期刊文献+
共找到6篇文章
< 1 >
每页显示 20 50 100
Structured Query Language Injection Penetration Test Case Generation Based on Formal Description
1
作者 韩明 苗长云 《Journal of Donghua University(English Edition)》 EI CAS 2015年第3期446-452,共7页
Aiming to improve the Structured Query Language( SQL) injection penetration test accuracy through the formalismguided test case generation,an attack purpose based attack tree model of SQL injection is proposed,and the... Aiming to improve the Structured Query Language( SQL) injection penetration test accuracy through the formalismguided test case generation,an attack purpose based attack tree model of SQL injection is proposed,and then under the guidance of this model, the formal descriptions for the SQL injection vulnerability feature and SQL injection attack inputs are established. Moreover,according to new coverage criteria,these models are instantiated and the executable test cases are generated.Experiments show that compared with the random enumerated test case used in other works,the test case generated by our method can detect the SQL injection vulnerability more effectively. Therefore,the false negative is reduced and the test accuracy is improved. 展开更多
关键词 software security penetration test web application structured query language(SQL) injection test case
下载PDF
Application of Recursive Query on Structured Query Language Server
2
作者 荀雪莲 ABHIJIT Sen 姚志强 《Journal of Donghua University(English Edition)》 CAS 2023年第1期68-73,共6页
The advantage of recursive programming is that it is very easy to write and it only requires very few lines of code if done correctly.Structured query language(SQL)is a database language and is used to manipulate data... The advantage of recursive programming is that it is very easy to write and it only requires very few lines of code if done correctly.Structured query language(SQL)is a database language and is used to manipulate data.In Microsoft SQL Server 2000,recursive queries are implemented to retrieve data which is presented in a hierarchical format,but this way has its disadvantages.Common table expression(CTE)construction introduced in Microsoft SQL Server 2005 provides the significant advantage of being able to reference itself to create a recursive CTE.Hierarchical data structures,organizational charts and other parent-child table relationship reports can easily benefit from the use of recursive CTEs.The recursive query is illustrated and implemented on some simple hierarchical data.In addition,one business case study is brought forward and the solution using recursive query based on CTE is shown.At the same time,stored procedures are programmed to do the recursion in SQL.Test results show that recursive queries based on CTEs bring us the chance to create much more complex queries while retaining a much simpler syntax. 展开更多
关键词 structured query language(SQL)server common table expression(CTE) recursive query stored procedure hierarchical data
下载PDF
A New Database Intrusion Detection Approach Based on Hybrid Meta-Heuristics 被引量:9
3
作者 Youseef Alotaibi 《Computers, Materials & Continua》 SCIE EI 2021年第2期1879-1895,共17页
A new secured database management system architecture using intrusion detection systems(IDS)is proposed in this paper for organizations with no previous role mapping for users.A simple representation of Structured Que... A new secured database management system architecture using intrusion detection systems(IDS)is proposed in this paper for organizations with no previous role mapping for users.A simple representation of Structured Query Language queries is proposed to easily permit the use of the worked clustering algorithm.A new clustering algorithm that uses a tube search with adaptive memory is applied to database log files to create users’profiles.Then,queries issued for each user are checked against the related user profile using a classifier to determine whether or not each query is malicious.The IDS will stop query execution or report the threat to the responsible person if the query is malicious.A simple classifier based on the Euclidean distance is used and the issued query is transformed to the proposed simple representation using a classifier,where the Euclidean distance between the centers and the profile’s issued query is calculated.A synthetic data set is used for our experimental evaluations.Normal user access behavior in relation to the database is modelled using the data set.The false negative(FN)and false positive(FP)rates are used to compare our proposed algorithm with other methods.The experimental results indicate that our proposed method results in very small FN and FP rates. 展开更多
关键词 Adaptive search memory clustering database management system(DBMS) intrusion detection system(IDS) quiplets structured query language(SQL) tube search
下载PDF
A visual analytics workflow for probabilistic modeling 被引量:2
4
作者 Julien Klaus Mark Blacher +2 位作者 Andreas Goral Philipp Lucas Joachim Giesen 《Visual Informatics》 EI 2023年第2期72-84,共13页
Probabilistic programming is a powerful means for formally specifying machine learning models.The inference engine of a probabilistic programming environment can be used for serving complex queries on these models.Mos... Probabilistic programming is a powerful means for formally specifying machine learning models.The inference engine of a probabilistic programming environment can be used for serving complex queries on these models.Most of the current research in probabilistic programming is dedicated to the design and implementation of highly efficient inference engines.Much less research aims at making the power of these inference engines accessible to non-expert users.Probabilistic programming means writing code.Yet many potential users from promising application areas such as the social sciences lack programming skills.This prompted recent efforts in synthesizing probabilistic programs directly from data.However,working with synthesized programs still requires the user to read,understand,and write some code,for instance,when invoking the inference engine for answering queries.Here,we present an interactive visual approach to synthesizing and querying probabilistic programs that does not require the user to read or write code. 展开更多
关键词 Probabilistic inference Bayesian network structured query language Table-based visualization
原文传递
LotusSQL:SQL Engine for High-Performance Big Data Systems 被引量:1
5
作者 Xiaohan Li Bowen Yu +2 位作者 Guanyu Feng Haojie Wang Wenguang Chen 《Big Data Mining and Analytics》 EI 2021年第4期252-265,共14页
In recent years,Apache Spark has become the de facto standard for big data processing.SparkSQL is a module offering support for relational analysis on Spark with Structured Query Language(SQL).SparkSQL provides conven... In recent years,Apache Spark has become the de facto standard for big data processing.SparkSQL is a module offering support for relational analysis on Spark with Structured Query Language(SQL).SparkSQL provides convenient data processing interfaces.Despite its efficient optimizer,SparkSQL still suffers from the inefficiency of Spark resulting from Java virtual machine and the unnecessary data serialization and deserialization.Adopting native languages such as C++could help to avoid such bottlenecks.Benefiting from a bare-metal runtime environment and template usage,systems with C++interfaces usually achieve superior performance.However,the complexity of native languages also increases the required programming and debugging efforts.In this work,we present LotusSQL,an engine to provide SQL support for dataset abstraction on a native backend Lotus.We employ a convenient SQL processing framework to deal with frontend jobs.Advanced query optimization technologies are added to improve the quality of execution plans.Above the storage design and user interface of the compute engine,LotusSQL implements a set of structured dataset operations with high efficiency and integrates them with the frontend.Evaluation results show that LotusSQL achieves a speedup of up to 9 in certain queries and outperforms Spark SQL in a standard query benchmark by more than 2 on average. 展开更多
关键词 big data C++ structured query language(SQL) query optimization
原文传递
Lom: Discovering Logic Flaws Within MongoDB-based Web Applications
6
作者 Shuo Wen Yuan Xue +4 位作者 Jing Xu Li-Ying Yuan Wen-Li Song Hong-Ji Yang Guan-Nan Si 《International Journal of Automation and computing》 EI CSCD 2017年第1期106-118,共13页
Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query ... Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness. 展开更多
关键词 Logic flaw web application security not only structured query language (NoSQL) database BLACK-BOX MougoDB.
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部