Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for detecting SQL injection vulnerabilities of power information system

A vulnerability detection and power information technology, applied in transmission systems, electrical components, etc., can solve problems such as false negatives, difficulty in detecting SQLIV, and failure to consider the correlation of detection responses.

Active Publication Date: 2020-04-24
NANKAI UNIV +2
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On this basis, many studies have improved the detection effect by combining the black and white boxes of static code analysis, but the dependence on the source code limits its application in many actual detection scenarios, so SQLIV black box penetration testing research is of paramount importance
[0005] In the traditional black-box penetration testing methods, some methods focus on improving the detection response analysis ability by improving the vulnerability feature recognition method, but most of them do not consider the correlation between different detection responses, so it is difficult to detect complex inference-based SQLIV, thus easy to introduce certain false negatives
On the other hand, some methods increase the coverage of SQLIV detection by expanding the detection pattern library or improving the attack generation method. Most of them use sequential or random enumeration, which also does not take into account the logical relationship between test cases, thereby increasing the introduction of Likelihood of False Positives
Other works use modeling methods such as the attack tree model to carry out their research, but they also do not take into account the logic and timing issues contained in complex vulnerabilities, which are easy to introduce false positives and false negatives. Therefore, traditional detection methods are not suitable for SQL injection vulnerability detection low precision

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting SQL injection vulnerabilities of power information system
  • Method and system for detecting SQL injection vulnerabilities of power information system
  • Method and system for detecting SQL injection vulnerabilities of power information system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0077] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0078] In order to make the above objectives, features and advantages of the present invention more obvious and understandable, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0079] SQL injection vulnerability is a kind of code injection vulnerability. When the attack code carefully constructed by the attacker can reach the database through the injectio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and a system for detecting SQL injection vulnerabilities of power information system. The detection method comprises the steps of obtaining semantic features of testcases of SQL injection vulnerabilities according to logic semantic features of SQL statements, different semantic features corresponding to different test actions; constructing a test case corresponding to each semantic feature and a security feature extension finite-state machine model based on SQL injection vulnerability black-box penetration test rules according to the semantic features, wherein the security feature extension finite-state machine model comprises a response state and a state conversion rule of each test case; and according to the test case, detecting an SQL injection vulnerability of a to-be-detected system by adopting the security feature extension finite-state machine model to obtain a vulnerability evidence. According to the invention, the detection precision of the SQL injection vulnerability can be improved.

Description

Technical field [0001] The present invention relates to the field of electric power information security, in particular to a method and system for detecting SQL injection loopholes in electric power information systems. Background technique [0002] The security problem of electric power data has become particularly severe with the access of electric power information network and the Internet. How to effectively analyze and detect security vulnerabilities and their characteristics has become a crucial issue. Among them, SQL injection vulnerabilities are one of the most serious vulnerabilities, and they are showing increasingly higher concealment, logic and timing. Traditional vulnerability detection and feature analysis methods can no longer meet its detection requirements, resulting in detection The problem of insufficient accuracy. [0003] As the power information system is connected to the Internet, the data and type and scale it contains have become more and more complex, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/1466
Inventor 许静刘磊朱静雯高红灿过辰楷崔洁李洁张国强陈亮林永峰石伟
Owner NANKAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products