{"id":"https://openalex.org/W1994716071","doi":"https://doi.org/10.1145/2554850.2555071","title":"Risk assessment of code injection vulnerabilities using fuzzy logic-based system","display_name":"Risk assessment of code injection vulnerabilities using fuzzy logic-based system","publication_year":2014,"publication_date":"2014-03-24","ids":{"openalex":"https://openalex.org/W1994716071","doi":"https://doi.org/10.1145/2554850.2555071","mag":"1994716071"},"language":"en","primary_location":{"id":"doi:10.1145/2554850.2555071","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2554850.2555071","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052820694","display_name":"Hossain Shahriar","orcid":"https://orcid.org/0000-0003-1021-7986"},"institutions":[{"id":"https://openalex.org/I172980758","display_name":"Kennesaw State University","ror":"https://ror.org/00jeqjx33","country_code":"US","type":"education","lineage":["https://openalex.org/I172980758"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hossain Shahriar","raw_affiliation_strings":["Kennesaw State University, Kennesaw, GA","Kennesaw State University, Kennesaw, Ga"],"affiliations":[{"raw_affiliation_string":"Kennesaw State University, Kennesaw, GA","institution_ids":["https://openalex.org/I172980758"]},{"raw_affiliation_string":"Kennesaw State University, Kennesaw, Ga","institution_ids":["https://openalex.org/I172980758"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033589500","display_name":"Hisham M. Haddad","orcid":null},"institutions":[{"id":"https://openalex.org/I172980758","display_name":"Kennesaw State University","ror":"https://ror.org/00jeqjx33","country_code":"US","type":"education","lineage":["https://openalex.org/I172980758"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hisham Haddad","raw_affiliation_strings":["Kennesaw State University, Kennesaw, GA","Kennesaw State University, Kennesaw, Ga"],"affiliations":[{"raw_affiliation_string":"Kennesaw State University, Kennesaw, GA","institution_ids":["https://openalex.org/I172980758"]},{"raw_affiliation_string":"Kennesaw State University, Kennesaw, Ga","institution_ids":["https://openalex.org/I172980758"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5052820694"],"corresponding_institution_ids":["https://openalex.org/I172980758"],"apc_list":null,"apc_paid":null,"fwci":3.9445,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.93727007,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1164","last_page":"1170"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9879999756813049,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.986299991607666,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.8834937810897827},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.8322968482971191},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8028907775878906},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6120243668556213},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5420516133308411},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5324654579162598},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.5056445598602295},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4940181374549866},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4680615961551666},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.4583629071712494},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.44230619072914124},{"id":"https://openalex.org/keywords/fuzzy-logic","display_name":"Fuzzy logic","score":0.41098207235336304},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40731728076934814},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4073152244091034},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3239174485206604},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.2664799392223358},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.23126953840255737},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.22885355353355408},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.15774041414260864},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14070400595664978},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.10838344693183899}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.8834937810897827},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.8322968482971191},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8028907775878906},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6120243668556213},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5420516133308411},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5324654579162598},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.5056445598602295},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4940181374549866},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4680615961551666},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.4583629071712494},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.44230619072914124},{"id":"https://openalex.org/C58166","wikidata":"https://www.wikidata.org/wiki/Q224821","display_name":"Fuzzy logic","level":2,"score":0.41098207235336304},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40731728076934814},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4073152244091034},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3239174485206604},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.2664799392223358},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.23126953840255737},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.22885355353355408},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.15774041414260864},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14070400595664978},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.10838344693183899},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2554850.2555071","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2554850.2555071","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W23242426","https://openalex.org/W117432202","https://openalex.org/W1510473424","https://openalex.org/W1566888658","https://openalex.org/W1963784704","https://openalex.org/W1970104171","https://openalex.org/W1972640883","https://openalex.org/W1981252920","https://openalex.org/W2008857097","https://openalex.org/W2024474165","https://openalex.org/W2067726273","https://openalex.org/W2076406307","https://openalex.org/W2076817253","https://openalex.org/W2097958165","https://openalex.org/W2109234412","https://openalex.org/W2112768365","https://openalex.org/W2118278564","https://openalex.org/W2122483144","https://openalex.org/W2137754413","https://openalex.org/W2140793146","https://openalex.org/W2147906352","https://openalex.org/W2150723842","https://openalex.org/W2155903751","https://openalex.org/W2156697706","https://openalex.org/W2171083853","https://openalex.org/W2963892614","https://openalex.org/W6641244023"],"related_works":["https://openalex.org/W4312406950","https://openalex.org/W3188339517","https://openalex.org/W2611747598","https://openalex.org/W2549898710","https://openalex.org/W2166381878","https://openalex.org/W2955734438","https://openalex.org/W4256450364","https://openalex.org/W4385706035","https://openalex.org/W4238821156","https://openalex.org/W189846524"],"abstract_inverted_index":{"Web":[0],"applications":[1,19,196],"are":[2,48,78],"notoriously":[3],"vulnerable":[4,235],"to":[5,13,21,25,80,130,135,156,161,173,179],"code":[6,22,41,86,139],"injection":[7,23,42,87,108,140],"attacks.":[8],"Given":[9],"that,":[10],"practitioners":[11],"need":[12],"assess":[14,131,180,230],"the":[15,51,67,132,158,185,210,225],"risk":[16,37,55,68,133,175],"posed":[17],"by":[18,50],"due":[20,134],"attacks":[24],"plan":[26],"ahead":[27],"on":[28],"employing":[29],"necessary":[30],"mitigation":[31],"approaches.":[32,118],"This":[33],"paper":[34],"proposes":[35],"a":[36,125,146,181],"assessment":[38,56],"approach":[39,191,227],"for":[40,202],"vulnerability":[43,163],"in":[44,73,92,98,116,198,216,234],"web":[45,195,218],"applications.":[46,219,236],"We":[47,169,188],"motivated":[49],"observation":[52],"that":[53,95,152,224],"traditional":[54],"approaches":[57],"work":[58],"well":[59],"when":[60],"quantitative":[61],"values":[62],"of":[63,66,101,107,138,148],"specific":[64,85],"parameters":[65],"computation":[69],"model":[70],"is":[71,145],"known":[72],"advance.":[74],"In":[75],"practice,":[76],"they":[77],"difficult":[79],"predict":[81],"correctly.":[82],"Moreover,":[83],"one":[84],"vulnerabilities":[88,109,178,215],"can":[89,153,228],"be":[90,114,154],"exploited":[91],"different":[93,99,136],"ways":[94],"may":[96],"result":[97],"types":[100,106,137],"severity":[102],"level.":[103],"Further,":[104],"diverse":[105],"and":[110,165,200,206],"their":[111,166],"implications":[112],"cannot":[113],"combined":[115],"existing":[117],"To":[119],"address":[120],"these":[121],"limitations,":[122],"we":[123],"propose":[124],"Fuzzy":[126],"Logic-based":[127],"System":[128],"(FLS)":[129],"vulnerabilities.":[141],"Our":[142],"further":[143],"contribution":[144],"set":[147],"proposed":[149,226],"code-level":[150],"metrics":[151],"used":[155],"establish":[157],"linguistic":[159],"terms":[160],"express":[162],"levels":[164],"impact":[167],"subjectively.":[168],"apply":[170,201],"nested":[171],"FLS":[172],"combine":[174],"from":[176],"multiple":[177],"single":[182],"value":[183],"representing":[184],"overall":[186],"risk.":[187],"evaluate":[189],"our":[190],"with":[192],"three":[193],"real-world":[194],"implemented":[197],"PHP,":[199],"SQL":[203],"Injection":[204],"(SQLI)":[205],"Cross-Site":[207],"Scripting":[208],"(XSS),":[209],"two":[211],"most":[212],"widely":[213],"reported":[214],"today's":[217],"The":[220],"initial":[221],"results":[222],"indicate":[223],"effectively":[229],"high":[231],"risks":[232],"present":[233]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}