Unlock instant, AI-driven research and patent intelligence for your innovation.

SQL injection attack detection method and device

A technology for injecting attacks and predicting values, which is applied in the field of web security and can solve problems such as memory pressure and poor performance

Pending Publication Date: 2022-01-11
HUAWEI CLOUD COMPUTING TECH CO LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection technique relies heavily on the experience of security experts, so it is very poor at identifying unknown attack types
For new data, this detection method needs to retrain the model after merging the new data with the old training data. As the training data set becomes larger and larger, model training requires more and more time and will cause huge pressure on memory.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection attack detection method and device
  • SQL injection attack detection method and device
  • SQL injection attack detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The following will describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0047] It should be understood that in the various embodiments of the present application, "first", "second", "third", "fourth" and so on are only used to refer to different objects, and do not mean that Other restrictions.

[0048] Since the embodiment of the present application involves a large number of technical terms, for ease of understanding, the following first introduces related terms and concepts that may be involved in the embodiment of the present application.

[0049] 1. Structured query lan...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a structured query language (SQL) injection attack detection method and device. The method comprises the following steps: obtaining a prediction value of a first neural network model, wherein the prediction value is a probability that training samples are SQL injection attacks; obtaining a first training sample set, wherein the first training sample set comprises multiple first training samples, and the probability of the multiple first training samples for SQL injection attacks is larger than a first preset threshold value; obtaining a second training sample set, wherein the second training sample set comprises multiple second training samples, and the multiple second training samples are training samples which are manually marked in the first training sample set as SQL injection attacks; taking the second training sample set as input of the first neural network model, and performing incremental training on parameters of the first neural network model to obtain a second neural network model. According to the technical scheme, the detection accuracy of SQL injection attacks can be improved, and the missing report rate and the false report rate are reduced.

Description

technical field [0001] The present application relates to the field of Web security, and more specifically, relates to a method, device and computing device for detecting SQL injection attacks of structured query statements. Background technique [0002] Structured query language (structured query language, SQL) injection attack is one of the common methods used by hackers to attack databases. SQL injection vulnerabilities can affect any website or web application that uses an SQL database. Criminals may use it to gain unauthorized access to users' sensitive data: customer information, personal data, trade secrets, intellectual property, etc. SQL injection attacks are one of the oldest, most popular, and most dangerous web page (Web) application vulnerabilities. [0003] In a related technical solution, a keyword-based detection method and a rule-based method are used to detect whether SQL keywords and special symbols are included, thereby detecting SQL injection attacks. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55
CPCG06F21/552G06F21/554
Inventor 石晓辉蒋振超柳敬武
Owner HUAWEI CLOUD COMPUTING TECH CO LTD