Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Machine learning-based SQL injection detection method, and database security system

A technology of machine learning and detection methods, applied in computer security devices, electrical digital data processing, special data processing applications, etc., can solve problems affecting the normal operation of Web services, normal HTTP request interception, labor-intensive analysis, etc., and achieve background information The effect of low dependence, lower false alarm rate, and good scalability

Inactive Publication Date: 2018-09-18
XIDIAN UNIV
View PDF2 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Requires extensive manual analysis and is prone to missed detection
[0003] In summary, the problems in the prior art are: Need to obtain the source code of the Web service, or need to spend a lot of manual analysis to build a matching model of legal or illegal SQL
If the false positive rate of the system is too high, then its judgment result cannot be used as the basis for filtering SQL requests, otherwise normal HTTP requests are likely to be intercepted, affecting the normal operation of Web services

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Machine learning-based SQL injection detection method, and database security system
  • Machine learning-based SQL injection detection method, and database security system
  • Machine learning-based SQL injection detection method, and database security system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0037] The invention uses a machine learning algorithm to train a detection model and deploys the model between a Web client and a server to classify HTTP requests and judge whether they contain SQL injection attacks.

[0038] like figure 1 As shown, the machine learning-based SQL injection detection method provided by the embodiment of the present invention includes the following steps:

[0039]S101: Acquire a training data set for machine learning. Build a SQL injection sample library, collect HTTP request samples containing SQL injection attacks and normal HTTP request samples, and mark them as training materials for ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a machine learning-based SQL injection detection method, and a database security system, and belongs to the technical field of network security. The machine learning-based SQLinjection detection method comprises the steps of extracting parameters from HTTP requests, generating a grammar tree of a sample through lexical analysis and grammatical analysis, extracting featuresof the grammar tree and a URL, and performing training by adopting a machine learning algorithm of a support vector machine; and deploying a trained classification model between a Web service and a client, classifying the HTTP requests in a production environment, when it is judged that the HTTP requests comprise SQL injection attacks, giving a warning and blocking the requests, and finally storing the requests in an SQL injection attack sample library. According to the method, the dependency on background information is low, so that the HTTP requests received by the Web service only need tobe obtained; the deployment difficulty is low, so that the classification model can be deployed between a Web server and the client to serve as a flow filter; the method has high accuracy; the methodhas a continuous learning capability; and the method has high expansibility.

Description

technical field [0001] The invention belongs to the technical field of data network security, and in particular relates to a machine learning-based SQL injection detection method and a database security system. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: SQL is the abbreviation of Structured Query Language (Structured Query Language), which is a language for operating databases. SQL injection refers to inserting specific SQL commands into HTTP requests to trick the server into executing malicious SQL commands, thereby stealing, tampering or maliciously deleting data. Traditionally, the prevention of SQL injection is mainly carried out in two stages. The first is protection at the stage of writing Web service source code. Developers follow the empirical guidelines for preventing SQL injection when writing source code, and use methods such as "check parameter format", "filter special characters", and "bind...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/30
CPCG06F21/562
Inventor 刘亚黄刚李洪超
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com