System for real-time intrusion detection of SQL injection WEB attacks

An intrusion detection system and intrusion detection technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problems of high false alarm rate, special character filtering of input parameters, etc., and achieve the effect of low false alarm and high detection rate

Active Publication Date: 2012-01-04
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The second case is that the SQL is simply composed of input parameters used by the web application system, and necessary operations such as "length check, special character filtering" and other necessary operations are not performed on the input parameters.
Therefore, if the system simply judges by special characters, then this simple judgment method will lead to a high false alarm rate
If the system wants to capture the exact known format like 1=1, it is useless when the attacker could change to z=z or jf8rut=jf8rut

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System for real-time intrusion detection of SQL injection WEB attacks
  • System for real-time intrusion detection of SQL injection WEB attacks
  • System for real-time intrusion detection of SQL injection WEB attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0078] Example 1: Referring to the graph, in figure 1 The real-time abnormal SQL injection detection system consistent with the present invention is represented by numeral 10. The development goal of system 10 is to be used for detecting abnormal SQL injection, and through such as Figure 10 The shown association of the database layer 520 and the web application layer 510 achieves high accuracy and low false alarms. The database layer 520 corresponds to figure 2 The background database 220 in. Web application layer 510 corresponds to figure 2 WEB applications run by the Web server 210 or other computer devices.

[0079] figure 2 yes figure 1 The system 10 in the figure is applied to a website 200 to perform real-time abnormal SQL injection attack detection. Website 200 includes a WEB server 210 that provides WEB applications to end users 205, which may be personal computers, laptops, notebook PCs, notepads, or other computer devices with web browsers. In this group ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a real time intrusion detection system for detecting SQL injection Web aggression, including a method for providing learning normal database and Web application standard query statement (SQL) query data for a Website; a method for capturing real time database and Web application SQL query data for a Website; a method for detecting typical SQL injection aggression based on the normal database and Web application standard query statement (SQL) query data, as well as the real time database and Web application SQL query data. The beneficial effects of the present invention are that the invention can not only detect common SQL injection aggression, also has low alarm by mistake and high detection rate and the like.

Description

technical field [0001] The invention relates to the field of WEB application intrusion detection, in particular to a real-time intrusion detection system for SQL injection into WEB attacks. Background technique [0002] Abnormal network intrusion detection is different from traditional intrusion inspection. It detects new data by comparing the current data with the previously obtained "security model" to see if the difference between the two exceeds the error range. One of the advantages of anomalous intrusion detection is that it does not require a large signature database. [0003] Signature detection-based intrusion detection systems (IDS) are the most widely used systems in the world today because they can detect known attacks very quickly and accurately. However, the IDS based on signature detection is very weak in detecting unknown attacks, because once the attacker slightly deforms the attack behavior, it is difficult to match the signature. Therefore, attackers can...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L63/168H04L63/1425
Inventor 范渊杨永清卢天华
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products