@inproceedings{pavlich-etal-2025-beyond,
    title = "Beyond Text-to-{SQL} for {I}o{T} Defense: A Comprehensive Framework for Querying and Classifying {I}o{T} Threats",
    author = "Pavlich, Ryan  and
      Ebadi, Nima  and
      Tarbell, Richard  and
      Linares, Billy  and
      Tan, Adrian  and
      Humphreys, Rachael  and
      Das, Jayanta  and
      Ghandiparsi, Rambod  and
      Haley, Hannah  and
      George, Jerris  and
      Slavin, Rocky  and
      Choo, Kim-Kwang Raymond  and
      Dietrich, Glenn  and
      Rios, Anthony",
    editor = "Cao, Trista  and
      Das, Anubrata  and
      Kumarage, Tharindu  and
      Wan, Yixin  and
      Krishna, Satyapriya  and
      Mehrabi, Ninareh  and
      Dhamala, Jwala  and
      Ramakrishna, Anil  and
      Galystan, Aram  and
      Kumar, Anoop  and
      Gupta, Rahul  and
      Chang, Kai-Wei",
    booktitle = "Proceedings of the 5th Workshop on Trustworthy NLP (TrustNLP 2025)",
    month = may,
    year = "2025",
    address = "Albuquerque, New Mexico",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/fix-sig-urls/2025.trustnlp-main.1/",
    pages = "1--12",
    ISBN = "979-8-89176-233-6",
    abstract = "Recognizing the promise of natural language interfaces to databases, prior studies have emphasized the development of text-to-SQL systems. Existing research has generally focused on generating SQL statements from text queries, and the broader challenge lies in inferring new information about the returned data. Our research makes two major contributions to address this gap. First, we introduce a novel Internet-of-Things (IoT) text-to-SQL dataset comprising 10,985 text-SQL pairs and 239,398 rows of network traffic activity. The dataset contains additional query types limited in prior text-to-SQL datasets, notably, temporal-related queries. Our dataset is sourced from a smart building{'}s IoT ecosystem exploring sensor read and network traffic data. Second, our dataset allows two-stage processing, where the returned data (network traffic) from a generated SQL can be categorized as malicious or not. Our results show that joint training to query and infer information about the data improves overall text-to-SQL performance, nearly matching that of substantially larger models. We also show that current large language models (e.g., GPT3.5) struggle to infer new information about returned data (i.e., they are bad at tabular data understanding), thus our dataset provides a novel test bed for integrating complex domain-specific reasoning into LLMs."
}