Structured query language (SQL) injection attack detection method and device

Abstract

The invention discloses a structured query language (SQL) injection attack detection method and device. The SQL injection attack detection device comprises a plug-in association module, an analysis module, a self-learning module and a detection module. Based on a webpage application system server of a Java virtual machine environment, URL and parameter information in business request information of a client are associated with a triggered SQL statement, syntax analysis is carried out on the SQL statement to construct an SQL syntax tree through self-learning of the URL to identify effective parameter information, after the self-learning process, a relation model of the business request information which the URL and the effective parameter information belong to, and the SQL syntax tree of the associated SQL statement is established, the relation model is taken as the inspection reference, the relationship between the subsequent business request information and the SQL syntax tree of the associated SQL statement is inspected by being compared with the reference, if the inspection result is not consistent, it is determined that an SQL injection attack is detected, business access is rejected, and therefore the SQL injection attack can be detected accurately, and the business access safety of the network application is guaranteed.

Description

technical field [0001] The invention relates to the technical field of network application security, in particular to a method and a device for detecting structured query language SQL injection attacks. Background technique [0002] At present, with the rapid development of network technology, more and more application services use the Internet (Web) to provide external interaction and services. However, most application services are vulnerable to security threats during use. Among them, the most common The biggest security threat is Structured Query Language (Structured Query Language, referred to as: SQL) injection attack, which will cause sensitive data leakage, Trojan horse implantation and other consequences, thus causing great harm. [0003] In the prior art, most manufacturers usually detect SQL injection mainly based on feature detection. The feature detection method refers to checking whether there are SQL statement keywords in each parameter of the web request head...

AI Technical Summary

Problems solved by technology

[0004] However, based on the feature detection method, if the keywords of the SQL grammar are often natural language words, there is a certain probability that the above keywords will appear in normal web interaction, which will lead to misjudgment; It is much better than feature detection, but some relatively simple parameters may hit the grammar, causing false positives; in addition, the limitation of the third detection method is that it needs to understand every source code fragment involving SQL statement submission on the web server, and needs to Targeted settings, poor universal applicability

Therefore, in summary, the methods for detecting SQL injection in the prior art have low precision or poor universality

Images