{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,20]],"date-time":"2026-06-20T16:51:40Z","timestamp":1781974300571,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CUHK Strategic Impact Enhancement Fund (SIEF)","award":["399857576"],"award-info":[{"award-number":["399857576"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670304","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"540-554","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["SWIDE: A Semantic-aware Detection Engine for Successful Web Injection Attacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-9733-9949","authenticated-orcid":false,"given":"Ronghai","family":"Yang","sequence":"first","affiliation":[{"name":"Sangfor Technologies Inc., Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1686-4981","authenticated-orcid":false,"given":"Xianbo","family":"Wang","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong SAR, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6387-8043","authenticated-orcid":false,"given":"Kaixuan","family":"Luo","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong SAR, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-4760-2583","authenticated-orcid":false,"given":"Xin","family":"Lei","sequence":"additional","affiliation":[{"name":"Sangfor Technologies Inc., Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5985-1771","authenticated-orcid":false,"given":"Ke","family":"Li","sequence":"additional","affiliation":[{"name":"Sangfor Technologies Inc., Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-0905-1604","authenticated-orcid":false,"given":"Jiayuan","family":"Xin","sequence":"additional","affiliation":[{"name":"Sangfor Technologies Inc., Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1179-7855","authenticated-orcid":false,"given":"Wing Cheong","family":"Lau","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong SAR, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Chinese National Vulnerability Database. https:\/\/www.cnnvd.org.cn."},{"key":"e_1_3_2_1_2_1","unstructured":"List of Keywords for Initial Filtering of PHP Code Execution Attacks. https:\/\/mobitec.ie.cuhk.edu.hk\/swide."},{"key":"e_1_3_2_1_3_1","unstructured":"PHP Manual. https:\/\/www.php.net\/manual\/en\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Adobe System Inc. Action message format - amf 3. https:\/\/rtmp.veriskope.com\/pdf\/amf3-file-format-spec.pdf."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1002\/ett.4150"},{"key":"e_1_3_2_1_6_1","volume-title":"Another tool for language recognition. online","author":"ANTLR.","year":"2023","unstructured":"ANTLR. Another tool for language recognition. online, 2023. https:\/\/github.com\/antlr\/antlr4."},{"key":"e_1_3_2_1_7_1","volume-title":"bison for grammar parsing. online","year":"2023","unstructured":"bison. bison for grammar parsing. online, 2023. http:\/\/web.mit.edu\/gnu\/doc\/html\/bison_4.html."},{"key":"e_1_3_2_1_8_1","first-page":"1","volume-title":"LISA","volume":"7","author":"Bolzoni D.","year":"2007","unstructured":"Bolzoni, D., Crispo, B., and Etalle, S. Atlantides: An architecture for alert verification in network intrusion detection systems. In LISA (2007), vol. 7, pp. 1--12."},{"key":"e_1_3_2_1_9_1","unstructured":"Caucho Technology Inc. Hessian 1.0.2 specification. https:\/\/www.caucho.com\/resin-3.1\/doc\/hessian-1.0-spec.xtp."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CINTI.2016.7846383"},{"key":"e_1_3_2_1_11_1","unstructured":"codersclub. Discuz!ml: A multilingual social network engine for tencent cloud. https:\/\/github.com\/codersclub\/Discuz.ML."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23262"},{"key":"e_1_3_2_1_13_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Dahse J.","year":"2014","unstructured":"Dahse, J., and Holz, T. Static detection of Second-Order vulnerabilities in web applications. In 23rd USENIX Security Symposium (USENIX Security 14) (San Diego, CA, Aug. 2014), USENIX Association, pp. 989--1003."},{"key":"e_1_3_2_1_14_1","unstructured":"Delpy B. mimikatz. https:\/\/github.com\/ParrotSec\/mimikatz."},{"key":"e_1_3_2_1_15_1","volume-title":"Ebnf: A notation to describe syntax. Cited on","author":"Feynman R.","year":"2016","unstructured":"Feynman, R., and Objectives, C. Ebnf: A notation to describe syntax. Cited on (2016), 10."},{"key":"e_1_3_2_1_16_1","volume-title":"Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security 28, 1--2","author":"Garcia-Teodoro P.","year":"2009","unstructured":"Garcia-Teodoro, P., Diaz-Verdejo, J., Maci\u00e1-Fern\u00e1ndez, G., and V\u00e1zqez, E. Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security 28, 1--2 (2009), 18--28."},{"key":"e_1_3_2_1_17_1","volume-title":"10th USENIX Security Symposium (USENIX Security 01)","author":"Handley M.","year":"2001","unstructured":"Handley, M., Paxson, V., and Kreibich, C. Network intrusion detection: Evasion, traffic normalization, and End-to-End protocol semantics. In 10th USENIX Security Symposium (USENIX Security 01) (Washington, D.C., Aug. 2001), USENIX Association."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.29"},{"key":"e_1_3_2_1_19_1","volume-title":"Flashdecoding: Faster large language model inference on gpus","author":"Hong K.","year":"2023","unstructured":"Hong, K., Dai, G., Xu, J., Mao, Q., Li, X., Liu, J., Chen, K., Dong, Y., and Wang, Y. Flashdecoding: Faster large language model inference on gpus, 2023."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2014.04.012"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948144"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450002"},{"key":"e_1_3_2_1_23_1","unstructured":"Microsoft. Windows Script Components in IIS. https:\/\/learn.microsoft.com\/enus\/previous-versions\/iis\/6.0-sdk\/ms524594(v=vs.90)."},{"key":"e_1_3_2_1_24_1","volume-title":"Use the power of ai to keep your business protected. online","author":"Microsoft","year":"2023","unstructured":"Microsoft. Use the power of ai to keep your business protected. online, 2023. https:\/\/www.techradar.com\/pro\/microsoft-security-copilot-wants-to-usethe-power-of-ai-to-keep-your-business-protected."},{"key":"e_1_3_2_1_25_1","volume-title":"Exploit public-facing application. online","author":"MITRE.","year":"2023","unstructured":"MITRE. Exploit public-facing application. online, 2023. https:\/\/attack.mitre.org\/techniques\/T1190\/."},{"key":"e_1_3_2_1_26_1","unstructured":"NIST. Cve-2019--13956 detail - nvd. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019- 13956."},{"key":"e_1_3_2_1_27_1","unstructured":"OWASP Top 10 team. A03 injection - owasp top 10:2021. https:\/\/owasp.org\/Top10\/A03_2021-Injection\/."},{"key":"e_1_3_2_1_28_1","first-page":"197","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Park S.","year":"2022","unstructured":"Park, S., Kim, D., Jana, S., and Son, S. {FUGIO}: Automatic exploit generation for {PHP} object injection vulnerabilities. In 31st USENIX Security Symposium (USENIX Security 22) (2022), pp. 197--214."},{"key":"e_1_3_2_1_29_1","volume-title":"re2c for lexical analysis. online","year":"2023","unstructured":"RE2C. re2c for lexical analysis. online, 2023. https:\/\/re2c.org\/."},{"key":"e_1_3_2_1_30_1","volume-title":"NDSS","author":"Robertson W.","year":"2006","unstructured":"Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R. A., et al. Using generalization and characterization techniques in the anomaly-based detection of web attacks. In NDSS (2006)."},{"key":"e_1_3_2_1_31_1","volume-title":"Network intrusion detection & prevention system. online","author":"Snort","year":"2023","unstructured":"Snort. Network intrusion detection & prevention system. online, 2023. https:\/\/www.snort.org\/."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948145"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155278"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1356058.1356066"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030088"},{"key":"e_1_3_2_1_36_1","first-page":"4337","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Wei F.","year":"2023","unstructured":"Wei, F., Li, H., Zhao, Z., and Hu, H. xNIDS: Explaining deep learning-based network intrusion detection systems for active intrusion responses. In 32nd USENIX Security Symposium (USENIX Security 23) (Anaheim, CA, Aug. 2023), USENIX Association, pp. 4337--4354."},{"key":"e_1_3_2_1_37_1","volume-title":"An open source network security monitoring tool. online","author":"Zeek","year":"2023","unstructured":"Zeek. An open source network security monitoring tool. online, 2023. https:\/\/zeek.org\/."},{"key":"e_1_3_2_1_38_1","volume-title":"Official zend framework repository. online","author":"Zend","year":"2023","unstructured":"Zend. Official zend framework repository. online, 2023. https:\/\/github.com\/zendframework\/zendframework."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the Computer Security Symposium 2017","author":"Zhong Y.","year":"2017","unstructured":"Zhong, Y., Aoki, K., Miyoshi, J., Shimada, H., and Takakura, H. Avt lite: Detection successful web attacks based-on attack code emulation. Proceedings of the Computer Security Symposium 2017, 2 (2017)."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670304","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670304","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:23:21Z","timestamp":1755843801000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670304"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":39,"alternative-id":["10.1145\/3658644.3670304","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670304","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}