Injection attack detection method and device, server and storage medium

A technology of injection attack and detection method, which is applied in the computer field, can solve the problems that the server cannot successfully detect query statement injection loopholes, false positives, malicious query statements, etc., so as to avoid writing operations, improve efficiency, and improve security.

Active Publication Date: 2019-09-10
BEIJING DAJIA INTERNET INFORMATION TECH CO LTD
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, attackers often design such input data: although it does not match regular expressions, malicious query statements will be generated based on the input data, so that this input data can bypass the detection based on regular expressions, making The server cannot successfully detect that there is an injection vulnerability in the query statement, resulting in false negatives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Injection attack detection method and device, server and storage medium
  • Injection attack detection method and device, server and storage medium
  • Injection attack detection method and device, server and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0072] Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

[0073] Several terms involved in this application are introduced below.

[0074] Runtime application self-protection technology (English full name: runtime application self-protection, English abbreviation: RASP): It is a technology in the field of application security, which injects code blocks into the application program, and the code block is integrated with the application program. The cod...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an injection attack detection method and device, a server and a storage medium, and relates to the technical field of computers. The embodiment of the invention provides a method for detecting an injection attack without depending on a regular expression. The method comprises the steps of generating a to-be-executed query statement based on input data of a user; obtaininginput data of a query statement, obtaining context information of the query statement, detecting whether processing logic of the query statement is changed or not according to the context informationand the input data, if it is detected that the processing logic of the query statement is changed, determining that an injection vulnerability exists in the query statement, and terminating executionof the query statement. Through the detection mode, the false alarm rate and the missing alarm rate can be reduced, and the attack detection accuracy is improved.

Description

technical field [0001] The present disclosure relates to the field of computer technology, and in particular to an injection attack detection method, device, server and storage medium. Background technique [0002] Structured Query Language (full English name: Structured Query Language, English abbreviation: SQL) is a database query and programming language for accessing data and querying, updating and managing relational database systems. Injection attacks refer to inserting malicious query statements into the input data and sending the input data to the server. In the process of processing the input data, the server will be tricked into executing malicious query statements, resulting in security risks. Therefore, effective Injection attacks can be accurately detected to avoid executing malicious query statements. [0003] In related technologies, a developer may pre-write multiple regular expressions, and pre-store the multiple regular expressions in the server. If the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 蔡思阳
Owner BEIJING DAJIA INTERNET INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap