[1] BOBERSKI M. The ten most critical Web application security risks[R]. Bel Air,MD:OWASP,2010. [2] CECCATO M,NGUYEN C D,APPELT D,et al. SOFIA:an automated security oracle for black-box testing of SQL-injection vulnerabilities[C]//Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. Piscataway:IEEE,2016:167-177. [3] ZHANG L,ZHANG D,WANG C,et al. ART4SQLi:the ART of SQL injection vulnerability discovery[J]. IEEE Transactions on Reliability,2019,68(4):1470-1489. [4] LI Q,LI W,WANG J,et al. A SQL injection detection method based on adaptive deep forest[J]. IEEE Access,2019,7:145385-145394. [5] SANTHOSH KUMAR B J, ANASWARA P P. Vulnerability detection and prevention of SQL injection[J]. International Journal of Engineering and Technology,2018,7(2):16-18. [6] 王溢, 李舟军, 郭涛. 防御代码注入式攻击的字面值污染方法[J]. 计算机研究与发展,2012,49(11):2414-2423.(WANG Y, LI Z J, GUO T. Literal tainting method for preventing code injection attack in web application[J]. Journal of Computer Research and Development,2012,49(11):2414-2423.) [7] LI L,QI J,LIU N,et al. Static-based test case dynamic generation for SQLIVs detection[C]//Proceedings of the 10th International Conference on Broadband and Wireless Computing,Communication and Applications. Piscataway:IEEE,2015:173-177. [8] SHAR L K,TAN H B K. Defeating SQL injection[J]. Computer, 2013,46(3):69-77. [9] CHOI J,KIM H,CHOI C,et al. Efficient malicious code detection using N-gram analysis and SVM[C]//Proceedings of the 14th International Conference on Network-Based Information Systems. Piscataway:IEEE,2011:618-621. [10] LEI X,QU J,YAO G,et al. Design and implementation of an automatic scanning tool of SQL injection vulnerability based on web crawler[C]//Proceedings of the 2018 International Conference on Security with Intelligent Computing and Big-data Services, AISC 895. Cham:Springer,2018:481-488. [11] FANG Y,PENG J,LIU L,et al. WOVSQLI:detection of SQL injection behaviors using word vector and LSTM[C]//Proceedings of the 2nd International Conference on Cryptography,Security and Privacy. New York:ACM,2018:170-174. [12] KOMIYA R,PAIK I,HISADA M. Classification of malicious web code by machine learning[C]//Proceedings of the 3rd International Conference on Awareness Science and Technology. Piscataway:IEEE,2011:406-411. [13] 何金栋. 基于PHP的Web应用SQL注入漏洞检测系统的设计和实现[J]. 电子测试,2017(24):72-73.(HE J D. Design and implementation of SQL injection vulnerability detection system based on PHP for Web applications[J]. Electronic Test,2017(24):72-73.) [14] KAR D, PANIGRAHI S, SUNDARARAJAN S. SQLiGoT:detecting SQL injection attacks using graph of tokens and SVM[J]. Computers and Security,2016,60:206-225. [15] MITROPOULOS D,LOURIDAS P,POLYCHRONAKIS M,et al. Defending against web application attacks:approaches, challenges and implications[J]. IEEE Transactions on Dependable and Secure Computing,2019,16(2):188-203. [16] KAUR N,KAUR P. Mitigation of SQL injection attacks using threat modeling[J]. ACM SIGSOFT Software Engineering Notes, 2014,39(6):1-6. [17] 李武军, 周志华. 大数据哈希学习:现状与趋势[J]. 科学通报, 2015,60(5/6):485-490.(LI W J,ZHOU Z H. Learning to hash for big data:current status and future trends[J]. Chinese Science Bulletin,2015,60(5/6):485-490.) [18] 李武军, 蒋庆远. 哈希学习[J]. 中国人工智能学会通讯, 2016,6(9):9-15.(LI W J,JIANG Q Y. Hash learning[J]. Chinese Association for Artificial Intelligence,2016,6(9):9-15.) [19] ANDONI A, INDYK P. Near-optimal hashing algorithms for approximate nearest neighbor in high dimensions[C]//Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science. Piscataway:IEEE,2006:459-468. [20] KONG W,LI W. Isotropic hashing[C]//Proceedings of the 25th International Conference on Neural Information Processing Systems. Red Hook,NY:Curran Associates Inc.,2012:1646-1654. [21] DEMETRIO L,VALENZA A,COSTA G,et al. WAF-A-MoLE:evading web application firewalls through adversarial machine learning[C]//Proceedings of the 35th Annual ACM Symposium on Applied Computing. New York:ACM,2020:1745-1752. |