Publication: Analyzing SQL Injection Statements Using Common Substructure of Parse Tree
Issued Date
2018-08-21
Resource Type
Other identifier(s)
2-s2.0-85053469714
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
ICSEC 2017 - 21st International Computer Science and Engineering Conference 2017, Proceeding. (2018), 19-23
Suggested Citation
Warradorn Sirisang, Vasin Suttichaya Analyzing SQL Injection Statements Using Common Substructure of Parse Tree. ICSEC 2017 - 21st International Computer Science and Engineering Conference 2017, Proceeding. (2018), 19-23. doi:10.1109/ICSEC.2017.8443774 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/45591
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Analyzing SQL Injection Statements Using Common Substructure of Parse Tree
Author(s)
Other Contributor(s)
Abstract
© 2017 IEEE. This paper proposes a SQL injection detection method by analyzing substructure of SQL statement. The proposed method consists of 2 parts, Automated Common Substructure Extracting (ACSE) and Parse Tree Substructure Matching (PTSM). ACSE attempts to extract the duplicated substructures that appear in parse trees of SQL injection statements. PTSM uses the extracted parse tree from ACSE for identifying malicious portions in user's input statements. It also calculates the similarity between the common substructure and input statements. Experimental results show that the proposed method gains an accuracy greater than 90 percent.