Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for identifying SQL injection attacks

A technology of injection attack and identification method, which is applied in the identification field of SQL injection attack, and can solve problems such as low detection efficiency, false positives, and all character matching

Active Publication Date: 2014-04-23
BEIJING QIANXIN TECH
View PDF5 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Regular expressions are character-based logical filtering, and the detection efficiency is low
In order to improve efficiency, it is generally impossible to match all characters, but only for a specific range of data (for example, only detect the first 20 characters), which will lead to false negatives
In addition, there is a situation where if the user writes the data about the SQL statement himself, the actual situation is only a technical discussion and there will be no SQL injection attack. The current identification scheme has no special processing method for the data containing the SQL statement sent by the user himself. , a false positive will occur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying SQL injection attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0023] see figure 1 , is a flowchart of a method for identifying an SQL injection attack provided by an embodiment of the present invention. The method mainly includes the following steps.

[0024] S101: Based on SQL lexical syntax analysis, establish a SQL injection feature library based on SQL syntax elements and SQL syntax fields;

[0025] (1) Lexical analysis

[0026] After lexical analysis, the following SQL syntax elements...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for identifying SQL (Structured Query Language) injection attacks, wherein the method comprises the steps of establishing an SQL injection feature library based on SQL syntax elements and SQL syntax fields through SQL lexical and syntactic analysis, obtaining target data, performing the SQL lexical and syntactic analysis on the target data and obtaining all SQL syntax elements and SQL syntax fields included in the target data, next, matching all of the obtained SQL syntax elements and SQL syntax fields included in the target data with the SQL injection feature library, and if matching is successful, determining the existence of the SQL injection attacks. The method and the device are capable of improving the efficiency of identifying SQL injection and reducing misinformation and failures in report.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for identifying SQL injection attacks. Background technique [0002] The so-called SQL injection is to insert SQL commands into Web forms to submit or input query strings for domain names or page requests, and finally trick the server into executing malicious SQL commands. [0003] SQL injection attacks occur when an application uses input to construct dynamic SQL statements to access a database. SQL injection can also occur if the code uses stored procedures that are passed as strings containing unfiltered user input. SQL injection can lead to an attacker using application logins to execute commands in the database. This problem can become severe if the application connects to the database using an overly privileged account. In some forms, the content entered by users is directly used to construct (or affect) dynamic SQL commands, or as input para...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F12/14G06F15/16
Inventor 姚熙
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com