Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Structured query language (SQL) injection attack detection method and device

A structured query and injection attack technology, applied in program control devices, computer security devices, program control design, etc., can solve problems such as low precision, misjudgment of detection, and poor universality

Inactive Publication Date: 2017-07-28
BEIJING VENUS INFORMATION SECURITY TECH +1
View PDF2 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, based on the feature detection method, if the keywords of the SQL grammar are often natural language words, there is a certain probability that the above keywords will appear in normal web interaction, which will lead to misjudgment; It is much better than feature detection, but some relatively simple parameters may hit the grammar, causing false positives; in addition, the limitation of the third detection method is that it needs to understand every source code fragment involving SQL statement submission on the web server, and needs to Targeted settings, poor universal applicability
Therefore, in summary, the methods for detecting SQL injection in the prior art have low precision or poor universality

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Structured query language (SQL) injection attack detection method and device
  • Structured query language (SQL) injection attack detection method and device
  • Structured query language (SQL) injection attack detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] In order to make the purpose, technical solution and advantages of the present invention more clear, the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

[0023] The steps shown in the flowcharts of the figures may be performed in a computer system, such as a set of computer-executable instructions. Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0024] The webpage application system server based on the Java virtual machine environment involved in the embodiment of the present invention may be a server deployed with webpage applications and webpage application resources, and is used to detect the a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a structured query language (SQL) injection attack detection method and device. The SQL injection attack detection device comprises a plug-in association module, an analysis module, a self-learning module and a detection module. Based on a webpage application system server of a Java virtual machine environment, URL and parameter information in business request information of a client are associated with a triggered SQL statement, syntax analysis is carried out on the SQL statement to construct an SQL syntax tree through self-learning of the URL to identify effective parameter information, after the self-learning process, a relation model of the business request information which the URL and the effective parameter information belong to, and the SQL syntax tree of the associated SQL statement is established, the relation model is taken as the inspection reference, the relationship between the subsequent business request information and the SQL syntax tree of the associated SQL statement is inspected by being compared with the reference, if the inspection result is not consistent, it is determined that an SQL injection attack is detected, business access is rejected, and therefore the SQL injection attack can be detected accurately, and the business access safety of the network application is guaranteed.

Description

technical field [0001] The invention relates to the technical field of network application security, in particular to a method and a device for detecting structured query language SQL injection attacks. Background technique [0002] At present, with the rapid development of network technology, more and more application services use the Internet (Web) to provide external interaction and services. However, most application services are vulnerable to security threats during use. Among them, the most common The biggest security threat is Structured Query Language (Structured Query Language, referred to as: SQL) injection attack, which will cause sensitive data leakage, Trojan horse implantation and other consequences, thus causing great harm. [0003] In the prior art, most manufacturers usually detect SQL injection mainly based on feature detection. The feature detection method refers to checking whether there are SQL statement keywords in each parameter of the web request head...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F9/455
CPCG06F21/566G06F9/45504G06F2221/034
Inventor 黄宇鸿姜天宇许金鹏
Owner BEIJING VENUS INFORMATION SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com