Unlock instant, AI-driven research and patent intelligence for your innovation.

Web injection attack detection method, device, electronic equipment and storage medium

A detection method and an injection technology, applied in the field of network security, can solve problems such as undetectable attacks and inability to adapt to changing network environments

Active Publication Date: 2021-08-13
北京深信服信息技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method of matching attack characteristics through regular expressions has the following disadvantages: every time a type of injection is found, a rule must be written to match the characteristics of this attack, so only known attacks can be detected but unknown ones cannot be detected. attacks, unable to adapt to the changing network environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web injection attack detection method, device, electronic equipment and storage medium
  • Web injection attack detection method, device, electronic equipment and storage medium
  • Web injection attack detection method, device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0042] Web application firewalls in related technologies mainly rely on regular expressions to match attack features, that is, feature matching is performed on each specific injection attack feature. For example, one of the SQL injection attacks is injection: UNION SELECT abc FROM table , can match with regular expressions: UNION[\x00-\x20]SELECT[\x00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application discloses a method for detecting a Web injection attack. The detection method includes obtaining a request message of a target network flow, and splitting the request message so as to determine the injection point corresponding to the target injection point in the request message. Text; determine whether the injection point text contains program code; if so, determine that there is a Web injection attack in the target network traffic. This application can detect unknown web injection attacks. The application also discloses a detection device for a Web injection attack, a computer-readable storage medium and an electronic device, which have the above beneficial effects.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a detection method and device for a Web injection attack, a computer-readable storage medium and an electronic device. Background technique [0002] According to statistics, Web injection attacks account for a very high proportion of all Web attacks, far exceeding other types of Web attacks. Web injection attacks are one of the more harmful types of Web attacks, mainly including SQL injection, XSS injection, and Struts2 remote code execution. This type of attack is essentially carried out by injecting program code, such as injecting SQL code, PHP code, Java code, JavaScript code, etc. The successfully injected program code will be executed in the WEB background or browser, causing serious security consequences . [0003] Web injection attacks are very harmful. A successful Web injection attack can cause the website server to crash, database data to leak, and even cause...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 王立明
Owner 北京深信服信息技术有限公司