{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T00:01:39Z","timestamp":1772064099093,"version":"3.50.1"},"reference-count":40,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2017,5,1]],"date-time":"2017-05-01T00:00:00Z","timestamp":1493596800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"Northrop Grumman Systems Corporation"},{"DOI":"10.13039\/100000180","name":"Department of Homeland Security (DHS)","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000180","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100008287","name":"Science and Technology Directorate","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100008287","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Homeland Security Advanced Research Projects Agency"},{"name":"Cyber Security Division"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2017,5,1]]},"DOI":"10.1109\/tse.2016.2598336","type":"journal-article","created":{"date-parts":[[2016,8,5]],"date-time":"2016-08-05T18:24:04Z","timestamp":1470421444000},"page":"415-431","source":"Crossref","is-referenced-by-count":24,"title":["A System for Profiling and Monitoring Database Access Patterns by Application Programs for Anomaly Detection"],"prefix":"10.1109","volume":"43","author":[{"given":"Lorenzo","family":"Bossi","sequence":"first","affiliation":[]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[]},{"given":"Syed Rafiul","family":"Hussain","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813654"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2015.37"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"ref32","article-title":"Efficient context-sensitive intrusion detection","author":"giffin","year":"2004","journal-title":"Proc 11th Annu Netw Distrib Syst Security Symp"},{"key":"ref31","first-page":"432","article-title":"The use of program profiling for software maintenance with applications to the year 2000 problem","author":"reps","year":"1997","journal-title":"Proc 6th Eur Softw Eng Conf Held Jointly 5th ACM SIGSOFT Int Symp Found Softw Eng"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/2699026.2699111","article-title":"DetAnom: Detecting anomalous database transactions by insiders","author":"hussain","year":"2015","journal-title":"Proc 5th ACM Conf Data Appl Secur Privacy"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2213836.2213852"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2009.98"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14778\/2350229.2350262"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030126"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17714-9_6"},{"key":"ref40","doi-asserted-by":"crossref","first-page":"305","DOI":"10.3233\/JCS-2009-0321","article-title":"Reducing errors in the anomaly-based detection of Web-based attacks through the combined analysis of Web requests and SQL queries","volume":"17","author":"vigna","year":"2009","journal-title":"J Comput Secur"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1145\/1081706.1081750","article-title":"CUTE: A concolic unit testing engine for C","author":"sen","year":"2005","journal-title":"Proc 10th Eur Softw Eng Conf Held Jointly 13th ACM SIGSOFT Int Symp Found Softw Eng"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273484"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.41"},{"key":"ref15","author":"melton","year":"2001","journal-title":"SQL 1999 Understanding Relational Language Components"},{"key":"ref16","first-page":"13","article-title":"A classification of SQL injection attacks and countermeasures","volume":"1","author":"halfond","year":"2006","journal-title":"Proc IEEE Int Symp Secure Softw Eng"},{"key":"ref17","doi-asserted-by":"crossref","first-page":"419","DOI":"10.1007\/11817963_38","article-title":"CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools","author":"sen","year":"2006","journal-title":"Proc 18th Int Conf Comput Aided Verification"},{"key":"ref18","article-title":"SOOT-a Java bytecode optimization framework","author":"vall\u00e9e-rai","year":"1999","journal-title":"Proc Conf Centre Adv Studies Collaborative Res"},{"key":"ref19","year":"0","journal-title":"PostgreSQL-9 1 8"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_7"},{"key":"ref4","article-title":"Spotlight on: Programmers as malicious insiders (updated and revised)","author":"collins","year":"2013"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/11506881_8","article-title":"A learning-based approach to the detection of SQL attacks","author":"valeur","year":"2005","journal-title":"Proceedings of the 2nd International Conference on Intrusion and Malware Detection and Vulnerability Assessment"},{"key":"ref3","article-title":"Components and considerations in building an insider threat program","author":"huth","year":"2013"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301329"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2662384"},{"key":"ref5","first-page":"10","article-title":"Towards mechanisms for detection and prevention of data exfiltration by insiders: Keynote talk paper","author":"bertino","year":"2011","journal-title":"Proc 6th ACM Symp Inf Comput Commun Secur"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821514"},{"key":"ref7","year":"0","journal-title":"Trusted Platform Module"},{"key":"ref2","year":"2012","journal-title":"Cybersecurity watch survey How bad is the insider threat?"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"ref1","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-01890-9","author":"bertino","year":"2012","journal-title":"Data Protection from Insider Threats"},{"key":"ref20","article-title":"Code obfuscation literature survey","volume":"19","author":"balakrishnan","year":"2005","journal-title":"CS701 Construction of Compilers"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2487221"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/582095.582099"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_13"},{"key":"ref23","author":"lindholm","year":"2013","journal-title":"The JavaTM Virtual Machine Specification Java SE 7 Edition"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/PCCC.2007.358926"},{"key":"ref25","first-page":"264","article-title":"Learning fingerprints for a database intrusion detection system","author":"lee","year":"2002","journal-title":"Proc 7th European Symp Research in Computer Science"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/7927515\/07534833.pdf?arnumber=7534833","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T06:31:22Z","timestamp":1657002682000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7534833\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,1]]},"references-count":40,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tse.2016.2598336","relation":{},"ISSN":["0098-5589","1939-3520"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,5,1]]}}}