SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4385270028> ?p ?o ?g. }

Showing items 1 to 78 of 78 with 100 items per page.

W4385270028 abstract "SQL Injection (SQLI) is a pervasive web attack where a malicious input is used to dynamically build SQL queries in a way that tricks the database (DB) engine into performing unintended harmful operations. Among many potential exploitations, an attacker may opt to exfiltrate the application data. The exfiltration process is straightforward when the web application responds to injected queries with their results. In case the content is not exposed, the adversary can still deduce it using Blind SQLI (BSQLI), an inference technique based on response differences or time delays. Unfortunately, a common drawback of BSQLI is its low inference rate (one bit per request), which severely limits the volume of data that can be extracted this way. To address this limitation, the state-of-the-art BSQLI tools optimize the inference of textual data with binary search. However, this approach has two major limitations: it assumes a uniform distribution of characters and does not take into account the history of previously inferred characters. Consequently, the technique is inefficient for natural languages used ubiquitously in DBs. This paper presents Hakuin - a new framework for optimizing BSQLI with probabilistic language models. Hakuin employs domain-specific pre-trained and adaptive models to predict the next characters based on the inference history and prioritizes characters with a higher probability of being the right ones. It also tracks statistical information to opportunistically guess strings as a whole instead of inferring the characters separately. We benchmark Hakuin against 3 state-of-the-art BSQLI tools using 20 industry-standard DB schemas and a generic DB. The results show that Hakuin is about 6 times more efficient in inferring schemas, up to 3.2 times more efficient with generic data, and up to 26 times more efficient on columns with limited values compared to the second-best performing tool. To the best of our knowledge, Hakuin is the first solution that combines domain-specific pre-trained and adaptive language models to optimize BSQLI. We release its full source code, datasets, and language models to facilitate further research." @default.
W4385270028 created "2023-07-27" @default.
W4385270028 creator A5034129709 @default.
W4385270028 creator A5049959963 @default.
W4385270028 date "2023-05-01" @default.
W4385270028 modified "2023-09-25" @default.
W4385270028 title "Hakuin: Optimizing Blind SQL Injection with Probabilistic Language Models" @default.
W4385270028 cites W1648477960 @default.
W4385270028 cites W2003660285 @default.
W4385270028 cites W2008857097 @default.
W4385270028 cites W2060108852 @default.
W4385270028 cites W2065555413 @default.
W4385270028 cites W2124418290 @default.
W4385270028 cites W2128962261 @default.
W4385270028 cites W2147478478 @default.
W4385270028 cites W2158267769 @default.
W4385270028 cites W2166381878 @default.
W4385270028 cites W2339647006 @default.
W4385270028 cites W2963314580 @default.
W4385270028 cites W3115224653 @default.
W4385270028 cites W4249982130 @default.
W4385270028 doi "https://doi.org/10.1109/spw59333.2023.00039" @default.
W4385270028 hasPublicationYear "2023" @default.
W4385270028 type Work @default.
W4385270028 citedByCount "0" @default.
W4385270028 crossrefType "proceedings-article" @default.
W4385270028 hasAuthorship W4385270028A5034129709 @default.
W4385270028 hasAuthorship W4385270028A5049959963 @default.
W4385270028 hasConcept C119857082 @default.
W4385270028 hasConcept C124101348 @default.
W4385270028 hasConcept C13280743 @default.
W4385270028 hasConcept C137293760 @default.
W4385270028 hasConcept C150451098 @default.
W4385270028 hasConcept C154945302 @default.
W4385270028 hasConcept C164120249 @default.
W4385270028 hasConcept C185798385 @default.
W4385270028 hasConcept C194222762 @default.
W4385270028 hasConcept C205649164 @default.
W4385270028 hasConcept C23123220 @default.
W4385270028 hasConcept C2776214188 @default.
W4385270028 hasConcept C41008148 @default.
W4385270028 hasConcept C49937458 @default.
W4385270028 hasConcept C510870499 @default.
W4385270028 hasConcept C77088390 @default.
W4385270028 hasConcept C97854310 @default.
W4385270028 hasConceptScore W4385270028C119857082 @default.
W4385270028 hasConceptScore W4385270028C124101348 @default.
W4385270028 hasConceptScore W4385270028C13280743 @default.
W4385270028 hasConceptScore W4385270028C137293760 @default.
W4385270028 hasConceptScore W4385270028C150451098 @default.
W4385270028 hasConceptScore W4385270028C154945302 @default.
W4385270028 hasConceptScore W4385270028C164120249 @default.
W4385270028 hasConceptScore W4385270028C185798385 @default.
W4385270028 hasConceptScore W4385270028C194222762 @default.
W4385270028 hasConceptScore W4385270028C205649164 @default.
W4385270028 hasConceptScore W4385270028C23123220 @default.
W4385270028 hasConceptScore W4385270028C2776214188 @default.
W4385270028 hasConceptScore W4385270028C41008148 @default.
W4385270028 hasConceptScore W4385270028C49937458 @default.
W4385270028 hasConceptScore W4385270028C510870499 @default.
W4385270028 hasConceptScore W4385270028C77088390 @default.
W4385270028 hasConceptScore W4385270028C97854310 @default.
W4385270028 hasLocation W43852700281 @default.
W4385270028 hasOpenAccess W4385270028 @default.
W4385270028 hasPrimaryLocation W43852700281 @default.
W4385270028 hasRelatedWork W1996040862 @default.
W4385270028 hasRelatedWork W2164896250 @default.
W4385270028 hasRelatedWork W2347219288 @default.
W4385270028 hasRelatedWork W2368606217 @default.
W4385270028 hasRelatedWork W2368836186 @default.
W4385270028 hasRelatedWork W2406562224 @default.
W4385270028 hasRelatedWork W2751450447 @default.
W4385270028 hasRelatedWork W2752911054 @default.
W4385270028 hasRelatedWork W2997473338 @default.
W4385270028 hasRelatedWork W970438980 @default.
W4385270028 isParatext "false" @default.
W4385270028 isRetracted "false" @default.
W4385270028 workType "article" @default.