{"id":"https://openalex.org/W4404386310","doi":"https://doi.org/10.1145/3698038.3698569","title":"SQLStateGuard: Statement-Level SQL Injection Defense Based on Learning-Driven Middleware","display_name":"SQLStateGuard: Statement-Level SQL Injection Defense Based on Learning-Driven Middleware","publication_year":2024,"publication_date":"2024-11-14","ids":{"openalex":"https://openalex.org/W4404386310","doi":"https://doi.org/10.1145/3698038.3698569"},"language":"en","primary_location":{"id":"doi:10.1145/3698038.3698569","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3698038.3698569","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Symposium on Cloud Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100352330","display_name":"Xin Liu","orcid":"https://orcid.org/0000-0003-3685-4852"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xin Liu","raw_affiliation_strings":["School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070243272","display_name":"Yuanyuan Huang","orcid":"https://orcid.org/0000-0002-7465-773X"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuanyuan Huang","raw_affiliation_strings":["School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108362264","display_name":"Tianyi Wang","orcid":"https://orcid.org/0000-0003-0349-9444"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tianyi Wang","raw_affiliation_strings":["School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100448208","display_name":"Song Li","orcid":"https://orcid.org/0000-0002-7961-8502"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Song Li","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029715489","display_name":"Weina Niu","orcid":"https://orcid.org/0000-0002-3235-3463"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weina Niu","raw_affiliation_strings":["School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, Sichuan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, Sichuan, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031318875","display_name":"Jun Shen","orcid":"https://orcid.org/0000-0002-9403-7140"},"institutions":[{"id":"https://openalex.org/I204824540","display_name":"University of Wollongong","ror":"https://ror.org/00jtmb277","country_code":"AU","type":"education","lineage":["https://openalex.org/I204824540"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jun Shen","raw_affiliation_strings":["School of Computing and Information Technology, University of Wollongong, Wollongong, New South Wales, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computing and Information Technology, University of Wollongong, Wollongong, New South Wales, Australia","institution_ids":["https://openalex.org/I204824540"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100604365","display_name":"Qingguo Zhou","orcid":"https://orcid.org/0000-0001-8054-5446"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingguo Zhou","raw_affiliation_strings":["School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science &amp; Engineering, Lanzhou University, Lanzhou, Gansu, China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055675863","display_name":"Xiaokang Zhou","orcid":"https://orcid.org/0000-0003-3488-4679"},"institutions":[{"id":"https://openalex.org/I56624758","display_name":"Kansai University","ror":"https://ror.org/03xg1f311","country_code":"JP","type":"education","lineage":["https://openalex.org/I56624758"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Xiaokang Zhou","raw_affiliation_strings":["Kansai University, Suita, Osaka, Japan"],"affiliations":[{"raw_affiliation_string":"Kansai University, Suita, Osaka, Japan","institution_ids":["https://openalex.org/I56624758"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5100352330"],"corresponding_institution_ids":["https://openalex.org/I76214153"],"apc_list":null,"apc_paid":null,"fwci":0.7697,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.80549354,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"69","last_page":"82"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.979200005531311,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.800809383392334},{"id":"https://openalex.org/keywords/middleware","display_name":"Middleware (distributed applications)","score":0.6444593667984009},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.5798365473747253},{"id":"https://openalex.org/keywords/statement","display_name":"Statement (logic)","score":0.5589785575866699},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.46288251876831055},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4409029483795166},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3939429521560669},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.36613500118255615},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.22799262404441833},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.20990416407585144}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.800809383392334},{"id":"https://openalex.org/C169468491","wikidata":"https://www.wikidata.org/wiki/Q146923","display_name":"Middleware (distributed applications)","level":2,"score":0.6444593667984009},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.5798365473747253},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.5589785575866699},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.46288251876831055},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4409029483795166},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3939429521560669},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.36613500118255615},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.22799262404441833},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.20990416407585144},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3698038.3698569","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3698038.3698569","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Symposium on Cloud Computing","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1648477960","https://openalex.org/W2001693166","https://openalex.org/W2037786632","https://openalex.org/W2038571043","https://openalex.org/W2059490789","https://openalex.org/W2064675550","https://openalex.org/W2064703126","https://openalex.org/W2119852587","https://openalex.org/W2793144087","https://openalex.org/W2913334908","https://openalex.org/W2953311462","https://openalex.org/W2972622000","https://openalex.org/W2978612193","https://openalex.org/W2981342642","https://openalex.org/W2998114121","https://openalex.org/W2998857817","https://openalex.org/W3113828717","https://openalex.org/W3127240323","https://openalex.org/W3135398540","https://openalex.org/W4232999396","https://openalex.org/W4240951837","https://openalex.org/W4280652331","https://openalex.org/W4296912097","https://openalex.org/W4296915681","https://openalex.org/W4313561542","https://openalex.org/W4324067030"],"related_works":["https://openalex.org/W3107810407","https://openalex.org/W2571113418","https://openalex.org/W2359391484","https://openalex.org/W4206678297","https://openalex.org/W3196457791","https://openalex.org/W2133089983","https://openalex.org/W3202423697","https://openalex.org/W4385682279","https://openalex.org/W4372049114","https://openalex.org/W2915735776"],"abstract_inverted_index":{"SQL":[0,15,45,58,71,93,96,123,135,162,173,180],"injection":[1,46,163],"is":[2],"a":[3,56,80,121,151],"significant":[4],"and":[5,29,114,130,158],"persistent":[6],"threat":[7],"to":[8,49,68,134,144],"web":[9],"services.":[10],"Most":[11],"existing":[12,112],"protections":[13],"against":[14],"injections":[16],"rely":[17],"on":[18,61,85],"traffic-level":[19],"anomaly":[20],"detection,":[21],"which":[22],"often":[23],"results":[24],"in":[25],"high":[26],"false-positive":[27],"rates":[28],"can":[30,116],"be":[31],"easily":[32],"bypassed":[33],"by":[34,78,176],"attackers.":[35],"This":[36,147],"paper":[37,148],"introduces":[38],"SQLStateGuard,":[39],"the":[40,62,95,104,118,166,177],"world's":[41],"first":[42],"middleware-driven":[43],"statement-level":[44,161],"defense":[47],"approach,":[48],"address":[50],"these":[51],"issues.":[52],"The":[53],"SQLStateGuard":[54,108,126,157],"uses":[55],"custom":[57],"middleware":[59,97],"based":[60,84],"idea":[63],"of":[64,107,120,179],"Runtime":[65],"Application":[66],"Self-Protection":[67],"capture":[69],"raw":[70],"statements.":[72],"These":[73],"statements":[74,174],"are":[75],"then":[76],"analyzed":[77],"SQLSG-Net,":[79],"database-oriented":[81],"detection":[82,105],"network":[83],"gated":[86],"linear":[87],"units.":[88],"If":[89],"SQLSG-Net":[90],"detects":[91],"malicious":[92,172],"statements,":[94],"will":[98],"block":[99],"them.":[100],"Experiments":[101],"show":[102],"that":[103],"accuracy":[106],"exceeds":[109],"99%,":[110],"outperforming":[111],"approaches,":[113],"it":[115,139],"identify":[117],"type":[119,178],"specific":[122],"injection.":[124,181],"Additionally,":[125],"has":[127],"no":[128],"fingerprint":[129],"does":[131],"not":[132],"respond":[133],"syntax":[136],"errors,":[137],"making":[138],"more":[140],"challenging":[141],"for":[142,156],"attackers":[143],"gather":[145],"information.":[146],"also":[149],"presents":[150],"novel":[152],"dataset":[153],"generation":[154],"process":[155],"shares":[159],"two":[160],"datasets":[164],"with":[165],"research":[167],"community,":[168],"including":[169],"over":[170],"145,000":[171],"categorized":[175]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-10-10T00:00:00"}