English
Related papers

Related papers: Preventing SQL Injection attack using pattern matc…

200 papers

Natural language interfaces to structured databases are becoming increasingly common, largely due to advances in large language models (LLMs) that enable users to query data using conversational input rather than formal query languages such…

Cryptography and Security · Computer Science 2026-05-12 Farzad Nourmohammadzadeh Motlagh , Mehrdad Hajizadeh , Mehryar Majd , Pejman Najafi , Feng Cheng , Christoph Meinel

Fault Injection is the study of observing how systems behave under unusual stress, environmental or otherwise. In practice, fault injection involves testing the limits of computer systems and finding novel ways to potentially break…

Cryptography and Security · Computer Science 2025-09-24 Christopher Simon Liu , Fan Wang , Patrick Gould , Carter Yagemann

This work explores injection attacks against password managers. In this setting, the adversary (only) controls their own application client, which they use to "inject" chosen payloads to a victim's client via, for example, sharing…

Cryptography and Security · Computer Science 2024-08-14 Andrés Fábrega , Armin Namavari , Rachit Agarwal , Ben Nassi , Thomas Ristenpart

Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today's ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine…

Cryptography and Security · Computer Science 2023-04-25 Balazs Pejo , Nikolett Kapui

Large Language Models (LLMs) have found widespread applications in various domains, including web applications, where they facilitate human interaction via chatbots with natural language interfaces. Internally, aided by an LLM-integration…

Cryptography and Security · Computer Science 2025-01-29 Rodrigo Pedro , Daniel Castro , Paulo Carreira , Nuno Santos

This work focuses on validation of attack pattern mining in the context of Industrial Control System (ICS) security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose…

Cryptography and Security · Computer Science 2025-08-07 Muhammad Azmi Umer , Chuadhry Mujeeb Ahmed , Aditya Mathur , Muhammad Taha Jilani

We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization…

Cryptography and Security · Computer Science 2016-08-11 Federico De Meo , Marco Rocchetto , Luca Viganò

This paper considers a method of coding the sensor outputs in order to detect stealthy false data injection attacks. An intelligent attacker can design a sequence of data injection to sensors and actuators that pass the state estimator and…

Cryptography and Security · Computer Science 2016-11-17 Fei Miao , Quanyan Zhu , Miroslav Pajic , George J. Pappas

This paper describes an advanced SQL injection technique where DNS resolution process is exploited for retrieval of malicious SQL query results. Resulting DNS requests are intercepted by attackers themselves at the controlled remote name…

Cryptography and Security · Computer Science 2013-03-14 Miroslav Stampar

Detecting SQL Injection (SQLi) attacks is crucial for web-based data center security, but it is challenging to balance accuracy and computational efficiency, especially in high-speed networks. Traditional methods struggle with this balance,…

Cryptography and Security · Computer Science 2024-10-28 Kasim Tasdemir , Rafiullah Khan , Fahad Siddiqui , Sakir Sezer , Fatih Kurugollu , Sena Busra Yengec-Tasdemir , Alperen Bolat

Database fingerprinting have been widely adopted to prevent unauthorized sharing of data and identify the source of data leakages. Although existing schemes are robust against common attacks, like random bit flipping and subset attack,…

Cryptography and Security · Computer Science 2021-07-23 Tianxi Ji , Emre Yilmaz , Erman Ayday , Pan Li

Discovering statistically significant patterns from databases is an important challenging problem. The main obstacle of this problem is in the difficulty of taking into account the selection bias, i.e., the bias arising from the fact that…

Machine Learning · Statistics 2016-03-10 Shinya Suzumura , Kazuya Nakagawa , Mahito Sugiyama , Koji Tsuda , Ichiro Takeuchi

Injection attacks have been a major threat to web applications. Despite the significant effort in thwarting injection attacks, protection against injection attacks remains challenging due to the sophisticated attacks that exploit the…

Cryptography and Security · Computer Science 2021-09-20 Meng Wang , Chijung Jung , Ali Ahad , Yonghwi Kwon

Large language models (LLMs) have shown state-of-the-art results in translating natural language questions into SQL queries (Text-to-SQL), a long-standing challenge within the database community. However, security concerns remain largely…

Cryptography and Security · Computer Science 2025-09-09 Meiyu Lin , Haichuan Zhang , Jiale Lao , Renyuan Li , Yuanchun Zhou , Carl Yang , Yang Cao , Mingjie Tang

NoSQL Injection attacks are a class of cybersecurity attacks where an attacker sends a specifically engineered query to a NoSQL database which then performs an unauthorized operation. To defend against such attacks, rule based systems were…

Cryptography and Security · Computer Science 2026-01-21 Shaunak Perni , Minal Shirodkar , Ramdas Karmalli

Many Web Application Firewalls (WAFs) leverage the OWASP CRS to block incoming malicious requests. The CRS consists of different sets of rules designed by domain experts to detect well-known web attack patterns. Both the set of rules and…

Web services are software systems designed for supporting interoperable dynamic cross-enterprise interactions. The result of attacks to Web services can be catastrophic and causing the disclosure of enterprises' confidential data. As new…

Cryptography and Security · Computer Science 2016-05-23 Reyhaneh Ghassem Esfahani , Mohammad Abadollahi Azgomi , Reza Fathi

NoSQL data storage systems have become very popular due to their scalability and ease of use. This paper examines the maturity of security measures for NoSQL databases, addressing their new query and access mechanisms. For example the…

Cryptography and Security · Computer Science 2015-06-15 Aviv Ron , Alexandra Shulman-Peleg , Emanuel Bronshtein

Supply chain attacks significantly threaten software security with malicious code injections within legitimate projects. Such attacks are very rare but may have a devastating impact. Detecting spurious code injections using automated tools…

Software Engineering · Computer Science 2025-10-28 Maor Reuben , Ido Mendel , Or Feldman , Moshe Kravchik , Mordehai Guri , Rami Puzis

Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more…

Cryptography and Security · Computer Science 2019-12-05 Nguyen Hong Son , Ha Thanh Dung