Unlock instant, AI-driven research and patent intelligence for your innovation.

A detection method and device for sql injection attack

A technique for injecting attacks and clients, which is applied in the field of information security and can solve problems such as false detection and missed detection

Active Publication Date: 2022-02-22
NEW H3C SECURITY TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, in the actual detection process, experienced attackers can easily bypass the preset keywords to carry out SQL injection attacks, resulting in missed detection, and some legitimate clients carry preset keywords in HTTP requests. In the case of keywords, there will be false detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method and device for sql injection attack
  • A detection method and device for sql injection attack
  • A detection method and device for sql injection attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.

[0022] The terminology used in this application is for the purpose of describing particular embodiments only, and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides a method for detecting an SQL injection attack, the method comprising: when it is detected that any keyword in the preset keyword library is carried in the HTTP request sent by the client to the Web server, generating an Suspected SQL injection logs of IP addresses; and when a domain name matching the domain name carried in the DNS request sent by the database server is detected in the preset threat intelligence library, a suspicious domain name query log is generated; if the generated suspicious If the number of SQL injection logs reaches the set number, and it is detected that suspicious domain name query logs are generated within the set time period after each suspected SQL injection log is generated, it is determined that the client has successfully carried out an SQL injection attack. The embodiment of the present application can accurately detect whether the client has successfully carried out the SQL injection attack, and the phenomenon of missed detection and false detection will not occur.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a method and device for detecting SQL injection attacks. Background technique [0002] With the gradual development of the Internet, there are more and more websites providing various services, which provide great convenience to people's daily life. However, with the development of the Internet and the advancement of computer technology, there are more and more types of attacks on website systems and more and more frequent attacks. Among them, the structured query language (Structure Query Language, SQL) injection attack has gradually become one of the most frequent attack methods encountered by network systems. [0003] SQL injection attacks refer to security incidents in which attackers use SQL injection vulnerabilities in existing applications to inject malicious SQL commands into the background database engine for execution, thereby achieving the purpo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L61/4511
CPCH04L63/1416H04L63/1425H04L63/1466H04L61/4511
Inventor 马文强
Owner NEW H3C SECURITY TECH CO LTD