{"id":"https://openalex.org/W4396909800","doi":"https://doi.org/10.1109/tse.2024.3400404","title":"SQLPsdem: A Proxy-Based Mechanism Towards Detecting, Locating and Preventing Second-Order SQL Injections","display_name":"SQLPsdem: A Proxy-Based Mechanism Towards Detecting, Locating and Preventing Second-Order SQL Injections","publication_year":2024,"publication_date":"2024-05-14","ids":{"openalex":"https://openalex.org/W4396909800","doi":"https://doi.org/10.1109/tse.2024.3400404"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2024.3400404","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2024.3400404","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100673338","display_name":"Bing Zhang","orcid":"https://orcid.org/0000-0002-9867-8439"},"institutions":[{"id":"https://openalex.org/I39333907","display_name":"Yanshan University","ror":"https://ror.org/02txfnf15","country_code":"CN","type":"education","lineage":["https://openalex.org/I39333907"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Bing Zhang","raw_affiliation_strings":["School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China","institution_ids":["https://openalex.org/I39333907"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012589784","display_name":"Rong Ren","orcid":"https://orcid.org/0000-0002-7126-3911"},"institutions":[{"id":"https://openalex.org/I39333907","display_name":"Yanshan University","ror":"https://ror.org/02txfnf15","country_code":"CN","type":"education","lineage":["https://openalex.org/I39333907"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rong Ren","raw_affiliation_strings":["School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China","institution_ids":["https://openalex.org/I39333907"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100409741","display_name":"Jia Liu","orcid":"https://orcid.org/0000-0003-0383-0934"},"institutions":[{"id":"https://openalex.org/I39333907","display_name":"Yanshan University","ror":"https://ror.org/02txfnf15","country_code":"CN","type":"education","lineage":["https://openalex.org/I39333907"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jia Liu","raw_affiliation_strings":["School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China","institution_ids":["https://openalex.org/I39333907"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113207860","display_name":"Mingcai Jiang","orcid":null},"institutions":[{"id":"https://openalex.org/I39333907","display_name":"Yanshan University","ror":"https://ror.org/02txfnf15","country_code":"CN","type":"education","lineage":["https://openalex.org/I39333907"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingcai Jiang","raw_affiliation_strings":["School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China","institution_ids":["https://openalex.org/I39333907"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102869188","display_name":"Jiadong Ren","orcid":"https://orcid.org/0000-0002-2245-9133"},"institutions":[{"id":"https://openalex.org/I39333907","display_name":"Yanshan University","ror":"https://ror.org/02txfnf15","country_code":"CN","type":"education","lineage":["https://openalex.org/I39333907"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiadong Ren","raw_affiliation_strings":["School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China","institution_ids":["https://openalex.org/I39333907"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067021027","display_name":"Jingyue Li","orcid":"https://orcid.org/0000-0002-7958-391X"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Jingyue Li","raw_affiliation_strings":["Department of Computer science, Norwegian University of Science and Technology, Trondheim, Norway"],"affiliations":[{"raw_affiliation_string":"Department of Computer science, Norwegian University of Science and Technology, Trondheim, Norway","institution_ids":["https://openalex.org/I204778367"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100673338"],"corresponding_institution_ids":["https://openalex.org/I39333907"],"apc_list":null,"apc_paid":null,"fwci":2.443,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.89173816,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"50","issue":"7","first_page":"1807","last_page":"1826"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9739999771118164,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9739999771118164,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10317","display_name":"Advanced Database Systems and Queries","score":0.9609000086784363,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9426000118255615,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.881653904914856},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.6118561029434204},{"id":"https://openalex.org/keywords/proxy","display_name":"Proxy (statistics)","score":0.5362913012504578},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.47539839148521423},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.4386154115200043},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.4011985659599304},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.38465118408203125},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.25435590744018555},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.20730432868003845},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.07471749186515808}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.881653904914856},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.6118561029434204},{"id":"https://openalex.org/C2780148112","wikidata":"https://www.wikidata.org/wiki/Q1432581","display_name":"Proxy (statistics)","level":2,"score":0.5362913012504578},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.47539839148521423},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.4386154115200043},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.4011985659599304},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.38465118408203125},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.25435590744018555},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.20730432868003845},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.07471749186515808},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2024.3400404","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2024.3400404","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6800000071525574}],"awards":[{"id":"https://openalex.org/G7719504569","display_name":null,"funder_award_id":"F2022203026","funder_id":"https://openalex.org/F4320322163","funder_display_name":"Natural Science Foundation of Hebei Province"},{"id":"https://openalex.org/G8357833378","display_name":null,"funder_award_id":"62376240","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322163","display_name":"Natural Science Foundation of Hebei Province","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W322598024","https://openalex.org/W1511560695","https://openalex.org/W1978492394","https://openalex.org/W1983142587","https://openalex.org/W1997389706","https://openalex.org/W2001693166","https://openalex.org/W2020737857","https://openalex.org/W2059490789","https://openalex.org/W2080803678","https://openalex.org/W2088475168","https://openalex.org/W2129362719","https://openalex.org/W2131261404","https://openalex.org/W2134135191","https://openalex.org/W2144220405","https://openalex.org/W2147478478","https://openalex.org/W2149232727","https://openalex.org/W2166381878","https://openalex.org/W2197605297","https://openalex.org/W2297909557","https://openalex.org/W2401211217","https://openalex.org/W2474123059","https://openalex.org/W2750660666","https://openalex.org/W2755399248","https://openalex.org/W2785432546","https://openalex.org/W2901837432","https://openalex.org/W2916086000","https://openalex.org/W2923928864","https://openalex.org/W2946129952","https://openalex.org/W3001455961","https://openalex.org/W3160212939","https://openalex.org/W3203610772","https://openalex.org/W4287739184","https://openalex.org/W4400833349","https://openalex.org/W6600897621","https://openalex.org/W6628190228","https://openalex.org/W6634988252","https://openalex.org/W6725651428","https://openalex.org/W6794678119"],"related_works":["https://openalex.org/W3107810407","https://openalex.org/W2571113418","https://openalex.org/W2359391484","https://openalex.org/W4206678297","https://openalex.org/W3196457791","https://openalex.org/W2133089983","https://openalex.org/W3202423697","https://openalex.org/W4385682279","https://openalex.org/W4372049114","https://openalex.org/W2152875642"],"abstract_inverted_index":{"Due":[0],"to":[1,92,96,105,115,165,194,212],"well-hidden":[2],"and":[3,20,26,39,46,62,67,88,123,168,184,190,200,251],"stage-triggered":[4],"properties":[5],"of":[6,187,222,270],"second-order":[7,48,169,178,245],"SQL":[8,49,57,86,131,170,234,254],"injections":[9,50],"in":[10,17,59,173,204,257],"web":[11,60,121,142,174,210,260],"applications,":[12,175],"current":[13],"approaches":[14],"are":[15,128],"ineffective":[16],"addressing":[18],"them":[19],"still":[21],"report":[22],"high":[23],"false":[24,27,31,196],"negatives":[25],"positives.":[28],"To":[29],"reduce":[30,195],"results,":[32],"we":[33,83,215],"propose":[34],"a":[35,141,182],"Proxy-based":[36],"static":[37,53],"analysis":[38,54],"dynamic":[40,113],"execution":[41,114],"mechanism":[42],"towards":[43],"detecting,":[44],"locating":[45],"preventing":[47],"(SQLPsdem).":[51],"The":[52,126],"first":[55,167],"locates":[56],"statements":[58,87,132],"applications":[61,122],"identifies":[63],"all":[64,98],"data":[65,118,127,147,158,206,224,272],"sources":[66],"injection":[68,77,171,235,255],"points":[69],"(e.g.,":[70],"Post,":[71],"Sessions,":[72],"Database,":[73],"File":[74],"names)":[75],"that":[76],"attacks":[78,95,151,236],"can":[79,216,263],"exploit.":[80],"After":[81],"that,":[82],"reconstruct":[84],"the":[85,99,117,129,137,146,153,157,177,205,209,213,218,223,226,229,267,271],"use":[89,111,181],"attack":[90,101,138,163,188,239],"engines":[91],"jointly":[93],"generate":[94],"cover":[97],"state-of-the-art":[100],"patterns":[102,164,189],"so":[103],"as":[104],"exploit":[106],"these":[107],"applications.":[108,261],"We":[109,155,180],"then":[110],"proxy-based":[112],"capture":[116],"transmitted":[119,207],"between":[120],"their":[124],"databases.":[125],"reconstructed":[130],"with":[133,159,273],"variable":[134],"values":[135],"from":[136,208],"payloads.":[139],"If":[140],"application":[143,211],"is":[144],"vulnerable,":[145],"will":[148],"contain":[149],"malicious":[150,202,268],"on":[152,225],"database.":[154,227],"match":[156],"rules":[160,193],"formulated":[161],"by":[162,231],"detect":[166],"vulnerabilities":[172,256],"particularly":[176],"ones.":[179],"representative":[183],"complete":[185],"coverage":[186],"precise":[191],"matching":[192],"results.":[197],"By":[198],"escaping":[199],"truncating":[201],"payloads":[203],"database,":[214],"eliminate":[217,266],"possible":[219],"negative":[220],"impact":[221,269],"In":[228],"evaluation,":[230],"generating":[232],"52,771":[233],"using":[237],"four":[238],"generators,":[240],"SQLPsdem":[241,262],"successfully":[242],"detects":[243],"26":[244],"(including":[246],"13":[247],"newly":[248],"discovered":[249],"ones)":[250],"375":[252],"first-order":[253],"12":[258],"open-source":[259],"also":[264],"100%":[265],"negligible":[274],"overhead.":[275]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}