A Hot Query Bank approach to improve detection performance against SQL injection attacks

SQL injection attacks (SQLIAs) exploit web sites by altering backend SQL statements through manipulating application input. With the growing popularity of web applications, such attacks have become a serious security threat to users and systems as well. Existing dynamic SQLIA detectors provide high detection accuracy yet may have ignored another focus: efficiency. Our research has found that inside most systems exist many hot queries that current SQLIA detectors have repeatedly verified. Such repetition causes unnecessary waste of system resources.