A SQL injection attack detection method and system

A technology for injecting attack and detection methods, applied in transmission systems, digital transmission systems, instruments, etc., can solve the problems of easy spoofing of attack signatures and inaccurate extraction of attack signatures, and overcome difficulties in extraction and deception, No need for frequent updates, reducing the effect of false positive rate and false negative rate

Inactive Publication Date: 2008-09-17
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 65 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to overcome the shortcomings of the existing SQL injection attack detection method due to inaccurate extraction of attack feature signatures and easy spoofing of attack feature signatures, and to provide a SQL injection attack detection method and system based on SQL injection attack detection syntax rules

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A SQL injection attack detection method and system
  • A SQL injection attack detection method and system
  • A SQL injection attack detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0039] The SQL injection attack detection method of the present invention includes two working stages: a SQL injection attack detection knowledge base construction stage and a real-time SQL injection attack detection stage.

[0040] as attached figure 1 As shown, the SQL injection attack detection knowledge base construction phase includes the following steps:

[0041] 101) Collect SQL injection attack samples in various scenarios;

[0042] The root of the SQL injection vulnerability lies in the use of dynamic SQL functions supported by various relational databases in the development of Web database programs. Various popular relational databases including MS SQL Server, ORACLE, DB2, Informix, MySQL, PostgreSQL, etc. all support the use of dynamic SQL functions in the development of Web database programs. In general Web database program development, d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An SQL injection attack detecting method and system are provided, comprising building phase of SQL injection attack detecting knowledge base and detecting phase for real-time SQL injection attack. The build of SQL injection attack detecting knowledge base comprises collection of SQL injection attack sample for sorts of scenes, classification of SQL injection ways, and build of SQL injection attack detecting grammar rules aiming at sorts of SQL injection ways; the detecting phase for real-time SQL injection attack comprises extraction and decoding of user inputting data in HTTP request message and matching of the SQL injection attack detecting grammar rules and so on. This invention defines the SQL injection attack detecting grammar rules by using SQL grammar instead of defining the SQL injection attack detecting grammar rules based on the traditional attack characteristic. The invention overcomes shortcomings of uneasy extraction and inclined fraud of the attach characteristic sign of the SQL injection attack incident, which significantly reduces rate of wrong report and rate of missing report while invading the detecting system for detecting SQL injection attack.

Description

technical field [0001] The invention relates to the technical field of network security detection, in particular to a SQL injection attack detection method and system that can be used for intrusion detection and defense products. Background technique [0002] SQL (Structure Query Language, Structured Query Language) is a kind of query, insert, update and delete data, generate, modify and delete database objects, provide database security mechanism, database integrity and data protection control, and is a general data-oriented database Handles language specifications. SQL injection attacks refer to the fact that attackers use existing applications that do not strictly check and filter user input data to inject malicious SQL commands into the background database engine for execution, so as to steal data or even control the database server. The root cause of the SQL injection vulnerability is that the application uses user input data to construct dynamic SQL statements, and do...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L9/32H04L29/08G06F17/30
Inventor 叶润国骆拥政李博朱钱杭鲁文忠王洋周涛
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap