ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
Wed 30 Oct 2024 14:30 - 14:40 at Compagno - Anomaly and fault detection Chair(s): Xing Hu

SQL injection attacks have posed a significant threat to web applications for decades. They obfuscate malicious codes into natural SQL statements so as to steal sensitive data, making them difficult to detect. Generally, malicious signals can be identified by using the contextual information of SQL statements. Such contextual information, however, is not always easily captured. Due to the fact that SQL as a formal language is highly structured, two tokens that are spatially far away may be semantically very close. An effective approach thus should take the structural feature of SQL statements into account when modeling their contextual information. In this paper, we present a novel abstract syntax tree-based neural network approach named Trident for effectively detecting SQL injection attacks. Benefiting from the structural feature delivered by ASTs, Trident realizes superior modeling of contextual information via tree-based positional embedding and well-designed neural networks. Trident is widely evaluated on a public SQL injection dataset and an adversarial sample dataset. The results demonstrate that Trident can significantly outperform the baselines.

Wed 30 Oct

Displayed time zone: Pacific Time (US & Canada) change

13:30 - 15:00
Anomaly and fault detectionResearch Papers / NIER Track at Compagno
Chair(s): Xing Hu Zhejiang University
13:30
15m
Talk
SLIM: a Scalable and Interpretable Light-weight Fault Localization Algorithm for Imbalanced Data in Microservice
Research Papers
Rui Ren DAMO Academy, Alibaba Group Hangzhou, China, Jingbang Yang DAMO Academy, Alibaba Group Hangzhou, China, Linxiao Yang DAMO Academy, Alibaba Group Hangzhou, China, Xinyue Gu DAMO Academy, Alibaba Group Hangzhou, China, Liang Sun DAMO Academy, Alibaba Group Hangzhou, China
13:45
15m
Talk
ART: A Unified Unsupervised Framework for Incident Management in Microservice Systems
Research Papers
Yongqian Sun Nankai University, Binpeng Shi Nankai University, Mingyu Mao Nankai University, Minghua Ma Microsoft Research, Sibo Xia Nankai University, Shenglin Zhang Nankai University, Dan Pei Tsinghua University
14:00
15m
Talk
Detecting and Explaining Anomalies Caused by Web Tamper Attacks via Building Consistency-based Normality
Research Papers
Yifan Liao Shanghai Jiao Tong University / National University of Singapore, Ming Xu Shanghai Jiao Tong University / National University of Singapore, Yun Lin Shanghai Jiao Tong University, Xiwen Teoh National University of Singapore, Xiaofei Xie Singapore Management University, Ruitao Feng Singapore Management University, Frank Liauw Government Technology Agency Singapore, Hongyu Zhang Chongqing University, Jin Song Dong National University of Singapore
DOI Pre-print
14:15
15m
Talk
End-to-End AutoML for Unsupervised Log Anomaly Detection
Research Papers
Shenglin Zhang Nankai University, Yuhe Ji Nankai University, Jiaqi Luan Nankai University, Xiaohui Nie Computer Network Information Center at Chinese Academy of Sciences, Zi`ang Cheng Nankai University, Minghua Ma Microsoft Research, Yongqian Sun Nankai University, Dan Pei Tsinghua University
14:30
10m
Talk
Trident: Detecting SQL Injection Attacks via Abstract Syntax Tree-based Neural Network
NIER Track
Yuanlin Li Tsinghua University, Zhiwei Xu Tsinghua University, Min Zhou Tsinghua University, Hai Wan Tsinghua University, Xibin Zhao Tsinghua University
14:40
10m
Talk
A vision on a methodology for the application of an Intrusion Detection System for satellites
NIER Track
Sébastien Gios UCLouvain, Charles-Henry Bertrand Van Ouytsel UCLouvain, Mark Diamantino Caribé Telespazio - ESA, Axel Legay Université Catholique de Louvain, Belgium
DOI