Unlock instant, AI-driven research and patent intelligence for your innovation.

SQL injection attack detection method and system, and computer processing device

An injection attack and detection method technology, applied in the Internet field, can solve the problems of low accuracy, high false positive rate, and low SQL detection accuracy, and achieve the effect of accurate detection and precise SQL injection attack.

Active Publication Date: 2017-12-12
SHENZHEN POWER SUPPLY BUREAU
View PDF2 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the diversity of SQL statements, the first type has a high false positive rate. Although the second type uses regular matching to reduce the false positive rate, the accuracy of SQL detection is still low. The third type requires the server to learn legal SQL statements. Otherwise, the legal SQL statement will be treated as an illegal SQL statement, which also has the problem of low accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection attack detection method and system, and computer processing device
  • SQL injection attack detection method and system, and computer processing device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] Although the flowcharts describe operations as sequential processing, many of the operations may be performed in parallel, concurrently, or simultaneously. The order of operations can be rearranged. A process may be terminated when its operations are complete, but may also have additional steps not included in the figure. A process may correspond to a method, function, procedure, subroutine, subroutine, or the like.

[0043] Computer equipment includes user equipment and network equipment. Among them, user devices or clients include but not limited to computers, smart phones, PDAs, etc.; network devices include but not limited to a single network server, a server group composed of multiple network servers, or a cloud computing-based network composed of a large number of computers or network servers. cloud. The computer equipment can operate independently to realize the present invention, and can also access the network and realize the present invention through the mu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an SQL injection attack detection method. The method comprises the steps of obtaining a to-be-detected SQL; decomposing the to-be-detected SQL into multiple SQL samples according to a preset rule; inputting the SQL samples to corresponding quantities of preset decision models respectively to obtain decision results; and comparing the decision results corresponding to the SQL sample quantities, and according to a comparison result, judging whether the to-be-detected SQL is an injection attack or not. In the way, the obtained SQL can be decomposed into the SQL samples; all the samples are processed to obtain the decision results; and whether the SQL injection attack exists or not is determined according to the quantity of the decision results, so that the SQL injection attack is detected more accurately.

Description

technical field [0001] The present invention relates to the technical field of the Internet, in particular to a detection method, system and computer processing equipment for SQL injection attacks. Background technique [0002] In recent years, SQL injection attacks have always occupied the top three Web security threats. Through SQL injection attacks, attackers can achieve illegal purposes such as website rooting, web page tampering, information theft, and intranet penetration. Therefore, SQL injection attacks seriously affect the security and normal operation of the Web. [0003] The so-called SQL injection is to insert SQL commands into Web forms to submit or input query strings for domain names or page requests, and finally trick the server into executing malicious SQL commands. Specifically, it is the ability to use existing applications to inject malicious SQL commands into the background database engine for execution. It can obtain a database on a website with securi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/62
CPCG06F21/56G06F21/6218
Inventor 张珣
Owner SHENZHEN POWER SUPPLY BUREAU