Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method for injection attack of database and system

A technology of injection attack and detection method, which is applied in the field of information security, can solve the problems of injection attack, inconvenient analysis after the event, and inability to distinguish normal access, etc., to achieve the effect of reducing workload and protecting security

Inactive Publication Date: 2010-12-01
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, from the perspective of database access behavior itself, whether it is the normal access of the user or the injection attack of the attacker, it is presented as submitting and running SQL statements to the database server, which leads to the fact that although the network security audit product can record the access information of the user to the database , but the audit product itself cannot distinguish whether the access behavior represented by a database access record is a normal access or a malicious injection attack
In this way, when an attacker implements an injection attack, the audit product can only record the behavior of the attacker, and cannot detect and block the attack in time, and can only identify the attack through post-mortem analysis.
In addition, the attacker's access records are submerged in a large number of access records, and security managers can only identify them through experience, which brings great inconvenience to post-event analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for injection attack of database and system
  • Detection method for injection attack of database and system
  • Detection method for injection attack of database and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The implementation of the present invention will be described in detail below in conjunction with the accompanying drawings and examples, so as to fully understand and implement the process of how to apply technical means to solve technical problems and achieve technical effects in the present invention.

[0040] The present invention first establishes an access behavior pattern library by self-learning historical access records, and then directly detects real-time access based on the access behavior pattern library, which can block database injection attacks in real time and prevent databases from being attacked by SQL injection.

[0041] figure 1 It is a schematic flow diagram of the method of the present invention. like figure 1 As shown, the method mainly includes the following steps:

[0042] Step S110, establishing a database access behavior pattern library by performing self-study on the historical access records of the database;

[0043] The access behavior p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method for the injection attack of a database and a system, detecting the access activities of a database in real time. The method comprises the following steps of: solely leaning through the history access record of the database and establishing an access activity pattern library of the database; receiving the real-time access of the database, judging whether the real-time access is injection attack or not according to the access activity pattern library and acquiring a judging result; and responding the real-time access according to the judging result and the preset response mode. Compared with the prior art, the invention can automatically recognize normal database access and injection attack and blocks the injection attack so as to protect the safety of a database server.

Description

technical field [0001] The invention relates to the field of information security, in particular to a database injection attack detection method and system. Background technique [0002] With the development of the Internet, the client / server (B / S) model has been more and more widely used. In the B / S mode, data interaction between the user and the background database server often occurs, that is, the user enters and submits data through a form on the web page of the client, and the application program of the server constructs an SQL statement based on the data submitted by the user and submits it to the database. The server processes and returns the processing result to the user. When developing applications in the B / S mode, many developers neglect to judge the legality of user input data, which makes the application security risks. The attacker can submit a piece of database query code, and steal some data he wants to know according to the result returned by the program. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F21/00G06F21/55
Inventor 周涛叶润国姚熙刘晖
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com