loadings. In Proc. the 21st International Conference on Compiler Construction, Apr. 2012, pp.122\u2013143. DOI: https:\/\/doi.org\/10.1007\/978-3-642-28652-0_7."},{"key":"4497_CR13","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1109\/DSN.2015.17","volume-title":"Proc. the 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks","author":"B Min","year":"2015","unstructured":"Min B, Varadharajan V. Secure dynamic software loading and execution using cross component verification. In Proc. the 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, Jun. 2015, pp.113\u2013124. DOI: https:\/\/doi.org\/10.1109\/DSN.2015.17."},{"issue":"11","key":"4497_CR14","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1093\/comjnl\/bxw047","volume":"59","author":"B Min","year":"2016","unstructured":"Min B, Varadharajan V. Rethinking software component security: Software component level integrity and cross verification. The Computer Journal, 2016, 59(11): 1735\u20131748. DOI: https:\/\/doi.org\/10.1093\/comjnl\/bxw047.","journal-title":"The Computer Journal"},{"issue":"Suppl 1","key":"4497_CR15","doi-asserted-by":"publisher","first-page":"301505","DOI":"10.1016\/j.fsidi.2023.301505","volume":"44","author":"P Fern\u00e1ndez-\u00c1lvarez","year":"2023","unstructured":"Fern\u00e1ndez-\u00c1lvarez P, Rodr\u00edguez R J. Module extraction and DLL hijacking detection via single or multiple memory dumps. Forensic Science International: Digital Investigation, 2023, 44 Suppl 1: 301505. DOI: https:\/\/doi.org\/10.1016\/j.fsidi.2023.301505.","journal-title":"Forensic Science International: Digital Investigation"},{"key":"4497_CR16","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-981-97-1274-8_12","volume-title":"Proc. the 3rd International Conference on Ubiquitous Security","author":"A Verdier","year":"2023","unstructured":"Verdier A, Laborde R, Kandi M A, Benzekri A. A SLAHP in the face of DLL search order hijacking. In Proc. the 3rd International Conference on Ubiquitous Security, Nov. 2023, pp.177\u2013190. DOI: https:\/\/doi.org\/10.1007\/978-981-97-1274-8_12."},{"issue":"8","key":"4497_CR17","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter S, Schmidhuber J. Long short-term memory. Neural Computation, 1997, 9(8): 1735\u20131780. DOI: https:\/\/doi.org\/10.1162\/neco.1997.9.8.1735.","journal-title":"Neural Computation"},{"key":"4497_CR18","doi-asserted-by":"publisher","first-page":"1724","DOI":"10.3115\/v1\/D14-1179","volume-title":"Proc. the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP)","author":"K Cho","year":"2014","unstructured":"Cho K, Van Merri\u00ebnboer B, Gulcehre C, Bahdanau D, Bougares F, Schwenk H, Bengio Y. Learning phrase representations using RNN encoder-decoder for statistical machine translation. In Proc. the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), Oct. 2014, pp.1724\u20131734. DOI: https:\/\/doi.org\/10.3115\/v1\/D14-1179."},{"key":"4497_CR19","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.comcom.2022.12.010","volume":"199","author":"S M Kasongo","year":"2023","unstructured":"Kasongo S M. A deep learning technique for intrusion detection system using a recurrent neural networks based framework. Computer Communications, 2023, 199: 113\u2013125. DOI: https:\/\/doi.org\/10.1016\/j.comcom.2022.12.010.","journal-title":"Computer Communications"},{"issue":"3","key":"4497_CR20","doi-asserted-by":"publisher","first-page":"3353","DOI":"10.1007\/s40747-023-01313-y","volume":"10","author":"Y Imrana","year":"2024","unstructured":"Imrana Y, Xiang Y, Ali L, Noor A, Sarpong K, Abdullah M A. CNN-GRU-FF: A double-layer feature fusion-based network intrusion detection system using convolutional neural network and gated recurrent units. Complex & Intelligent Systems, 2024, 10(3): 3353\u20133370. DOI: https:\/\/doi.org\/10.1007\/s40747-023-01313-y.","journal-title":"Complex & Intelligent Systems"},{"key":"4497_CR21","doi-asserted-by":"publisher","first-page":"109607","DOI":"10.1016\/j.ymssp.2022.109607","volume":"182","author":"X Lei","year":"2023","unstructured":"Lei X, Xia Y, Wang A, Jian X, Zhong H, Sun L. Mutual information based anomaly detection of monitoring data with attention mechanism and residual learning. Mechanical Systems and Signal Processing, 2023, 182: 109607. DOI: https:\/\/doi.org\/10.1016\/j.ymssp.2022.109607.","journal-title":"Mechanical Systems and Signal Processing"},{"key":"4497_CR22","doi-asserted-by":"publisher","first-page":"111392","DOI":"10.1016\/j.asoc.2024.111392","volume":"154","author":"Y Chen","year":"2024","unstructured":"Chen Y, Xia R, Yang K, Zou K. DNNAM: Image inpainting algorithm via deep neural networks and attention mechanism. Applied Soft Computing, 2024, 154: 111392. DOI: https:\/\/doi.org\/10.1016\/j.asoc.2024.111392.","journal-title":"Applied Soft Computing"},{"key":"4497_CR23","doi-asserted-by":"publisher","first-page":"102459","DOI":"10.1016\/j.cose.2021.102459","volume":"111","author":"J Zhao","year":"2021","unstructured":"Zhao J, Guo S, Mu D. DouBiGRU-A: Software defect detection algorithm based on attention mechanism and double BiGRU. Computers & Security, 2021, 111: 102459. DOI: https:\/\/doi.org\/10.1016\/j.cose.2021.102459.","journal-title":"Computers & Security"},{"key":"4497_CR24","doi-asserted-by":"publisher","unstructured":"Vishnu P R, Vinod P, Yerima S Y. A deep learning approach for classifying vulnerability descriptions using self attention based neural network. Journal of Network and Systems Management, 2022, 30(1): Article No. 9. DOI: https:\/\/doi.org\/10.1007\/s10922-021-09624-6.","DOI":"10.1007\/s10922-021-09624-6"},{"key":"4497_CR25","doi-asserted-by":"publisher","unstructured":"Han J, Huang C, Sun S, Liu Z, Liu J. bjXnet: An improved bug localization model based on code property graph and attention mechanism. Automated Software Engineering, 2023, 30(1): Article No. 12. DOI: https:\/\/doi.org\/10.1007\/s10515-023-00379-9.","DOI":"10.1007\/s10515-023-00379-9"},{"issue":"4","key":"4497_CR26","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/s13748-020-00218-y","volume":"9","author":"M Roodschild","year":"2020","unstructured":"Roodschild M, Sardi\u00f1as J G, Will A. A new approach for the vanishing gradient problem on sigmoid activation. Progress in Artificial Intelligence, 2020, 9(4): 351\u2013360. DOI: https:\/\/doi.org\/10.1007\/s13748-020-00218-y.","journal-title":"Progress in Artificial Intelligence"},{"key":"4497_CR27","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.neucom.2022.06.111","volume":"503","author":"S R Dubey","year":"2022","unstructured":"Dubey S R, Singh S K, Chaudhuri B B. Activation functions in deep learning: A comprehensive survey and benchmark. Neurocomputing, 2022, 503: 92\u2013108. DOI: https:\/\/doi.org\/10.1016\/j.neucom.2022.06.111.","journal-title":"Neurocomputing"},{"issue":"3","key":"4497_CR28","doi-asserted-by":"publisher","first-page":"2009","DOI":"10.1007\/s00180-020-00999-9","volume":"36","author":"B G Marcot","year":"2021","unstructured":"Marcot B G, Hanea A M. What is an optimal value of k in k-fold cross-validation in discrete Bayesian network analysis? Computational Statistics, 2021, 36(3): 2009\u20132031. DOI: https:\/\/doi.org\/10.1007\/s00180-020-00999-9.","journal-title":"Computational Statistics"}],"container-title":["Journal of Computer Science and Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11390-025-4497-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11390-025-4497-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11390-025-4497-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T02:08:58Z","timestamp":1757210938000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11390-025-4497-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5]]},"references-count":28,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,5]]}},"alternative-id":["4497"],"URL":"https:\/\/doi.org\/10.1007\/s11390-025-4497-x","relation":{},"ISSN":["1000-9000","1860-4749"],"issn-type":[{"value":"1000-9000","type":"print"},{"value":"1860-4749","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5]]},"assertion":[{"value":"1 June 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 February 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 July 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Conflict of Interest The authors declare that they have no conflict of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics"}}]}}