{"id":"https://openalex.org/W4403577333","doi":"https://doi.org/10.1145/3627673.3680102","title":"<scp>XploitSQL:</scp> Advancing Adversarial SQL Injection Attack Generation with Language Models and Reinforcement Learning","display_name":"<scp>XploitSQL:</scp> Advancing Adversarial SQL Injection Attack Generation with Language Models and Reinforcement Learning","publication_year":2024,"publication_date":"2024-10-20","ids":{"openalex":"https://openalex.org/W4403577333","doi":"https://doi.org/10.1145/3627673.3680102"},"language":"en","primary_location":{"id":"doi:10.1145/3627673.3680102","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3627673.3680102","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on Information and Knowledge Management","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042398741","display_name":"D.N.K. Leung","orcid":null},"institutions":[{"id":"https://openalex.org/I18014758","display_name":"Simon Fraser University","ror":"https://ror.org/0213rcc28","country_code":"CA","type":"education","lineage":["https://openalex.org/I18014758"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Daniel Leung","raw_affiliation_strings":["School of Computing Science, Simon Fraser University, Burnaby, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, Simon Fraser University, Burnaby, Canada","institution_ids":["https://openalex.org/I18014758"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107853602","display_name":"O. D. Tsai","orcid":"https://orcid.org/0000-0002-6335-3335"},"institutions":[{"id":"https://openalex.org/I18014758","display_name":"Simon Fraser University","ror":"https://ror.org/0213rcc28","country_code":"CA","type":"education","lineage":["https://openalex.org/I18014758"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Omar Tsai","raw_affiliation_strings":["School of Computing Science, Simon Fraser University, Burnaby, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, Simon Fraser University, Burnaby, Canada","institution_ids":["https://openalex.org/I18014758"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114337218","display_name":"Kourosh Hashemi","orcid":null},"institutions":[{"id":"https://openalex.org/I18014758","display_name":"Simon Fraser University","ror":"https://ror.org/0213rcc28","country_code":"CA","type":"education","lineage":["https://openalex.org/I18014758"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Kourosh Hashemi","raw_affiliation_strings":["School of Computing Science, Simon Fraser University, Burnaby, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, Simon Fraser University, Burnaby, Canada","institution_ids":["https://openalex.org/I18014758"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114337219","display_name":"Bardia Tayebi","orcid":null},"institutions":[{"id":"https://openalex.org/I39268498","display_name":"University of Isfahan","ror":"https://ror.org/05h9t7759","country_code":"IR","type":"education","lineage":["https://openalex.org/I39268498"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Bardia Tayebi","raw_affiliation_strings":["School of Computing Science, University of Isfahan, Isfahan, Iran"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, University of Isfahan, Isfahan, Iran","institution_ids":["https://openalex.org/I39268498"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060953615","display_name":"Mohammad A. Tayebi","orcid":"https://orcid.org/0009-0006-8689-9038"},"institutions":[{"id":"https://openalex.org/I18014758","display_name":"Simon Fraser University","ror":"https://ror.org/0213rcc28","country_code":"CA","type":"education","lineage":["https://openalex.org/I18014758"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad A. Tayebi","raw_affiliation_strings":["School of Computing Science, Simon Fraser University, Burnaby, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, Simon Fraser University, Burnaby, Canada","institution_ids":["https://openalex.org/I18014758"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5042398741"],"corresponding_institution_ids":["https://openalex.org/I18014758"],"apc_list":null,"apc_paid":null,"fwci":3.8886,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.94392746,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"4653","last_page":"4660"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9739000201225281,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7342758178710938},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7270276546478271},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.6625831127166748},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.5429953336715698},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.49498432874679565},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40613308548927307},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3489009737968445},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.19632163643836975},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.12160563468933105}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7342758178710938},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7270276546478271},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.6625831127166748},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.5429953336715698},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.49498432874679565},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40613308548927307},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3489009737968445},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.19632163643836975},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.12160563468933105},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3627673.3680102","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3627673.3680102","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on Information and Knowledge Management","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1981276685","https://openalex.org/W2095293449","https://openalex.org/W2339647006","https://openalex.org/W2402479794","https://openalex.org/W2404532944","https://openalex.org/W2806386754","https://openalex.org/W2810065972","https://openalex.org/W2909968136","https://openalex.org/W2912204801","https://openalex.org/W2946129952","https://openalex.org/W2963329071","https://openalex.org/W2965568183","https://openalex.org/W2993498479","https://openalex.org/W2998114121","https://openalex.org/W3098102491","https://openalex.org/W3159282615","https://openalex.org/W3181277865","https://openalex.org/W3201367946","https://openalex.org/W4388115665","https://openalex.org/W4390659426"],"related_works":["https://openalex.org/W3107810407","https://openalex.org/W2571113418","https://openalex.org/W2359391484","https://openalex.org/W4206678297","https://openalex.org/W3196457791","https://openalex.org/W2133089983","https://openalex.org/W3202423697","https://openalex.org/W4385682279","https://openalex.org/W4372049114","https://openalex.org/W2915735776"],"abstract_inverted_index":{"SQL":[0,12,43,118,163],"injection":[1,44,119,164],"(SQLi)":[2],"compromises":[3],"database-driven":[4],"applications":[5],"by":[6,121,188],"enabling":[7],"attackers":[8],"to":[9,19,63,82,91,115,132],"insert":[10],"malicious":[11],"commands":[13],"via":[14],"input":[15],"fields,":[16],"potentially":[17],"leading":[18],"unauthorized":[20],"access,":[21],"data":[22],"manipulation,":[23],"or":[24],"system":[25],"compromise.":[26],"In":[27,107],"recent":[28],"years,":[29],"alongside":[30],"the":[31,54,92,100,138,154,157],"development":[32],"of":[33,56,94,102,140,156],"various":[34],"rule-based":[35],"Web":[36],"Application":[37],"Firewalls":[38],"(WAFs)":[39],"aimed":[40],"at":[41],"mitigating":[42,78],"attacks,":[45],"there":[46],"has":[47,70],"also":[48],"been":[49,71],"a":[50,84,103],"notable":[51],"rise":[52],"in":[53,73,167],"utilization":[55],"machine":[57],"learning":[58,61],"and":[59,77,125,144],"deep":[60],"techniques":[62],"address":[64],"this":[65,108],"issue.":[66],"Although":[67],"significant":[68,85],"progress":[69],"made":[72],"these":[74],"studies,":[75],"detecting":[76],"SQLi-related":[79],"attacks":[80],"continues":[81],"present":[83],"challenge.":[86],"A":[87],"crucial":[88],"factor":[89],"contributing":[90],"lack":[93],"extensive":[95],"SQLi":[96,135,141],"detection":[97,142,150,165,177,179],"solutions":[98],"is":[99,130],"absence":[101],"comprehensive":[104,149],"testing":[105],"methodology.":[106],"work,":[109],"we":[110,160],"introduce":[111],"XploitSQL-an":[112],"innovative":[113],"approach":[114],"advance":[116],"adversarial":[117],"generation":[120],"leveraging":[122],"language":[123],"models":[124,143,166],"reinforcement":[126],"learning.":[127],"Our":[128],"model":[129,192],"trained":[131],"produce":[133],"evasive":[134,185],"samples,":[136],"enhancing":[137],"robustness":[139],"offering":[145],"opportunities":[146],"for":[147,196],"more":[148],"strategies.":[151],"To":[152],"assess":[153],"efficacy":[155],"proposed":[158],"method,":[159],"employed":[161],"state-of-the-art":[162],"conjunction":[168],"with":[169,184],"commercially":[170],"available":[171],"web-based":[172],"firewalls.":[173],"Across":[174],"all":[175],"tested":[176],"models,":[178],"rates":[180],"declined":[181],"when":[182],"faced":[183],"samples":[186],"generated":[187],"XploitSQL.":[189],"Furthermore,":[190],"our":[191],"outperforms":[193],"existing":[194],"methods":[195],"generating":[197],"attack":[198],"samples.":[199]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2025-10-10T00:00:00"}