{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T17:21:53Z","timestamp":1725816113543},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319149769"},{"type":"electronic","value":"9783319149776"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-14977-6_41","type":"book-chapter","created":{"date-parts":[[2015,1,28]],"date-time":"2015-01-28T09:23:24Z","timestamp":1422437004000},"page":"377-390","source":"Crossref","is-referenced-by-count":13,"title":["SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity"],"prefix":"10.1007","author":[{"given":"Debabrata","family":"Kar","sequence":"first","affiliation":[]},{"given":"Suvasini","family":"Panigrahi","sequence":"additional","affiliation":[]},{"given":"Srikanth","family":"Sundararajan","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"41_CR1","unstructured":"OWASP: Top 10 Security Threats 2013 (2013), \n                    \n                      https:\/\/www.owasp.org\/index.php\/Top_10_2013-A1-Injection\n                    \n                    \n                   (accessed: November 15 2013)"},{"key":"41_CR2","unstructured":"TrustWave: Executive Summary: Trustwave 2012 Global Security Report (2012), \n                    \n                      https:\/\/www.trustwave.com\/global-security-report\n                    \n                    \n                   (accessed: June 24, 2013)"},{"key":"41_CR3","unstructured":"Maciejak, D., Lovet, G.: Botnet-Powered Sql Injection Attacks: A Deeper Look Within. In: Virus Bulletin Conference, pp. 286\u2013288 (September 2009)"},{"key":"41_CR4","unstructured":"Curtis, S.: Barclays: 97 percent of data breaches still due to SQL injection (January 2012), \n                    \n                      http:\/\/news.techworld.com\/security\/3331283\/barclays-97-percent-of-data-breaches-still-due-to-sql-injection\/"},{"key":"41_CR5","doi-asserted-by":"crossref","unstructured":"Livshits, B., Erlingsson, \u00da.: Using Web Application Construction Frameworks to Protect Against Code Injection Attacks. In: Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, pp. 95\u2013104. ACM (2007)","DOI":"10.1145\/1255329.1255346"},{"key":"41_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"S.W. Boyd","year":"2004","unstructured":"Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol.\u00a03089, pp. 292\u2013302. Springer, Heidelberg (2004)"},{"key":"41_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/978-3-642-11747-3_8","volume-title":"Engineering Secure Software and Systems","author":"M. Johns","year":"2010","unstructured":"Johns, M., Beyerlein, C., Giesecke, R., Posegga, J.: Secure code generation for web applications. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol.\u00a05965, pp. 96\u2013113. Springer, Heidelberg (2010)"},{"key":"41_CR8","unstructured":"Benedikt, M., Freire, J., Godefroid, P.: VeriWeb: Automatically Testing Dynamic Web Sites. In: Proceedings of 11th International World Wide Web Conference (WWW 2002). Citeseer (2002)"},{"key":"41_CR9","doi-asserted-by":"crossref","unstructured":"Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: Secubat: A Web Vulnerability Scanner. In: Proceedings of the 15th International Conference on World Wide Web, pp. 247\u2013256. ACM (2006)","DOI":"10.1145\/1135777.1135817"},{"key":"41_CR10","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Yu, D., Chander, A., Dhurjati, D., Inamura, H., Su, Z.: Dynamic Test Input Generation for Web Applications. In: Proceedings of the 2008 International Symposium on Software Testing and Analysis, pp. 249\u2013260. ACM (2008)","DOI":"10.1145\/1390630.1390661"},{"key":"41_CR11","doi-asserted-by":"crossref","unstructured":"Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEE\/ACM International Conference on Automated Software Engineering, pp. 174\u2013183. ACM (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"41_CR12","doi-asserted-by":"crossref","unstructured":"Buehrer, G., Weide, B., Sivilotti, P.: Using Parse Tree Validation to Prevent SQL Injection Attacks. In: Proceedings of the 5th International Workshop on Software Engineering and Middleware, pp. 106\u2013113. ACM (2005)","DOI":"10.1145\/1108473.1108496"},{"issue":"2","key":"41_CR13","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1145\/1698750.1698754","volume":"13","author":"P. Bisht","year":"2010","unstructured":"Bisht, P., Madhusudan, P., Venkatakrishnan, V.: CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks. ACM Transactions on Information and System Security (TISSEC)\u00a013(2), 14 (2010)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"41_CR14","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1016\/j.mcm.2011.01.050","volume":"55","author":"I. Lee","year":"2011","unstructured":"Lee, I., Jeong, S., Yeo, S., Moon, J.: A Novel Method for SQL Injection Attack Detection based on Removing SQL Query Attribute Values. Mathematical and Computer Modelling\u00a055, 58\u201368 (2011)","journal-title":"Mathematical and Computer Modelling"},{"key":"41_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-642-34883-9_21","volume-title":"Internet and Distributed Computing Systems","author":"Y. Wang","year":"2012","unstructured":"Wang, Y., Li, Z.: SQL Injection Detection via Program Tracing and Machine Learning. In: Xiang, Y., Pathan, M., Tao, X., Wang, H. (eds.) IDCS 2012. LNCS, vol.\u00a07646, pp. 264\u2013274. Springer, Heidelberg (2012)"},{"key":"41_CR16","unstructured":"Halfond, W., Viegas, J., Orso, A.: A Classification of SQL-injection Attacks and Countermeasures. In: International Symposium on Secure Software Engineering (ISSSE), pp. 12\u201323 (2006)"},{"key":"41_CR17","unstructured":"Maor, O., Shulman, A.: SQL Injection Signatures Evasion (White paper). Imperva, Inc. (April 2004), \n                    \n                      http:\/\/www.issa-sac.org\/info_resources\/ISSA_20050519_iMperva_SQLInjection.pdf"},{"key":"41_CR18","unstructured":"Dahse, J.: Exploiting hard filtered SQL Injections (March 2010), \n                    \n                      http:\/\/websec.wordpress.com\/2010\/03\/19\/exploiting-hard-filtered-sql-injections\/"},{"key":"41_CR19","doi-asserted-by":"crossref","unstructured":"Kar, D., Panigrahi, S.: Prevention of SQL Injection Attack Using Query Transformation and Hashing. In: Proceedings of the 3rd IEEE International Advance Computing Conference (IACC), pp. 1317\u20131323. IEEE (2013)","DOI":"10.1109\/IAdCC.2013.6514419"},{"key":"41_CR20","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071","volume-title":"Introduction to Information Retrieval","author":"C.D. Manning","year":"2008","unstructured":"Manning, C.D., Raghavan, P., Sch\u00fctze, H.: Introduction to Information Retrieval, vol.\u00a01. Cambridge University Press, Cambridge (2008), \n                    \n                      http:\/\/nlp.stanford.edu\/IR-book\/pdf\/irbookonlinereading.pdf"},{"issue":"4","key":"41_CR21","doi-asserted-by":"publisher","first-page":"555","DOI":"10.1016\/j.engappai.2006.09.001","volume":"20","author":"J.J. Garc\u00eda Adeva","year":"2007","unstructured":"Garc\u00eda Adeva, J.J., Pikatza Atxa, J.M.: Intrusion Detection in Web Applications using Text Mining. Engg. Appl. of Artificial Intelligence\u00a020(4), 555\u2013566 (2007)","journal-title":"Engg. Appl. of Artificial Intelligence"},{"key":"41_CR22","unstructured":"Liao, Y., Vemuri, V.R.: Using Text Categorization Techniques for Intrusion Detection. In: USENIX Security Symposium, vol.\u00a012, pp. 51\u201359 (2002)"},{"key":"41_CR23","unstructured":"Small, S., Mason, J., Monrose, F., Provos, N., Stubblefield, A.: To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads. In: USENIX Security Symposium, pp. 171\u2013184 (2008)"},{"key":"41_CR24","doi-asserted-by":"crossref","unstructured":"Gallagher, B., Eliassi-Rad, T.: Classification of HTTP Attacks: A Study on the ECML\/PKDD 2007 Discovery Challenge. In: Center for Advanced Signal and Image Sciences (CASIS) Workshop (2008)","DOI":"10.2172\/1113394"},{"key":"41_CR25","doi-asserted-by":"crossref","unstructured":"Ulmer, C., Gokhale, M.: A Configurable-Hardware Document-Similarity Classifier to Detect Web Attacks. In: 2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW), pp. 1\u20138. IEEE (April 2010)","DOI":"10.1109\/IPDPSW.2010.5470737"},{"issue":"2","key":"41_CR26","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1016\/j.jpdc.2010.07.005","volume":"71","author":"C. Ulmer","year":"2011","unstructured":"Ulmer, C., Gokhale, M., Gallagher, B., Top, P., Eliassi-Rad, T.: Massively parallel acceleration of a document-similarity classifier to detect web attacks. Journal of Parallel and Distributed Computing\u00a071(2), 225\u2013235 (2011)","journal-title":"Journal of Parallel and Distributed Computing"},{"key":"41_CR27","doi-asserted-by":"crossref","unstructured":"Choi, J., Kim, H., Choi, C., Kim, P.: Efficient Malicious Code Detection Using N-Gram Analysis and SVM. In: 2011 14th International Conference on Network-Based Information Systems (NBiS), pp. 618\u2013621. IEEE (2011)","DOI":"10.1109\/NBiS.2011.104"}],"container-title":["Lecture Notes in Computer Science","Distributed Computing and Internet Technology"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-14977-6_41","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T05:49:08Z","timestamp":1559108948000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-14977-6_41"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319149769","9783319149776"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-14977-6_41","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}