Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SQL injection statement transformation method based on context-independent grammar

A context and statement technology, applied in the field of network security, can solve the problems that SQL injection cannot be triggered normally, cannot guarantee functionality and maliciousness, and achieve the effect of avoiding functional damage

Pending Publication Date: 2022-02-11
ZHEJIANG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

From the perspective of security research, whether it is attacking or defending against SQL injection, the equivalent transformation of the injected statement is indispensable. The traditional method mainly focuses on the replacement based on regular matching, which cannot guarantee its functionality and maliciousness. Afterwards, SQL injection may not be triggered normally

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection statement transformation method based on context-independent grammar

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] Such as figure 1 As shown, the present invention is based on a context-free grammar SQL injection statement transformation method, by defining the start variable set, terminal symbol set, non-terminal symbol set, production formula, etc., to construct the context-free grammar, and then through the context-free grammar for SQL The injection statement generates a large number of equivalent transformations, making the transformation result of the SQL injection statement more realistic, that is, retaining its functionality and maliciousness. Specifically include the following steps:

[0019] (1) Construct a context-free grammar rule set G, including four parts: non-terminal symbol set V, terminal symbol set Σ, start variable set S, and production set R, namely G=(V,Σ,S,R).

[0020] (1.1) Construct a non-terminal set V, which is used to expand the generation range of SQL injection statements, representing the intermediate state, that is, the potential generation target.

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SQL injection statement transformation method based on context-independent grammar, which needs to generate a large amount of semantic equivalence transformation on an SQL injection statement during network security attack and defense research. On the basis of the improved context-independent grammar and in combination with semantic matching and other methods, infinite equivalence replacement in theory can be generated according to a single SQL injection statement, semantic equivalence is achieved, and functionality and maliciousness are reserved. According to the invention, the entry generated by replacement is matched by using a semantic-based mode, so that the SQL injection statement is processed in a finer-grained manner, and meanwhile, the damage of a regular matching method to the functionality of the SQL injection statement is avoided.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a method for transforming SQL injection sentences based on context-free grammar. Background technique [0002] With the continuous evolution and global deployment of the Internet, network services play an increasingly important role as social infrastructure in daily life. But on the other hand, they are also facing global threats from different places, different scales and through different means. Common web threats include SQL injection, cross-site scripting, cross-site request forgery, distributed denial of service, and more. SQL (Structured Query Language) injection is one of the most common and threatening attack methods. Attackers exploit security vulnerabilities by performing SQL queries on databases to directly access unauthorized information, create or modify new user permissions, or otherwise manipulation of sensitive information. [0003] As the core content...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/64
CPCG06F21/554G06F21/64
Inventor 吴春明曲振青凌祥陈双喜张江瑜吴至禹
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com