Warradorn SirisangVasin SuttichayaMahidol University2019-08-232019-08-232018-08-21ICSEC 2017 - 21st International Computer Science and Engineering Conference 2017, Proceeding. (2018), 19-232-s2.0-85053469714https://repository.li.mahidol.ac.th/handle/20.500.14594/45591© 2017 IEEE. This paper proposes a SQL injection detection method by analyzing substructure of SQL statement. The proposed method consists of 2 parts, Automated Common Substructure Extracting (ACSE) and Parse Tree Substructure Matching (PTSM). ACSE attempts to extract the duplicated substructures that appear in parse trees of SQL injection statements. PTSM uses the extracted parse tree from ACSE for identifying malicious portions in user's input statements. It also calculates the similarity between the common substructure and input statements. Experimental results show that the proposed method gains an accuracy greater than 90 percent.Mahidol UniversityComputer ScienceConference PaperSCOPUS10.1109/ICSEC.2017.8443774