Supercharge Your Innovation With Domain-Expert AI Agents!

SQL (Structured Query Language) injection detection method and device

A detection method and syntax tree technology, applied in the field of information security, can solve problems such as weak detection ability of unknown SQL injection methods, inability to deal with injection methods, false negatives, etc., to improve detection accuracy, reduce false negatives, and enhance detection capabilities Effect

Pending Publication Date: 2022-05-06
BEIJING QIANXIN TECH +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the essence of extracting morpheme structure strings and standard structure strings is still a matching based on grammatical features. If the features are not comprehensive enough, false negatives will occur, and they cannot cope with new injection methods. The detection ability of the injection method is relatively weak

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL (Structured Query Language) injection detection method and device
  • SQL (Structured Query Language) injection detection method and device
  • SQL (Structured Query Language) injection detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0027] figure 1 It is a flowchart of an embodiment of a SQL injection detection method of the present invention. Such as figure 1 As shown, the method of the embodiment of the present invention includes:

[0028] S101. Receive a user request, where the user request includes at least one parameter, and for each parameter in the at least one para...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides an SQL (Structured Query Language) injection detection method and device. The method comprises the steps that a user request is received, the user request comprises at least one parameter, and for each parameter in the at least one parameter, at least one SQL statement corresponding to the at least one SQL template is constructed through the at least one preset SQL template; generating at least one syntax tree according to the at least one SQL statement; and comparing the at least one standard syntax tree corresponding to the at least one SQL template with the at least one syntax tree, and judging whether the user request is SQL injection or not according to a comparison result. The missing report of SQL injection is reduced, the detection accuracy is improved, and the detection capability of an unknown SQL injection mode is enhanced.

Description

technical field [0001] The invention relates to the field of information security, in particular to a SQL injection detection method and device. Background technique [0002] SQL injection is a commonly used and easy-to-implement web attack method. It adds SQL code to input parameters, and then passes it to the server for parsing and execution. At present, there are three main detection methods for SQL injection, rule-based, machine learning-based, and grammatical analysis-based. [0003] Currently, the syntax analysis SQL injection detection method is usually based on the syntax analysis SQL injection detection method. Usually based on syntax analysis, the SQL injection detection scheme recognizes the words entered by the user form, judges whether the words are keywords, variables, or variable names, forms a morpheme table, and extracts the morpheme structure string through the analysis of grammar rules. It is judged whether it is SQL injection by comparing the extracted ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F16/242G06F16/22
CPCG06F16/2433G06F16/2246
Inventor 刘大光
Owner BEIJING QIANXIN TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com