Database SQL infusion protecting method based on self-learning

A database and self-learning technology, applied in the fields of digital data protection, data exchange network, electronic digital data processing, etc., can solve the problem of high false positive rate in feature filtering, reduce false negatives and false positives, improve defense capabilities, and enhance defense Effects of SQL Injection Capability

Inactive Publication Date: 2009-12-23
STATE GRID ELECTRIC POWER RES INST +1
View PDF1 Cites 53 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Moreover, SQL injection methods are varied, and new attack methods appear almost every day. There are considerable defects in filtering based on known features, and the false positive rate of pure feature filtering is very high. For example, some prominent SQL injection statements contain 1=1 feature, if all the SQL statements containing the 1=1 feature are judged to be illegal during the feature inspection process, a large number of legal SQL statements will be blocked, and the injection attack method with the same effect as 1=1 is 2=2 , (1)=(1), abs(1)=abs(1), etc. may be missed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database SQL infusion protecting method based on self-learning
  • Database SQL infusion protecting method based on self-learning
  • Database SQL infusion protecting method based on self-learning

Examples

Experimental program
Comparison scheme
Effect test

specific example

[0108] 1) select*from a where username='chenfeng' and passwd=123;

[0109] 2) select * from USER_CATALOG where 1 = 1;

[0110] 3) select*from person where age=24 and name='li'and 1=1;

[0111] 402: Parse the SQL statement to generate a syntax tree. If there is an error in parsing, jump to 407;

[0112] For example, in the learning stage, all SQL statements are parsed to obtain syntax trees. A statement that does not conform to the SQL statement is directly judged as an illegal SQL statement.

[0113] 403: Analyze the syntax tree, obtain the access behavior features, and match the access behavior features with the knowledge base. If the matching is not successful, go to step 407; otherwise, go to step 404;

[0114] For select *from a where username='chenfeng'and passwd=123;

[0115] Database access behavior:

[0116] database object name

Types of

operate

1

a

surface

Inquire

2

username

List

Inquire

3...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a database SQL infusion protecting method based on self-learning, comprising a learning phase and a filtering phase. The learning phase works in safe environment. At the moment, all SQL sentences are legitimate SQL sentences generated by an application system. A knowledge model (knowledge base) of the legitimate SQL sentences can be constituted by analyzing the sentences as well as analyzing and summarizing the characteristics of the sentences on the basis of sentence analysis results. The filtering phase works in real environment. At the moment, all SQL sentences are assumed to be possibly illegitimate SQL sentences. The sentences undergo pattern matching with the knowledge base established in the safe environment. If the matching is successful, the sentences are legitimate SQL sentences, otherwise, the sentences are illegitimate SQL sentences. The database SQL infusion protecting method has the advantage that an SQL infusion protecting system based on learning the legitimate SQL sentences can greatly reduce the false report rate and missing report rate which are caused by traditional SQL infusion protection, and the defending capability of the whole system can be improved.

Description

technical field [0001] The invention relates to a database SQL injection protection method, in particular to a database SQL injection protection method based on self-learning. Background technique [0002] With the development of the Internet, the development of commercial dynamic websites based on B / S mode is more and more favored by major companies. There are also more and more application programmers. But the uneven level of programmers and the immaturity of security defense technology have brought many unsafe factors to the application system. Most web application systems need to interact with users, receive data from users and process it. If an attacker intentionally enters maliciously constructed data, the malicious code contained in these data will be blocked by the system or Other clients execute, thereby causing damage to the server or client, which is the so-called SQL injection. [0003] Since SOL injection is accessed from a normal WWW port, and it looks no di...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F17/30G06N1/00H04L12/26H04L29/06G06F21/60G06N99/00
Inventor 林为民张涛杨维永唐汗青石聪聪陈浩秦昊
Owner STATE GRID ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap