Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and apparatus for detecting structured query language injection attack

A structured query and injection attack technology, applied in the field of network security, can solve the problems of time-consuming, high false positive and false negative rate, low detection efficiency, etc., to reduce the number of characters, improve the detection efficiency, and shorten the matching time.

Active Publication Date: 2015-12-16
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF5 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The key to SQL injection attack detection technology in the prior art is to maintain a reasonable regular feature library of SQL injection attack statements. On the one hand, due to the variability of SQL injection attacks, the regular feature library coverage of SQL injection statements cannot be absolutely comprehensive , when the SQL statement to be detected is regularly matched with the statements in the SQL injection statement feature library, the rate of false positives and false negatives is high; on the other hand, as the coverage of the SQL injection statement regular feature library is increasing, the When the SQL statement to be detected is regularly matched with the SQL injection statement regular feature library, it will take a lot of time, resulting in very low detection efficiency. This is a well-known shortcoming of regular matching
[0005] To sum up, in the prior art, when the SQL statement to be detected is regularly matched with the SQL injection statement regular feature library, the detection efficiency is low, and the rate of false positives and false negatives is high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for detecting structured query language injection attack
  • Method and apparatus for detecting structured query language injection attack
  • Method and apparatus for detecting structured query language injection attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The specific implementation of a method and device for detecting a structured query language SQL injection attack provided by an embodiment of the present invention will be described in detail below with reference to the accompanying drawings.

[0025] A method for detecting a structured query language SQL injection attack provided by an embodiment of the present invention, such as figure 1 As shown, the method includes:

[0026] Step 102, obtain the SQL statement to be detected, and analyze the SQL statement to be detected, obtain the lexical and lexical order contained in the SQL statement to be detected, and then according to the corresponding relationship and The lexical and lexical order contained in the SQL statement to be detected convert the SQL statement to be detected into a character string to be detected, wherein the number of characters contained in the character string to be detected is less than the number of characters contained in the SQL statement to b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and an apparatus for detecting structured query language (SQL) injection attack. The method and the apparatus for detecting the SQL injection attack are used for improving the detection efficiency of the SQL injection attack and reducing the false and missing alarm rate. The method for detecting the SQL injection attack comprises the steps: acquiring a to-be-detected SQL statement, analyzing the to-be-detected SQL statement to obtain morphologies and a morphology sequence contained in the to-be-detected SQL statement, and transforming the to-be-detected SQL statement into a to-be-detected character string according to a corresponding relation between each morphology and a specified character or a specified character string as well as the morphologies and the morphology sequence contained in the to-be-detected SQL statement; matching the to-be-detected character string with the character string in a character string library corresponding to a prestored SQL injection (SQLI) statement; and determining that the SQL injection attack exists when the to-be-detected character string is matched with any character string in the character string library corresponding to the prestored SQLI statement.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting a structured query language SQL injection attack. Background technique [0002] Structured Query Language (SQL) injection is a technique that is often used to compromise a website. By inserting SQL commands into a web page (Web) form to submit or input a domain name or a query string for a page request, the server is finally tricked into executing malicious SQL commands. [0003] The principle of the SQL injection attack detection technology in the prior art is as follows: maintain a regular feature library of the SQL injection attack statement, which includes the SQL injection statement and the regular expression of the SQL injection statement; Extract the SQL statement to be detected in the hypertext transfer protocol (HyperTextTransferProtocol, HTTP) request uniform resource locator (UniformResourceLocator, URL), and carry out regula...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/30
CPCG06F16/2433G06F16/90344G06F21/563
Inventor 赵阳肖丰佳
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com