Injection attack detection method, device, server and storage medium

An injection attack and detection method technology, applied in the computer field, can solve problems such as malicious query statements, failure of the server to successfully detect query statement injection loopholes, and false negatives, so as to avoid writing operations, improve security, and improve efficiency.

Active Publication Date: 2021-08-17
BEIJING DAJIA INTERNET INFORMATION TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, attackers often design such input data: although it does not match regular expressions, malicious query statements will be generated based on the input data, so that this input data can bypass the detection based on regular expressions, making The server cannot successfully detect that there is an injection vulnerability in the query statement, resulting in false negatives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Injection attack detection method, device, server and storage medium
  • Injection attack detection method, device, server and storage medium
  • Injection attack detection method, device, server and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0072] Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

[0073] Several terms involved in this application are introduced below.

[0074] Runtime application self-protection technology (English full name: runtime application self-protection, English abbreviation: RASP): It is a technology in the field of application security, which injects code blocks into the application program, and the code block is integrated with the application program. The cod...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The disclosure relates to an injection attack detection method, device, server and storage medium, and relates to the field of computer technology. This embodiment provides a method for detecting injection attacks that does not depend on regular expressions, by generating a query statement to be executed based on user input data, and obtaining context information of the query statement, according to the context information and the input data, detecting whether the processing logic of the query statement changes, and if it is detected that the processing logic of the query statement changes, it is determined that the query statement has an injection vulnerability, and the execution of the query statement is terminated. Through this detection method, the false positive rate and false negative rate can be reduced, and the accuracy of attack detection can be improved.

Description

technical field [0001] The present disclosure relates to the field of computer technology, and in particular to an injection attack detection method, device, server and storage medium. Background technique [0002] Structured Query Language (full English name: Structured Query Language, English abbreviation: SQL) is a database query and programming language for accessing data and querying, updating and managing relational database systems. Injection attacks refer to inserting malicious query statements into the input data and sending the input data to the server. In the process of processing the input data, the server will be tricked into executing malicious query statements, resulting in security risks. Therefore, effective Injection attacks can be accurately detected to avoid executing malicious query statements. [0003] In related technologies, a developer may pre-write multiple regular expressions, and pre-store the multiple regular expressions in the server. If the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 蔡思阳
Owner BEIJING DAJIA INTERNET INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap