Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detecting method for structured query language injection attack and related devices

A structured query and injection attack technology, applied in the network field, can solve problems such as high false positive rate, prone to rule conflicts, and inability to guarantee full coverage of regular expressions

Active Publication Date: 2019-01-04
TENCENT TECH (SHENZHEN) CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, due to the many forms of SQL injection attacks and the variability of SQL injection attacks, it is impossible to guarantee that the regular expressions can fully cover all existing and possible forms of SQL injection attacks, resulting in SQL injection attacks. High false negative rate
Moreover, because the rules of the regular expression itself are relatively complex, rule conflicts are likely to occur between different regular expressions, so that the effects of different regular expressions affect or cancel each other, resulting in a high false positive rate for detecting SQL injection attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting method for structured query language injection attack and related devices
  • Detecting method for structured query language injection attack and related devices
  • Detecting method for structured query language injection attack and related devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The structured query language (Structured Query Language, SQL) injection attack detection method, device, server, and storage medium of the embodiment of the present application are suitable for detecting whether there is an SQL injection attack in an access request, so as to reduce false positives and false negatives in detecting SQL injection attacks rate, for example, to detect whether there is an SQL injection attack in the access request initiated to the website, so as to effectively defend against the SQL injection attack initiated to the website.

[0044]In order to solve the problem of high false alarm rate in detecting SQL injection attacks, this application generates a SQL attack database through SQL injection attack samples, and stores the probability of multiple attack phrases appearing in the SQL attack database in the SQL attack database. The attack phrase consists of at least one attack word segmented from the SQL injection attack sample. On this basis, b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detecting method for a structured query language (SQL) injection attack and related devices. According to the method, after a to-be-detected target character string is obtained, the target character string is segmented into a plurality of target words to obtain a word sequence constructed by successive arrangement of the plurality of target words; and according to probabilities of occurrence of a plurality of attack word groups in a pre-constructed SQL attack base, a first probability of formation of the word sequence by a plurality of attack words in the SQL attack base is determined. With the determined first probability, the possibility of belonging to the SQL injection attack by the target character string corresponding to the word sequence can be reflected accurately and thus the possibility of belonging to the SQL injection attack by the target character string can be detected accurately, so that a false detection rate and a missing report rate of detecting an SQL injection attack are reduced.

Description

technical field [0001] The present application relates to the field of network technology, in particular to a structured query language injection attack detection method and related equipment. Background technique [0002] Structured Query Language (SQL) injection attack is a common network attack. It adds SQL commands to query strings such as web page requests or input domain names, and finally tricks the server into executing malicious SQL commands. [0003] At present, the protection against SQL injection attacks mainly uses regular expressions, such as extracting the SQL statement to be detected from the access request, matching the extracted SQL statement with multiple pre-written regular expressions, and based on the regular expression The matching result analyzes whether the SQL statement belongs to a SQL injection attack. Detecting SQL injection attacks based on regular expressions relies on different regular expressions written by users based on various SQL injecti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F17/27
CPCG06F40/216G06F40/284H04L63/1416H04L63/1466
Inventor 申军利
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com