SQL injection attack detection system suitable for high speed LAN environment

An injection attack and detection system technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of high false positive rate, high false negative rate, SQL injection attack signature easily deceived, etc. Dealing with stress and reducing false positives

Inactive Publication Date: 2009-05-06
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This SQL injection attack detection method using traditional intrusion detection system attack signatures has the following problems: SQL injection attack signatures are difficult to accurately extract, resulting in a very high false positive rate; SQL injection attack signatures are easy to be deceived, resulting in a very high false negative rate high
In a typical SQL injection attack detection network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection attack detection system suitable for high speed LAN environment
  • SQL injection attack detection system suitable for high speed LAN environment
  • SQL injection attack detection system suitable for high speed LAN environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023]The SQL injection attack detection system suitable for high-speed local area network environment according to the present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0024] The architecture of the SQL injection attack detection system of the present invention is as attached image 3 As shown, it includes the following modules:

[0025] Data acquisition module: used to capture a large number of network data packets generated during the communication between the Web client and the Web application server; the network data packets can be captured in a bypass mode or a routing mode. In the bypass working mode, all network data packets in the monitored network can be captured through the mirror port of the hub, switch or router, and then the packets are filtered according to the HTTP service port (such as port 80) to obtain the network that needs further preprocessing data pack.

[0026] Data preprocessing module...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

SQL injection attack detection system adapting to high speed LAN environment comprises data acquisition module, data pretreatment module, filter module for object to be detected, SQL injection attack detection module and SQL injection alarming module. The data acquisition module acquires network data pack related with HTTP service from protected network; data pretreatment module resolves operation and establishes object to be detected and transmits to the filter module for object to be detected based on TCP stream reassembly and HTTp protocol; the filter module for object to be detected matches URL of every object to be detected according to filtering rule sequence established, and performs designated processing action of matched filtering rule. The Web object type of HTTP request is divided into static Web type and dynamic Web type; static Web type HTTP requests during real time SQL injection attack detection is filtered out, which largely relieves processing pressure for SQL injection attack detection module, reduces rate of false alarm.

Description

technical field [0001] The invention relates to the technical field of network security detection, in particular to a SQL injection attack detection system suitable for a high-speed local area network environment. Background technique [0002] SQL (Structure Query Language, Structured Query Language) injection attack means that the attacker uses the SQL injection vulnerability in the existing application program to inject malicious SQL commands into the background database engine for execution, so as to steal data or even control the database server. Purpose. The root cause of the SQL injection vulnerability is that the application uses user input data to construct dynamic SQL statements, and does not perform security checks and filters on user input data. SQL injection vulnerabilities are common in web applications that use the HTTP protocol (Hypertext Transfer Protocol, Hypertext Transfer Protocol) to implement communication between the client and the server. [0003] SQ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L12/28H04L29/06H04L29/08
Inventor 叶润国骆拥政李博孙海波周涛华东明
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap