{"links":{},"id":2002924,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02002924","sets":["1164:3925:11908:1749690073967"]},"path":["1749690073967"],"owner":"80578","recid":"2002924","title":["SQL文の構造変化に着目したSQLインジェクション脆弱性検出手法の提案"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-06-30"},"_buckets":{"deposit":"948e39ab-3c30-47ba-a3f9-caab82241a63"},"_deposit":{"id":"2002924","pid":{"type":"depid","value":"2002924","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"SQL文の構造変化に着目したSQLインジェクション脆弱性検出手法の提案","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"SQL文の構造変化に着目したSQLインジェクション脆弱性検出手法の提案","subitem_title_language":"ja"},{"subitem_title":"SQL Injection Vulnerability Detection Method Focusing on Clause Structure Changes in SQL Statements","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CSEC","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2025-06-30","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学大学院情報理工学研究科"},{"subitem_text_value":"立命館大学情報理工学部"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Infomation Science and Engineering, Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"College of Infomation Science and Engineering, Ritsumeikan University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2002924/files/IPSJ-CSEC25110090.pdf","label":"IPSJ-CSEC25110090.pdf"},"date":[{"dateType":"Available","dateValue":"2027-06-30"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC25110090.pdf","filesize":[{"value":"1.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"c73eae53-3193-4e85-b11f-6c569628b844","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"石田,優希"}]},{"creatorNames":[{"creatorName":"上原,哲太郎"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Webアプリケーションに対するSQLインジェクション攻撃は，深刻な被害をもたらす脅威である．有効な対策方法が確立されているにも関わらず，脆弱性の報告件数は依然として多い．この背景には脆弱性の発生原因やアプリケーションの特性に関する調査が不十分である可能性が考えられる．本研究では，SQLインジェクションに関連する脆弱性情報1000件を収集，分析し，脆弱性が発生したアプリケーションの種類や特徴，コードレベルでの脆弱性の発生原因を調査した．結果，全体の3割程度が，開発者の認識の誤りや関数の誤利用が脆弱性発生の原因であることを明らかにした．さらに，これらの調査結果に基づき，SQL文の構造変化に着目して脆弱性の検査を行うことで，先行研究よりも高い精度で脆弱性を検出できることを示した．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"9","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2025-06-30","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"90","bibliographicVolumeNumber":"2025-CSEC-110"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"created":"2025-06-23T08:48:00.281907+00:00","updated":"2025-06-23T08:48:04.269409+00:00"}