A database proxy device for defending against sql injection attacks

Abstract

The invention provides a database agent apparatus for defending SQL injection attacks. The apparatus comprises a statement receiving module, a tag processing module, a statement grouping module, an injection attack detection module and a statement execution module. The statement receiving module receives an SQL statement forwarded by each application server. The tag processing module detects whether a tag in each statement is legal or not; and if yes, the tag in the statement is removed, otherwise, the statement is discarded. The statement grouping module divides the statements with the same contents in the statements subjected to tag removal into a group. The injection attack detection module detects whether the number of the statements in each group is equal to 2n+1 or n+1; if the number of the statements in each group is equal to 2n+1, the statements in the group are output; if the number of the statements in each group is equal to n+1 but is less than 2n+1, an alarm is given while the statements in the group are output; and if the number of the statements in each group is less than n+1, the statements in the group are discarded and the alarm is given. The statement execution module sends the received statements to a database server. The apparatus can defend unknown attack behaviors to realize high security and high reliability of a database.

Description

technical field [0001] The invention relates to the field of network security, and more specifically, relates to a database proxy device for defending against SQL injection attacks. Background technique [0002] In today's network environment, as an important storage tool, databases often store a large amount of valuable data, including user information, corporate data, financial finance, business secrets, intellectual property rights, customer order information, etc. It goes without saying. Therefore, databases often become the main target of network hackers. Network hackers use various ways, various attack tools, and various deceptive means to obtain the information they want. Therefore, it is very important to ensure the security of the database. [0003] The most common database security threat is SQL injection attack. SQL injection attack refers to passing special input statements into the web application server, and most of these inputs are some combinations of SQL s...

AI Technical Summary

Problems solved by technology

This solution has serious problems in the following two aspects: 1) It cannot do anything about unknown injection vulnerabilities; 2) Too many blacklists will cause high false positives, which will affect normal user use

[0006] detection system supporting multiple database types" discloses a SQL injection attack detection system that supports multiple types of databases, which includes multiple SQL injection attack detection modules with different syntax rules to filter and check the parameters submitted by users, so this solution is also a A defense method based on known attack behavior characteristics, which is ineffective against SQL injection attacks with unknown characteristics

Images