SQL injection attacks occur due to vulnerabilities in the design of queries where a malicious user can take advantage of input opportunities to insert code in the queries that modify the query-conditions resulting in unauthorized database access. We provide a novel technique to identify the possibilities of such attacks. The central theme of our technique is based on automatically developing a model for a SQL query such that the model captures the dependencies between various components (sub-queries) of the query. We, then, analyze the model using CREST test-case generator and identify the conditions under which the query corresponding to the model is deemed vulnerable. We further analyze the obtained conditionset to identify its subset; this subset being referred to as the causal set of the vulnerability. Our technique considers the semantics of the query conditions, i.e., the relationship between the conditions, and as such complements the existing techniques which only rely on syntactic structure of the SQL query. In short, our technique can detect vulnerabilities in nested SQL queries, and can provide results with no false positives or false negatives when compared to the existing techniques.
A liquid–gas foam, here called bubble array, is a ubiquitous phenomenon widely observed in daily lives, food, pharmaceutical and cosmetic products, and even bio- and nano-technologies. This intriguing phenomenon has been often studied in a well-controlled environment in laboratories, computations, or analytical models. Still, real-world bubble undergoes complex nonlinear transitions from wet to dry conditions, which are hard to describe by unified rules as a whole. Here, we show that a few early-phase snapshots of bubble array can be learned by a glass-box physics rule learner (GPRL) leading to prediction rules of future bubble array. Unlike the black-box machine learning approach, the glass-box approach seeks to unravel expressive rules of the phenomenon that can evolve. Without known principles, GPRL identifies plausible rules of bubble prediction with an elongated bubble array data that transitions from wet to dry states. Then, the best-so-far GPRL-identified rule is applied to an independent circular bubble array, demonstrating the potential generality of the rule. We explain how GPRL uses the spatio-temporal convolved information of early bubbles to mimic the scientist’s perception of bubble sides, shapes, and inter-bubble influences. This research will help combine foam physics and machine learning to better understand and control bubbles.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.