Database protection method and device, storage medium and computer equipment

Abstract

The invention discloses a database protection method and device, a storage medium and computer equipment, and the method comprises the steps of monitoring a target database operation function in a script interpreter, and capturing an SQL statement for accessing a target database; analyzing the SQL statement to obtain a statement structure of the SQL statement; and detecting whether the SQL statement is a database attack or not according to a preset SQL statement structure library and the statement structure of the SQL statement, and intercepting the database attack. According to the embodimentof the invention, the database attack is detected by utilizing the statement structure of the SQL statement, however, in the prior art, the database attack is generally determined by searching the attack features, and as all the attack features cannot be exhausted, an attacker can bypass attack detection only by changing the statement, false alarm or missing alarm is easily caused, and compared with the prior art, the risk that detection can be bypassed by changing statements does not exist, and accurate protection of database attacks can be achieved.

Description

technical field [0001] The present application relates to the technical field of database security, in particular to a database protection method and device, a storage medium, and computer equipment. Background technique [0002] SQL is the abbreviation of Structured Query Language (Structured Query Language), which is a special-purpose programming language. As a database query and programming language, it is used to access data and query, update and manage relational database systems; it is also The extension for database script files. SQL injection refers to inserting SQL commands into Web forms to submit or input query strings for domain names or page requests, and finally trick the server into executing malicious SQL commands. [0003] At present, there are two main defense methods for using databases to attack databases. One is through feature matching of WAF (Web Application Firewall). This product is deployed in front of Web applications and detects and analyzes requ...

AI Technical Summary

Problems solved by technology

[0003] At present, there are two main defense methods for using databases to attack databases. One is through feature matching of WAF (Web Application Firewall). This product is deployed in front of Web applications and detects and analyzes request packets sent to Web applications. to detect attacks; for example, when database attack characteristics such as ('or'1'='1) are found in the HTTP request traffic, it is intercepted and blocked; this protection method cannot exhaustively attack all attack characteristics, and it is difficult to deal with attacks Various encodings of the payload (for example, 'or'1'='1 is URL-encoded to '%20or%20'1'%20=%20'1)

Another way is through the database firewall. This product is deployed in front of the database and also uses attack signature matching for defense. However, compared with WAF, this product can obtain complete database execution statements (select name from userwhere id ='1'or'1'='1'), and the database execution statement no longer involves various encodings, so the attack characteristics can be clearly found, but the disadvantage is that it is impossible to list all the attack characteristics

[0004] Both of the above two methods can be regarded as judging whether it is an attack behavior through characteristics, so false positives or false negatives will occur. At present, an effective method that can improve the database attack recognition effect is needed

Images