Seong-Su Yoon, Dong-Hyuk Shin, Ieck-Chae Euom^*

CMES-Computer Modeling in Engineering & Sciences, Vol.145, No.2, pp. 2683-2706, 2025, DOI:10.32604/cmes.2025.071577 - 26 November 2025

Abstract With the continuous expansion of digital infrastructures, malicious behaviors in host systems have become increasingly sophisticated, often spanning multiple processes and employing obfuscation techniques to evade detection. Audit logs, such as Sysmon, offer valuable insights; however, existing approaches typically flatten event sequences or rely on generic graph models, thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks. This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional (2D) spatio-temporal representation, where process hierarchy is modeled as the spatial axis and event chronology as the More >

Siyi Wang, Yan Zhuang^*, Zhizhuang Zhou, Xinhao Wang, Menglan Li

CMC-Computers, Materials & Continua, Vol.85, No.2, pp. 3041-3066, 2025, DOI:10.32604/cmc.2025.067636 - 23 September 2025

Abstract Heap memory anomalies, such as Use-After-Free (UAF), Double-Free, and Memory Leaks, pose critical security threats including system crashes, data leakage, and remote exploits. Existing methods often fail to handle multiple anomaly types and meet real-time detection demands. To address these challenges, this paper proposes MemHookNet, a real-time multi-class heap anomaly detection framework that combines log hooking with deep learning. Without modifying source code, MemHookNet non-intrusively captures memory operation logs at runtime and transforms them into structured sequences encoding operation types, pointer identifiers, thread context, memory sizes, and temporal intervals. A sliding-window Long Short-Term Memory (LSTM) More >

Zhanyang Xu^*, Zhe Wang, Jian Xu, Hongyan Shi, Hong Zhao

CMC-Computers, Materials & Continua, Vol.80, No.3, pp. 3991-4015, 2024, DOI:10.32604/cmc.2024.051620 - 12 September 2024

Abstract System logs, serving as a pivotal data source for performance monitoring and anomaly detection, play an indispensable role in assuring service stability and reliability. Despite this, the majority of existing log-based anomaly detection methodologies predominantly depend on the sequence or quantity attributes of logs, utilizing solely a single Recurrent Neural Network (RNN) and its variant sequence models for detection. These approaches have not thoroughly exploited the semantic information embedded in logs, exhibit limited adaptability to novel logs, and a single model struggles to fully unearth the potential features within the log sequence. Addressing these challenges,… More >

Mingguang Yu^1,2, Xia Zhang^1,2,*

Computer Systems Science and Engineering, Vol.46, No.3, pp. 2975-2994, 2023, DOI:10.32604/csse.2023.037505 - 03 April 2023

Abstract

In order to obtain information or discover knowledge from system logs, the first step is to perform log parsing, whereby unstructured raw logs can be transformed into a sequence of structured events. Although comprehensive studies on log parsing have been conducted in recent years, most assume that one event object corresponds to a single-line message. However, in a growing number of scenarios, one event object spans multiple lines in the log, for which parsing methods toward single-line events are not applicable. In order to address this problem, this paper proposes an automated log parsing method for

… More >

Yong Fang, Zhiying Zhao, Yijia Xu^*, Zhonglin Liu

CMC-Computers, Materials & Continua, Vol.74, No.2, pp. 4099-4118, 2023, DOI:10.32604/cmc.2023.033124 - 31 October 2022

Abstract System logs are essential for detecting anomalies, querying faults, and tracing attacks. Because of the time-consuming and labor-intensive nature of manual system troubleshooting and anomaly detection, it cannot meet the actual needs. The implementation of automated log anomaly detection is a topic that demands urgent research. However, the prior work on processing log data is mainly one-dimensional and cannot profoundly learn the complex associations in log data. Meanwhile, there is a lack of attention to the utilization of log labels and usually relies on a large number of labels for detection. This paper proposes a… More >