Supercharge Your Innovation With Domain-Expert AI Agents!

SQL (Structured Query Language) injection detection system and method based on cloud environment

A detection system and detection method technology, applied in the computer field, can solve problems such as firewall identification and blocking, achieve the effects of reducing performance configuration and network bandwidth requirements, increasing difficulty, and shortening the time for injection detection

Inactive Publication Date: 2015-03-04
ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD +1
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0024] 2) The same IP sends a large number of requests to the server, which is easily identified and blocked by the firewall

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL (Structured Query Language) injection detection system and method based on cloud environment
  • SQL (Structured Query Language) injection detection system and method based on cloud environment
  • SQL (Structured Query Language) injection detection system and method based on cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] see figure 2 , is a structural block diagram of a cloud environment-based SQL injection detection system provided by an embodiment of the present invention. The SQL injection detection system 100 based on the cloud environment includes: a client 10, a cloud server 20 and a target host 30, and the cloud server 20 includes a first input / output interface 201 connected in sequence, an SQL error display injection unit 202 and a second Input / output interface 203, the first input / output interface 201 is correspondingly connected to the client 10, and the second input / output interface 203 is correspondingly connected to the target host 30, wherein, combined figure 2 and image 3 :

[0055] The client 10 sends an injection request for information of N databases / tables / columns / records to the cloud server 20 through the first input / output interface 201 of the cloud server 20 .

[0056] According to the injection request received by the first input / output interface 201, the SQ...

Embodiment 2

[0062] see Figure 4~5 , is a structural block diagram of another cloud-based SQL injection detection system provided by an embodiment of the present invention. Like Embodiment 1, the SQL injection detection system 200 based on the cloud environment of this embodiment includes: a client 10, a cloud server 20, and a target host 30, and the cloud server 20 includes a first input / output interface 201, The SQL error injection unit 202 and the second input / output interface 203, the first input / output interface 201 is correspondingly connected to the client 10, and the second input / output interface 203 is correspondingly connected to the target host 30. The difference is that the cloud server 20 of this embodiment also includes a half method guessing unit 204. The half method guessing unit 204 is used for:

[0063] Based on the SQL error display injection unit 202 receiving N request results corresponding to the database / table / column / record information returned by the target host ...

Embodiment 3

[0067] refer to Figure 6 , the present embodiment discloses a method for detecting SQL injection based on a cloud environment, comprising steps:

[0068] S501. The cloud server receives injection requests for N databases / tables / columns / record information sent in parallel by the client, and determines the injection type of the injection request and detects the N database types;

[0069] S502. Based on the injection request, the cloud server sequentially sends N requests to the target host to respectively acquire corresponding database / table / column record information;

[0070] S503. The cloud server sequentially receives N request results corresponding to the database / table / column / record information returned by the target host in parallel each time;

[0071] S504. The cloud server combines the N request results received each time and sends them to the client.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a SQL (Structured Query Language) injection detection system based on cloud environment. The SQL injection detection system comprises a client, a cloud server and a target host, wherein the cloud server comprises a SQL fault indication injection unit; the SQL fault indication injection unit successively sends N requests used for independently obtaining corresponding database / table / list / recorded information according to the injection types of N injection requests, which are sent by the client, to a database / table / list / recorded information; and after N request results, which are returned in parallel, of the corresponding database / table / list / recorded information by the target host each time are combined, a combined result is sent to the client. The invention also provides a SQL injection detection method based on the cloud environment.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a cloud environment-based SQL injection detection system and method. Background technique [0002] SQL injection is to insert SQL commands into Web forms to submit or enter query strings for domain names or page requests, and finally trick the server into executing malicious SQL commands. [0003] Specifically, it is the ability to use existing applications to inject (malicious) SQL commands into the back-end database engine for execution. It can get a website with a security hole by entering a (malicious) SQL statement in a web form. The database, rather than executing SQL statements according to the designer's intention. [0004] In the SQL error display injection process in the prior art, the client computer directly sends a serial request to the target host computer, and all operations are performed on the client computer / target host computer, such as figure 1 shown, incl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06H04L12/26G06F21/56
CPCH04L63/1466G06F21/55H04L67/01
Inventor 蒙家晓杨航陈华军郭晓斌许爱东吴争荣刑涛蔡渊
Owner ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com