Structured query language injection attack detection method and related equipment
A technology of structured query and injection attack, applied in the network field, it can solve the problems of easy rule conflict, high false positive rate, and inability to guarantee full coverage of regular expressions, so as to reduce the false positive rate and false negative rate, and improve the detection rate. The effect of precision
Active Publication Date: 2021-07-27
TENCENT TECH (SHENZHEN) CO LTD
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] However, due to the many forms of SQL injection attacks and the variability of SQL injection attacks, it is impossible to guarantee that the regular expressions can fully cover all existing and possible forms of SQL injection attacks, resulting in SQL injection attacks. High false negative rate
Moreover, because the rules of the regular expression itself are relatively complex, rule conflicts are likely to occur between different regular expressions, so that the effects of different regular expressions affect or cancel each other, resulting in a high false positive rate for detecting SQL injection attacks
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0043] The structured query language (Structured Query Language, SQL) injection attack detection method, device, server, and storage medium of the embodiment of the present application are suitable for detecting whether there is an SQL injection attack in an access request, so as to reduce false positives and false negatives in detecting SQL injection attacks rate, for example, to detect whether there is an SQL injection attack in the access request initiated to the website, so as to effectively defend against the SQL injection attack initiated to the website.
[0044]In order to solve the problem of high false alarm rate in detecting SQL injection attacks, this application generates a SQL attack database through SQL injection attack samples, and stores the probability of multiple attack phrases appearing in the SQL attack database in the SQL attack database. The attack phrase consists of at least one attack word segmented from the SQL injection attack sample. On this basis, b...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
This application discloses a structured query language injection attack detection method and related equipment. In this method, after the target character string to be detected is obtained, the target character string is segmented into multiple target words, and multiple target words are obtained. Arranging the constructed word sequence in order of target words, and according to the respective occurrence probabilities of multiple attack phrases in the pre-built SQL attack database, the first probability that the word sequence is composed of multiple attack words in the SQL attack database can be determined. The first probability determined can more accurately reflect the possibility that the target character string corresponding to the word sequence belongs to the SQL injection attack, so that it can more accurately detect the possibility that the target character string belongs to the SQL injection attack. It is beneficial to reduce the false detection rate and false negative rate of detecting SQL injection attacks.
Description
technical field [0001] The present application relates to the field of network technology, in particular to a structured query language injection attack detection method and related equipment. Background technique [0002] Structured Query Language (SQL) injection attack is a common network attack. It adds SQL commands to query strings such as web page requests or input domain names, and finally tricks the server into executing malicious SQL commands. [0003] At present, the protection against SQL injection attacks mainly uses regular expressions, such as extracting the SQL statement to be detected from the access request, matching the extracted SQL statement with multiple pre-written regular expressions, and based on the regular expression The matching result analyzes whether the SQL statement belongs to a SQL injection attack. Detecting SQL injection attacks based on regular expressions relies on different regular expressions written by users based on various SQL injecti...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F40/216G06F40/284
CPCG06F40/216G06F40/284H04L63/1416H04L63/1466
Inventor 申军利
Owner TENCENT TECH (SHENZHEN) CO LTD