AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Article Link
Collect
Submit Manuscript
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Regular Paper

AB-DHD: An Attention Mechanism and Bi-Directional Gated Recurrent Unit Based Model for Dynamic Link Library Hijacking Vulnerability Discovery

School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
Show Author Information

Abstract

With the rapid development of operating systems, attacks on system vulnerabilities are increasing. Dynamic link library (DLL) hijacking is prevalent in installers on freeware platforms and is highly susceptible to exploitation by malware attackers. However, existing studies are based solely on the load paths of DLLs, ignoring the attributes of installers and invocation modes, resulting in low accuracy and weak generality of vulnerability detection. In this paper, we propose a novel model, AB-DHD, which is based on an attention mechanism and a bi-directional gated recurrent unit (BiGRU) neural network for DLL hijacking vulnerability discovery. While BiGRU is an enhancement of GRU and has been widely applied in sequence data processing, a double-layer BiGRU network is introduced to analyze the internal features of installers with DLL hijacking vulnerabilities. Additionally, an attention mechanism is incorporated to dynamically adjust feature weights, significantly enhancing the ability of our model to detect vulnerabilities in new installers. A comprehensive “List of Easily Hijacked DLLs” is developed to serve a reference for future studies. We construct an EXEFul dataset and a DLLVul dataset, using data from two publicly available authoritative vulnerability databases, Common Vulnerabilities & Exposures (CVE) and China National Vulnerability Database (CNVD), and mainstream installer distribution platforms. Experimental results show that our model outperforms popular automated tools like Rattler and DLLHSC, achieving an accuracy of 97.79% and a recall of 94.72%. Moreover, 17 previously unknown vulnerabilities have been identified, and corresponding vulnerability certifications have been assigned.

Electronic Supplementary Material

Download File(s)
JCST-2406-14497-Highlights.pdf (260.8 KB)

References

【1】
【1】
 
 
Journal of Computer Science and Technology
Pages 887-903

{{item.num}}

Comments on this article

Go to comment

< Back to all reports

Review Status: {{reviewData.commendedNum}} Commended , {{reviewData.revisionRequiredNum}} Revision Required , {{reviewData.notCommendedNum}} Not Commended Under Peer Review

Review Comment

Close
Close
Cite this article:
Chen X, Sha L-T, Xiao F, et al. AB-DHD: An Attention Mechanism and Bi-Directional Gated Recurrent Unit Based Model for Dynamic Link Library Hijacking Vulnerability Discovery. Journal of Computer Science and Technology, 2025, 40(3): 887-903. https://doi.org/10.1007/s11390-025-4497-x

910

Views

1

Crossref

1

Web of Science

1

Scopus

0

CSCD

Received: 01 June 2024
Accepted: 18 February 2025
Published: 30 April 2025
© Institute of Computing Technology, Chinese Academy of Sciences 2025