TY  - EJOU
AU  - Wang, Siyi 
AU  - Zhuang, Yan 
AU  - Zhou, Zhizhuang 
AU  - Wang, Xinhao 
AU  - Li, Menglan 

TI  - MemHookNet: Real-Time Multi-Class Heap Anomaly Detection with Log Hooking
T2  - Computers, Materials \& Continua

PY  - 2025
VL  - 85
IS  - 2
SN  - 1546-2226

AB  - Heap memory anomalies, such as Use-After-Free (UAF), Double-Free, and Memory Leaks, pose critical security threats including system crashes, data leakage, and remote exploits. Existing methods often fail to handle multiple anomaly types and meet real-time detection demands. To address these challenges, this paper proposes MemHookNet, a real-time multi-class heap anomaly detection framework that combines log hooking with deep learning. Without modifying source code, MemHookNet non-intrusively captures memory operation logs at runtime and transforms them into structured sequences encoding operation types, pointer identifiers, thread context, memory sizes, and temporal intervals. A sliding-window Long Short-Term Memory (LSTM) module efficiently filters out suspicious segments, which are then transformed into pointer access graphs for classification using a GATv2-based model. Experimental results demonstrate that MemHookNet achieves 82.2% accuracy and 81.5% recall with an average inference time of 15 ms, outperforming DeepLog and GLAD-PAW by 11.7% in accuracy and reducing latency by over 80%.
KW  - Use-after-free detection; heap memory vulnerabilities; log analysis; memory leak detection; graph neural network

DO  - 10.32604/cmc.2025.067636