Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Sql (Structured query language) injection detection method and device

A detection method and detection device technology, applied in the field of network security, can solve problems such as false positives and poor execution efficiency, and achieve the effects of high execution efficiency and reduced false positive rate.

Active Publication Date: 2014-02-05
重庆云流未来科技有限公司
View PDF5 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] It can be seen that the existing sql injection detection method not only has poor execution efficiency, but also easil

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sql (Structured query language) injection detection method and device
  • Sql (Structured query language) injection detection method and device

Examples

Experimental program
Comparison scheme
Effect test
No Example Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an sql (Structured query language) injection detection method and device, and belongs to the technical field of network security. The method comprises the following steps: extracting http (hypertext transport protocol) parameters from an http request; combining each http parameter with each predefined dynamic sql template into an sql sentence; performing grammatical analysis on each sql sentence respectively, determining that the http parameter does not lead to an sql injection attack if the sql sentence is inconsistent with an sql grammatical rule, and outputting a marked character string which corresponds to the sql sentence if the sql sentence is consistent with an sql grammatical rule; matching the marked character string with a marked character string set having an sql injection attach characteristic, and determining that the http request is an sql injection attack if matching is successful. According to the method and the device, the execution efficiency of sql injection detection can be increased, and the false alarm rate of sql injection detection is lowered.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a SQL injection detection method and device. Background technique [0002] Hackers often use sql (structure query language, structured query language) injection vulnerabilities to perform various illegal database operations when invading websites, such as stealing sensitive information and obtaining system management permissions. Traditional WAF (Web Application Firewall, Web Application Firewall) usually uses regular expressions for SQL injection matching when filtering SQL injection attacks, or directly searches SQL syntax keywords. [0003] When using regular expressions for matching or directly searching for sql syntax keywords, it is often necessary to match the entire data submitted by the user before intercepting, which will lead to relatively low execution efficiency. [0004] In addition, because regular expressions do not have the ability to analyze context, w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/30G06F17/27
CPCH04L63/1416G06F21/554
Inventor 石祖文
Owner 重庆云流未来科技有限公司
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com