Command injection attack detection method and device thereof, computer equipment and storage medium

A command injection and detection method technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve problems such as high data recognition, affecting the normal business operation of web application servers, and difficult to detect SQL injection attack data, etc., to achieve The effect of improving safety

Active Publication Date: 2021-05-07
EVERSEC BEIJING TECH
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, once a single point of failure occurs in the database security protection system, it will affect the normal business operation of the web application server
Moreover, the database security protection system only has a high degree of recognition for data based on the HTTP (HyperText Transfer Protocol) protocol, and it is difficult to detect SQL injection attack data in other protocol data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Command injection attack detection method and device thereof, computer equipment and storage medium
  • Command injection attack detection method and device thereof, computer equipment and storage medium
  • Command injection attack detection method and device thereof, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] figure 1 This is a flow chart of a method for detecting a command injection attack provided by Embodiment 1 of the present invention. This embodiment can be applied to the situation where the command injection attack is detected in real time, and when the command injection attack is detected, the method is blocked in time. It may be performed by means for detecting command injection attacks, which may be implemented in software and / or hardware, and are typically integrated in computer equipment.

[0024] like figure 1 As shown, the technical solution of the embodiment of the present invention specifically includes the following steps:

[0025] S110. Acquire traffic data in real time through an in-depth packet inspection device, where the in-depth packet inspection device is deployed in a bypass of the server.

[0026] The deep packet inspection (Deep Packet Inspection, DPI) device can detect and analyze the traffic and packet content at key points of the network, and ...

Embodiment 2

[0041] Figure 2a It is a flow chart of a method for detecting a command injection attack provided by Embodiment 2 of the present invention. On the basis of the foregoing embodiments, the embodiment of the present invention includes the process of acquiring traffic data in real time, the process of analyzing traffic data, and analyzing data The process of matching the packet with the command injection attack rule and the process of blocking the flow data of the sender of the packet are further specified.

[0042] Correspondingly, such as Figure 2a As shown, the technical solution of the embodiment of the present invention specifically includes the following steps:

[0043] S210. Obtain in real time the traffic data acquired, copied and sent by the traffic diversion device through the deep packet detection device.

[0044] In the embodiment of the present invention, a drainage device is set in the server and the external network link. Optionally, the diversion device may be...

Embodiment 3

[0065] image 3 It is a schematic structural diagram of a detection device for a command injection attack provided by Embodiment 3 of the present invention. The device includes: a traffic data acquisition module 310, a data packet matching module 320, and a traffic data blocking module 330, wherein:

[0066] The traffic data acquisition module 310 is configured to acquire traffic data in real time through a deep message detection device, and the deep message detection device is deployed in a server bypass;

[0067] The data packet matching module 320 is used to analyze the traffic data, obtain data packets of multiple protocol types, and match each of the data packets with the command injection attack rules;

[0068] The flow data blocking module 330 is configured to block the flow data of the sender of the data packet and issue a command injection attack alarm if it is determined that the target data packet matches the command injection attack rule.

[0069] In the technical...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a command injection attack detection method and a device thereof, computer equipment and a storage medium. The method comprises the following steps: acquiring flow data in real time through deep packet inspection equipment, wherein the deep packet inspection equipment is deployed in a server bypass; analyzing the traffic data to obtain data packets of multiple protocol types, and matching each data packet with a command injection attack rule; if it is determined that the target data packet is matched with the command injection attack rule, blocking traffic data of a data packet sender, and performing command injection attack warning. By using the technical scheme of the invention, the SQL injection attack can be detected and blocked in real time while the normal business of the Web application server is ensured, and the security of the Web application server is improved.

Description

technical field [0001] Embodiments of the present invention relate to information security and attack detection technologies, and in particular, to a command injection attack detection method, apparatus, computer device, and storage medium. Background technique [0002] Command injection attack, also known as SQL (Structured Query Language, Structured Query Language) injection attack, is one of the methods of database security attacks. The attacker inserts SQL commands into the input field of a web form or the query string of a page request to deceive the server to execute Malicious SQL commands, so as to achieve the purpose of invading the database and even the operating system. [0003] In the prior art, the database security protection system is deployed in series between the web application server and the external network link, and the SQL injection attack is detected through the database security protection system. However, once a single point of failure occurs in the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1425H04L63/1466H04L41/0631
Inventor 候天齐梁彧田野傅强王杰杨满智蔡琳金红陈晓光
Owner EVERSEC BEIJING TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap