{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,15]],"date-time":"2025-11-15T10:36:57Z","timestamp":1763203017539,"version":"3.44.0"},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2025,7,1]],"date-time":"2025-07-01T00:00:00Z","timestamp":1751328000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,7,1]],"date-time":"2025-07-01T00:00:00Z","timestamp":1751328000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation","award":["No. CSSAE-2023-013"],"award-info":[{"award-number":["No. CSSAE-2023-013"]}]},{"DOI":"10.13039\/501100001809","name":"the National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["No. 62372086"],"award-info":[{"award-number":["No. 62372086"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"the Sichuan Science and Technology Program","award":["No. 2024NSFTD0031"],"award-info":[{"award-number":["No. 2024NSFTD0031"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Peer-to-Peer Netw. Appl."],"published-print":{"date-parts":[[2025,7]]},"DOI":"10.1007\/s12083-025-02073-x","type":"journal-article","created":{"date-parts":[[2025,7,14]],"date-time":"2025-07-14T08:33:44Z","timestamp":1752482024000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["WIVIM: Web Injection Vulnerabilities Detection Based on Interprocedural Analysis and MiniLM-GNN"],"prefix":"10.1007","volume":"18","author":[{"given":"Yizhong","family":"Wei","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weina","family":"Niu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yi","family":"Shen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Honghua","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiacheng","family":"Gong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaosong","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,7,14]]},"reference":[{"key":"2073_CR1","unstructured":"OWASP (2021) OWASP TOP 10 . https:\/\/owasp.org\/Top10\/. Accessed: 2025-04-27 (2021)"},{"issue":"6","key":"2073_CR2","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSP.2004.111","volume":"2","author":"B Chess","year":"2004","unstructured":"Chess B, McGraw G (2004) Static analysis for security. IEEE Secur Privacy 2(6):76\u201379. https:\/\/doi.org\/10.1109\/MSP.2004.111","journal-title":"IEEE Secur Privacy"},{"key":"2073_CR3","doi-asserted-by":"publisher","unstructured":"Gould C, Su Z, Devanbu P (2004) Jdbc checker: a static analysis tool for sql\/jdbc applications. In: Proceedings. 26th International Conference on Software Engineering, pp 697\u2013698. https:\/\/doi.org\/10.1109\/ICSE.2004.1317494","DOI":"10.1109\/ICSE.2004.1317494"},{"key":"2073_CR4","doi-asserted-by":"publisher","unstructured":"Zhioua Z, Short S, Roudier Y (2014) Static code analysis for software security verification: Problems and approaches. In: 2014 IEEE 38th International Computer Software and Applications Conference Workshops, pp 102\u2013109. https:\/\/doi.org\/10.1109\/COMPSACW.2014.22","DOI":"10.1109\/COMPSACW.2014.22"},{"key":"2073_CR5","doi-asserted-by":"publisher","unstructured":"Kang J, Park JH (2017) A secure-coding and vulnerability check system based on smart-fuzzing and exploit. Neurocomputing 256:23\u201334. https:\/\/doi.org\/10.1016\/j.neucom.2015.11.139. Fuzzy Neuro Theory and Technologies for Cloud Computing","DOI":"10.1016\/j.neucom.2015.11.139"},{"key":"2073_CR6","volume-title":"Open Source Fuzzing Tools","author":"GE Noam Rathaus","year":"2007","unstructured":"Noam Rathaus GE (2007) Open Source Fuzzing Tools. Syngress Publishing, Rockland, MA, USA"},{"key":"2073_CR7","doi-asserted-by":"publisher","unstructured":"Falana OJ, Ebo IO, Tinubu CO, Adejimi OA, Ntuk A (2020) Detection of cross-site scripting attacks using dynamic analysis and fuzzy inference system. In: 2020 International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS), pp 1\u20136. https:\/\/doi.org\/10.1109\/ICMCECS47690.2020.240871","DOI":"10.1109\/ICMCECS47690.2020.240871"},{"key":"2073_CR8","unstructured":"Lucca GAD, Fasolino AR, Mastoianni M, Tramontana P (2004) Identifying cross site scripting vulnerabilities in web applications. In: Proceedings of the Web Site Evolution, Sixth IEEE International Workshop. WSE \u201904, pp 71\u201380. IEEE Computer Society, USA"},{"key":"2073_CR9","doi-asserted-by":"publisher","unstructured":"Wu Y, Lu J, Zhang Y, Jin S (2021) Vulnerability detection in c\/c++ source code with graph representation learning. In: 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), pp 1519\u20131524. https:\/\/doi.org\/10.1109\/CCWC51732.2021.9376145","DOI":"10.1109\/CCWC51732.2021.9376145"},{"key":"2073_CR10","doi-asserted-by":"publisher","unstructured":"Li X, Wang L, Xin Y, Yang Y, Chen Y (2020) Automated vulnerability detection in source code using minimum intermediate representation learning. Appl Sci 10(5) https:\/\/doi.org\/10.3390\/app10051692","DOI":"10.3390\/app10051692"},{"key":"2073_CR11","unstructured":"JetBrains (2024) The state of developer ecosystem 2024. https:\/\/www.jetbrains.com\/lp\/devecosystem-2024\/. Accessed: 2025-04-27"},{"key":"2073_CR12","doi-asserted-by":"publisher","unstructured":"Feng P, Yang L, Lu D, et al (2023) Bejagnn: behavior-based java malware detection via graph neural network. The J Supercomput 79:15390\u201315414. https:\/\/doi.org\/10.1007\/s11227-023-05243-x","DOI":"10.1007\/s11227-023-05243-x"},{"key":"2073_CR13","doi-asserted-by":"publisher","unstructured":"Ibarra-Fiallos S, Higuera JB, Intriago-Pazmi\u00f1o M, Higuera JRB, Montalvo JAS, Cubo J (2021) Effective filter for common injection attacks in online web applications. IEEE Access 9:10378\u201310391. https:\/\/doi.org\/10.1109\/ACCESS.2021.3050566","DOI":"10.1109\/ACCESS.2021.3050566"},{"key":"2073_CR14","doi-asserted-by":"publisher","unstructured":"Jovanovic N, Kruegel C, Kirda E (2006) Pixy: a static analysis tool for detecting web application vulnerabilities. In: 2006 IEEE Symposium on Security and Privacy (S &P\u201906), pp 6\u2013263. https:\/\/doi.org\/10.1109\/SP.2006.29","DOI":"10.1109\/SP.2006.29"},{"key":"2073_CR15","doi-asserted-by":"publisher","unstructured":"Nguyen-Tuong A, Guarnieri S, Greene D, Shirley J, Evans D (2004) Automatically hardening web applications using precise tainting. In: Security and Privacy in the Age of Ubiquitous Computing, pp 295\u2013307. Springer, Boston, MA. https:\/\/doi.org\/10.1007\/0-387-25660-1_20","DOI":"10.1007\/0-387-25660-1_20"},{"key":"2073_CR16","doi-asserted-by":"publisher","unstructured":"Haldar V, Chandra D, Franz M (2005) Dynamic taint propagation for java. In: 21st Annual Computer Security Applications Conference (ACSAC\u201905), pp 9\u2013311. https:\/\/doi.org\/10.1109\/CSAC.2005.21","DOI":"10.1109\/CSAC.2005.21"},{"key":"2073_CR17","doi-asserted-by":"publisher","unstructured":"Chapman P, Evans D (2011) Automated black-box detection of side-channel vulnerabilities in web applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. CCS \u201911, pp 263\u2013274. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/2046707.2046737","DOI":"10.1145\/2046707.2046737"},{"key":"2073_CR18","doi-asserted-by":"publisher","unstructured":"Monga M, Paleari R, Passerini E (2009) A hybrid analysis framework for detecting web application vulnerabilities. In: 2009 ICSE Workshop on Software Engineering for Secure Systems, pp 25\u201332. https:\/\/doi.org\/10.1109\/IWSESS.2009.5068455","DOI":"10.1109\/IWSESS.2009.5068455"},{"key":"2073_CR19","doi-asserted-by":"publisher","unstructured":"Li Z, Zou D, Xu S, Ou X, Jin H, Wang S, Deng Z, Zhong Y (2018) Vuldeepecker: A deep learning-based system for vulnerability detection. In: Proceedings 2018 Network and Distributed System Security Symposium. NDSS 2018. https:\/\/doi.org\/10.14722\/ndss.2018.23158","DOI":"10.14722\/ndss.2018.23158"},{"issue":"5","key":"2073_CR20","doi-asserted-by":"publisher","first-page":"2224","DOI":"10.1109\/TDSC.2019.2942930","volume":"18","author":"D Zou","year":"2021","unstructured":"Zou D, Wang S, Xu S, Li Z, Jin H (2021) $$\\mu $$vuldeepecker: A deep learning-based system for multiclass vulnerability detection. IEEE Trans Depend Secur Comput 18(5):2224\u20132236. https:\/\/doi.org\/10.1109\/TDSC.2019.2942930","journal-title":"IEEE Trans Depend Secur Comput"},{"issue":"1","key":"2073_CR21","doi-asserted-by":"publisher","first-page":"1032","DOI":"10.1109\/JSYST.2021.3072154","volume":"16","author":"H Zhang","year":"2022","unstructured":"Zhang H, Bi Y, Guo H, Sun W, Li J (2022) Isvsf: Intelligent vulnerability detection against java via sentence-level pattern exploring. IEEE Syst J 16(1):1032\u20131043. https:\/\/doi.org\/10.1109\/JSYST.2021.3072154","journal-title":"IEEE Syst J"},{"key":"2073_CR22","unstructured":"Zhou Y, Liu S, Siow J, Du X, Liu Y (2019) Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks. arXiv:1909.03496"},{"key":"2073_CR23","doi-asserted-by":"publisher","unstructured":"Watson A, Ufuktepe E, Palaniappan K (2022) Detecting software code vulnerabilities using 2d convolutional neural networks with program slicing feature maps. In: 2022 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), pp 1\u20139. https:\/\/doi.org\/10.1109\/AIPR57179.2022.10092211","DOI":"10.1109\/AIPR57179.2022.10092211"},{"key":"2073_CR24","doi-asserted-by":"crossref","unstructured":"Wang W, Wei F, Dong L, Bao H, Yang N, Zhou M (2020) MiniLM: Deep Self-Attention Distillation for Task-Agnostic Compression of Pre-Trained Transformers. arXiv:2002.10957","DOI":"10.18653\/v1\/2021.findings-acl.188"},{"key":"2073_CR25","doi-asserted-by":"crossref","unstructured":"Liu S, Xie X, Siow J, Ma L, Meng G, Liu Y (2023) GraphSearchNet: Enhancing GNNs via Capturing Global Dependencies for Semantic Code Search. arXiv:2111.02671","DOI":"10.1109\/TSE.2022.3233901"},{"key":"2073_CR26","doi-asserted-by":"publisher","unstructured":"Wang H, Ye G, Tang Z, Tan SH, Huang S, Fang D, Feng Y, Bian L, Wang Z (2021) Combining graph-based learning with automated data collection for code vulnerability detection. IEEE Trans. Inf. Foren. Secur. 16:1943\u20131958. https:\/\/doi.org\/10.1109\/TIFS.2020.3044773","DOI":"10.1109\/TIFS.2020.3044773"},{"key":"2073_CR27","doi-asserted-by":"publisher","unstructured":"Zhang B, Zhi X, Wang M, Ren R, Dong J (2025) Enhancing java web application security: Injection vulnerability detection via interprocedural analysis and deep learning. IEEE Trans Reliab, 1\u201315. https:\/\/doi.org\/10.1109\/TR.2024.3521381","DOI":"10.1109\/TR.2024.3521381"},{"key":"2073_CR28","unstructured":"JavaParser: JavaParser. https:\/\/javaparser.org\/. Accessed: 2025-04-27"},{"key":"2073_CR29","unstructured":"OWASP: OWASP Benchmark. https:\/\/owasp.org\/www-project-benchmark\/. Accessed: 2025-04-27"}],"container-title":["Peer-to-Peer Networking and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-025-02073-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12083-025-02073-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-025-02073-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T15:22:24Z","timestamp":1758986544000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12083-025-02073-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7]]},"references-count":29,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,7]]}},"alternative-id":["2073"],"URL":"https:\/\/doi.org\/10.1007\/s12083-025-02073-x","relation":{},"ISSN":["1936-6442","1936-6450"],"issn-type":[{"type":"print","value":"1936-6442"},{"type":"electronic","value":"1936-6450"}],"subject":[],"published":{"date-parts":[[2025,7]]},"assertion":[{"value":"29 April 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 July 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}},{"value":"The submitted works are original and have not been published elsewhere in any form or language (partially or in full), nor are they under consideration by another publisher.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics Approval"}},{"value":"All the authors agree to publication in Peer-to-Peer Networking and Applications.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to Publish"}}],"article-number":"245"}}