Sql (Structured query language) injection detection method and device
A detection method and detection device technology, applied in the field of network security, can solve problems such as false positives and poor execution efficiency, and achieve the effects of high execution efficiency and reduced false positive rate.
Active Publication Date: 2014-02-05
重庆云流未来科技有限公司
View PDF5 Cites 32 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] It can be seen that the existing sql injection detection method not only has poor execution efficiency, but also easil
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Login to view more PUM
Login to view more Abstract
The invention provides an sql (Structured query language) injection detection method and device, and belongs to the technical field of network security. The method comprises the following steps: extracting http (hypertext transport protocol) parameters from an http request; combining each http parameter with each predefined dynamic sql template into an sql sentence; performing grammatical analysis on each sql sentence respectively, determining that the http parameter does not lead to an sql injection attack if the sql sentence is inconsistent with an sql grammatical rule, and outputting a marked character string which corresponds to the sql sentence if the sql sentence is consistent with an sql grammatical rule; matching the marked character string with a marked character string set having an sql injection attach characteristic, and determining that the http request is an sql injection attack if matching is successful. According to the method and the device, the execution efficiency of sql injection detection can be increased, and the false alarm rate of sql injection detection is lowered.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a SQL injection detection method and device. Background technique [0002] Hackers often use sql (structure query language, structured query language) injection vulnerabilities to perform various illegal database operations when invading websites, such as stealing sensitive information and obtaining system management permissions. Traditional WAF (Web Application Firewall, Web Application Firewall) usually uses regular expressions for SQL injection matching when filtering SQL injection attacks, or directly searches SQL syntax keywords. [0003] When using regular expressions for matching or directly searching for sql syntax keywords, it is often necessary to match the entire data submitted by the user before intercepting, which will lead to relatively low execution efficiency. [0004] In addition, because regular expressions do not have the ability to analyze context, w...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more IPC IPC(8): G06F21/56G06F17/30G06F17/27
CPCH04L63/1416G06F21/554
Inventor 石祖文
Owner 重庆云流未来科技有限公司
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap