{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T07:01:17Z","timestamp":1764831677153,"version":"3.46.0"},"reference-count":40,"publisher":"Tech Science Press","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.067636","type":"journal-article","created":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T11:14:57Z","timestamp":1753269297000},"page":"3041-3066","source":"Crossref","is-referenced-by-count":0,"title":["MemHookNet: Real-Time Multi-Class Heap Anomaly Detection with Log Hooking"],"prefix":"10.32604","volume":"85","author":[{"given":"Siyi","family":"Wang","sequence":"first","affiliation":[]},{"given":"Yan","family":"Zhuang","sequence":"additional","affiliation":[]},{"given":"Zhizhuang","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Xinhao","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Menglan","family":"Li","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","unstructured":"Mitre. Stubborn Weaknesses in the CWE Top 25 [Internet]. 2024 [cited 2024 Jan 1]. Available from: https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_stubborn_weaknesses.html."},{"key":"ref2","series-title":"Proceedings of the 40th International Conference on Software Engineering; 2018 May 27\u2013Jun 3","first-page":"327","article-title":"Spatio-temporal context reduction: a pointer-analysis-based static approach for detecting use-after-free vulnerabilities","author":"Yan"},{"key":"ref3","doi-asserted-by":"crossref","first-page":"100859","DOI":"10.1016\/j.jlamp.2023.100859","article-title":"A memory-related vulnerability detection approach based on vulnerability model with petri net","volume":"132","author":"Chen","year":"2023","journal-title":"J Log Algebr Methods Program"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"2398","DOI":"10.1109\/TSE.2024.3438119","article-title":"AddressWatcher: sanitizerbased localization of memory leak fixes","volume":"50","author":"Murali","year":"2024","journal-title":"IEEE Trans Softw Eng"},{"key":"ref5","series-title":"Proceedings of the 44th International Conference on Software Engineering; 2022 May 25\u201327","first-page":"659","article-title":"Demystifying the dependency challenge in kernel fuzzing","author":"Hao"},{"journal-title":"A survey of static program analysis techniques. Tech Rep","year":"2005","author":"W\u00f6gerer","key":"ref6"},{"key":"ref7","series-title":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis; 2021 Jul 11\u201317","first-page":"309","article-title":"UAFSan: an object-identifier-based dynamic approach for detecting use-after-free vulnerabilities","author":"Gui","year":"2021"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"202","DOI":"10.1109\/MNET.011.2000450","article-title":"Toward hybrid static-dynamic detection of vulnerabilities in IoT firmware","volume":"35","author":"He","year":"2020","journal-title":"IEEE Netw"},{"key":"ref9","series-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security; 2017 Oct 30\u2013Nov 3","first-page":"1285","article-title":"Deeplog: anomaly detection and diagnosis from system logs through deep learning","author":"Du"},{"key":"ref10","first-page":"4739","article-title":"Loganomaly: unsupervised detection of sequential and quantitative anomalies in unstructured logs","volume":"19","author":"Meng","year":"2019","journal-title":"Int Joint Conf Artif Intell Organizat"},{"key":"ref11","series-title":"Proceedings of the 2024 IEEE\/ACM 46th International Conference on Software Engineering: Companion Proceedings; 2024 Apr 14\u201320","first-page":"306","article-title":"Graph neural networks based log anomaly detection and explanation","author":"Li"},{"key":"ref12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3691338","article-title":"Deep learning for time series anomaly detection: a survey","volume":"57","author":"Zamanzadeh Darban","year":"2024","journal-title":"ACM Comput Surv"},{"key":"ref13","series-title":"The Network and Distributed System Security (NDSS) Symposium 2015; 2015 Feb 8\u201311","first-page":"1","article-title":"Preventing use-after-free with dangling pointers nullification","author":"Lee"},{"key":"ref14","doi-asserted-by":"crossref","first-page":"103048","DOI":"10.1016\/j.cose.2022.103048","article-title":"UAF-GUARD: defending the use-after-free exploits via fine-grained memory permission management","volume":"125","author":"Xu","year":"2023","journal-title":"Comput Secur"},{"key":"ref15","first-page":"4571","article-title":"A unified model for multi-class anomaly detection","volume":"35","author":"You","year":"2022","journal-title":"Adv Neural Inf Process Syst"},{"key":"ref16","first-page":"228","author":"Huang","year":"2024","journal-title":"International forum on digital TV and wireless multimedia communications"},{"key":"ref17","first-page":"100470","article-title":"Deep learning for anomaly detection in log data: a survey","volume":"12","author":"Landauer","year":"2023","journal-title":"Mach Learn Appl"},{"key":"ref18","series-title":"Network and Distributed System Security (NDSS) Symposium 2025; 2025 Feb 24\u201328","first-page":"1","article-title":"Statically discover cross-entry use-after-free vulnerabilities in the linux kernel","author":"Zhang"},{"key":"ref19","unstructured":"Cppcheck Team. Cppcheck software official website [Internet]. 2018 [cited 2024 Jan 1]. Available from: http:\/\/cppcheck.sourceforge.net\/."},{"key":"ref20","unstructured":"Wheeler DA. Flawfinder software official website [Internet]. 2018 [cited 2024 Jan 1]. Available from: https:\/\/www.dwheeler.com\/flawfinder\/."},{"key":"ref21","unstructured":"Valgrind Team. Valgrind: a memory debugging, memory leak detection, and profiling tool; 2018 [Internet]. [cited 2024 Jan 1]. Available from: http:\/\/valgrind.org\/."},{"key":"ref22","unstructured":"Google. AddressSanitizer [Internet]. 2024 [cited 2024 Jan 1]. Available from: https:\/\/github.com\/google\/sanitizers\/wiki\/AddressSanitizer."},{"key":"ref23","series-title":"Proceedings of the Twelfth European Conference on Computer Systems; 2017 Apr 23\u201326","first-page":"405","article-title":"Dangsan: scalable use-after-free detection","author":"Van Der Kouwe"},{"key":"ref24","series-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security; 2022 Nov 7\u201311","first-page":"1307","article-title":"DangZero: efficient use-after-free detection via direct page table access","author":"Gorter"},{"key":"ref25","series-title":"Proceedings of the 33rd USENIX Conference on Security Symposium; 2024 Aug 14\u201316","first-page":"181","article-title":"BUDAlloc: defeating use-after-free bugs by decoupling virtual address management from kernel","author":"Ahn"},{"key":"ref26","unstructured":"Shoshitaishvili Y, Brunton G, Rawat N. Angr: a platform for analyzing binary programs [Internet]. 2018 [cited 2024 Jan 1]. Available from: https:\/\/github.com\/angr\/angr."},{"key":"ref27","unstructured":"Google Inc. Driller: a hybrid fuzzing tool combining static and dynamic analysis [Internet]. 2018 [cited 2024 Jan 1]. Available from: https:\/\/github.com\/googleprojectzero\/driller."},{"key":"ref28","doi-asserted-by":"crossref","first-page":"120043","DOI":"10.1109\/ACCESS.2021.3107975","article-title":"Deep learning for anomaly detection in time-series data: review, analysis, and guidelines","volume":"9","author":"Choi","year":"2021","journal-title":"IEEE Access"},{"key":"ref29","series-title":"Pacific-Asia Conference on Knowledge Discovery and Data Mining; 2021 May 11\u201314","first-page":"66","article-title":"Glad-paw: graph-based log anomaly detection by position aware weighted graph attention network","author":"Wan"},{"key":"ref30","series-title":"Proceedings of the 44th International Conference on Software Engineering; 2022 May 25\u201327","first-page":"623","article-title":"Deeptralog: trace-log combined microservice anomaly detection through graph-based deep learning","author":"Zhang"},{"key":"ref31","unstructured":"Kern P. Injecting shared libraries with LD_PRELOAD for cyber deception [master\u2019s thesis]. Vienna, Austria: Technische Universit\u00e4t Wien; 2023."},{"key":"ref32","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1007\/s11265-021-01644-4","article-title":"A LSTM-based anomaly detection model for log analysis","volume":"93","author":"Zhao","year":"2021","journal-title":"J Signal Process Syst"},{"article-title":"Understanding memory access patterns for prefetching","series-title":"International Workshop on AI-assisted Design for Architecture (AIDArc), Held in Conjunction with ISCA; 2019 Jun 22","author":"Braun","key":"ref33"},{"key":"ref34","first-page":"21","article-title":"Multi-class sentiment classification on Bengali social media comments using machine learning","volume":"4","author":"Haque","year":"2023","journal-title":"Int J Cogn Comput Eng"},{"key":"ref35","first-page":"1718","article-title":"Emotion detection using a bidirectional long-short term memory (bilstm) neural network","volume":"4","author":"Amadi","year":"2023","journal-title":"Int J Curr Pharm Rev Res"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"4890","DOI":"10.1038\/s41598-024-55483-x","article-title":"Advanced hybrid LSTM-transformer architecture for real-time multi-task prediction in engineering systems","volume":"14","author":"Cao","year":"2024","journal-title":"Sci Rep"},{"key":"ref37","doi-asserted-by":"crossref","first-page":"4140","DOI":"10.3390\/app12094140","article-title":"Arabic language opinion mining based on long short-term memory (LSTM)","volume":"12","author":"Setyanto","year":"2022","journal-title":"Appl Sci"},{"key":"ref38","unstructured":"Brody S, Alon U, Yahav E. How attentive are graph attention networks? arXiv:2105.14491. 2021."},{"key":"ref39","series-title":"International Conference on Medical Image Computing and Computer-Assisted Intervention; 2023 Oct 8\u201312","first-page":"723","article-title":"An explainable geometric-weighted graph attention network for identifying functional networks associated with gait impairment","author":"Nerrise"},{"key":"ref40","series-title":"2020 IEEE International Conference on Data Mining (ICDM); 2020 Nov 17\u201320","first-page":"841","article-title":"Multivariate time-series anomaly detection via graph attention network","author":"Zhao"}],"container-title":["Computers, Materials & Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-85-2\/TSP_CMC_67636\/TSP_CMC_67636.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T05:35:41Z","timestamp":1764826541000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v85n2\/63833"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":40,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.067636","relation":{},"ISSN":["1546-2226"],"issn-type":[{"type":"electronic","value":"1546-2226"}],"subject":[],"published":{"date-parts":[[2025]]}}}