CN107682315B - Method and device for setting SQL injection attack detection mode - Google Patents
Method and device for setting SQL injection attack detection mode Download PDFInfo
- Publication number
- CN107682315B CN107682315B CN201710790379.4A CN201710790379A CN107682315B CN 107682315 B CN107682315 B CN 107682315B CN 201710790379 A CN201710790379 A CN 201710790379A CN 107682315 B CN107682315 B CN 107682315B
- Authority
- CN
- China
- Prior art keywords
- detection mode
- character string
- setting
- detection
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computational Linguistics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a method for setting a SQL injection attack detection mode, which is characterized in that a first detection mode and a second detection mode are configured in advance, wherein the detection rule of the second detection mode is stricter than that of the first detection mode, and the method comprises the following steps: when an execution SQL statement has an error, extracting a character string of the execution error in the SQL statement; setting the detection mode to be a second detection mode when the character string with the execution error meets a preset second detection mode setting condition; and monitoring the duration after the last setting to be the second detection mode, and setting the detection mode to be the first detection mode when the duration exceeds the preset effective duration. According to the scheme, the detection mode is dynamically set according to the execution condition of the statement after the SQL injection attack detection, so that false alarm or missing alarm is avoided, and the detection effect is improved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for setting an SQL injection attack detection mode.
Background
SQL (Structured Query Language) is a standard data Query Language applied to a database, and when a user inputs a string in an input field of a web page or a client and performs a related operation, the input string is transmitted to a server, and the server constructs and executes an SQL statement, thereby implementing Query, insertion, update, and deletion of data in the database. However, if an attacker injects some SQL statements into the input character string, and maliciously tampers with the effect of the SQL statements constructed by the server, the server cannot distinguish and execute the tampered SQL statements, and then is attacked by SQL injection. In order to defend SQL injection attack, the input character string needs to be detected. A common detection method is to extract keywords from known injected SQL statements to form a regular expression, so as to detect whether an input string includes the injected SQL statements. The regular expressions formed by different keywords and operators have different detection effects.
In the prior art, when an input character string is detected, a detection mode is generally set as a standard mode, and for most cases, according to a regular expression used by the standard mode, an injected SQL statement can be detected without missing report. However, for some cases, for example, only one or two characters in an injected SQL statement, the standard pattern may be too loose, and false positives are likely to occur, the detection pattern should be set to a stricter pattern, and more keywords or operators with wider coverage are used to form a regular expression. However, other situations may be detected by using a more stringent mode, and false alarms may occur due to too stringent mode.
Disclosure of Invention
In view of this, the present application provides a method and a device for setting an SQL injection attack detection mode, and the technical scheme is as follows:
a method for setting a SQL injection attack detection mode is provided, a first detection mode and a second detection mode are configured in advance, wherein the detection rule of the second detection mode is stricter than that of the first detection mode, and the method comprises the following steps:
when an execution SQL statement has an error, extracting a character string of the execution error in the SQL statement;
setting the detection mode to be a second detection mode when the character string with the execution error meets a preset second detection mode setting condition;
and monitoring the duration after the last setting to be the second detection mode, and setting the detection mode to be the first detection mode when the duration exceeds the preset effective duration.
An SQL injection attack detection mode setting apparatus, the apparatus comprising:
the mode configuration module is used for configuring a first detection mode and a second detection mode in advance, wherein the detection rule of the second detection mode is stricter than that of the first detection mode;
the character string extraction module is used for extracting the character string with the execution error in the SQL statement when the execution of the SQL statement has the error;
the mode setting module is used for setting the detection mode to be a second detection mode when the character string with the execution error meets a preset second detection mode setting condition;
the duration monitoring module is used for monitoring the duration after the last time is set to be the second detection mode;
the mode setting module is further configured to set the detection mode to the first detection mode when the duration exceeds a preset valid duration.
According to the technical scheme, when the input character string is detected, the first detection mode with loose detection rules is adopted by default for detection, however, when the SQL sentence is executed in error, whether the injected SQL sentence is not detected in the first detection mode is judged according to the character string with the error, and SQL injection attack occurs is judged, if yes, the detection mode needs to be set to be the second detection mode with stricter detection rules, the effective duration of the second detection mode is set according to the actual situation, when the duration of detection in the second detection mode actually used exceeds the effective duration, the detection mode can be recovered and set to be the first detection mode, and meanwhile, in order to avoid false alarm caused by the stricter detection rules, the detection mode can be recovered and set to be the second detection mode. Namely, the detection mode is dynamically set according to the execution condition of the detected SQL statement, so that false alarm or missed alarm is avoided, and the detection effect is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application. Moreover, not all of the above-described effects need to be achieved by any of the embodiments in this application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the description of the embodiments will be briefly introduced below, and it is apparent that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a schematic flow chart of a method for setting an SQL injection attack detection mode according to the present application;
fig. 2 is a schematic structural diagram of an SQL injection attack detection mode setting apparatus according to the present application;
FIG. 3 is a first structural schematic diagram of a mode setting module of the present application;
fig. 4 is a second structural schematic diagram of the mode setting module of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be described in detail below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments that can be derived from the embodiments given herein by a person of ordinary skill in the art are intended to be within the scope of the present disclosure.
According to the method for setting the SQL injection attack detection mode, before the SQL injection attack detection is carried out, two levels of detection modes, namely a first detection mode and a second detection mode, are configured in advance. The two modes adopt detection rules of different levels, wherein the detection rule adopted by the first detection mode can be a relatively loose detection rule suitable for the general SQL injection attack situation, so that the probability of false alarm in the first detection mode is extremely low, but for some special situations, false alarm can occur. The detection rule adopted by the second detection mode is stricter than that adopted by the first detection mode, if the used regular expression is formed by operators with more keywords and wider coverage, the detection of the SQL injection attack is more comprehensive, the probability of missing report is extremely low, but the missing report can occur in general conditions.
Therefore, when the SQL injection attack detection is started, from the viewpoint of the detection practicability, the default detection mode may be set to the first detection mode that is applicable to the general situation and has a looser detection rule, and meanwhile, in the detection process, the first detection mode and the second detection mode are dynamically set according to the actual detection requirement.
Fig. 1 is a schematic flow chart of a method for setting an SQL injection attack detection mode according to the present application, which specifically includes the following basic steps:
s101, when an SQL statement is executed in an error, extracting a character string of the execution error in the SQL statement;
as mentioned above, when SQL injection attack detection is started, the first detection mode set by default can detect most injected SQL statements, for some cases, however, such as when there are only one or two characters in the injected SQL statement, the first detection mode may not be detectable, this injected SQL statement is passed to the server, which constructs the SQL statement to be executed, and calls the database execution interface to execute, but only one or two characters are in the SQL sentence injected by the method, the constructed SQL sentence is probably incomplete, therefore, when the database execution interface executes the incomplete SQL statement, an error occurs, and therefore, when the SQL statement is executed in error, the SQL injection attack which is not detected by the first detection mode is considered to be possible to occur, and further, the detection mode is set to be a second stricter detection mode, so that the defense of SQL injection attack is enhanced.
However, the SQL statements constructed by the input character strings by the server are incomplete and are executed incorrectly, which is not absolutely because the SQL statements are maliciously injected into the input character strings, but may be only incorrectly input by the user, or other normal input, that is, SQL injection attacks do not occur, in which case, the detection mode does not need to be set to the second, stricter detection mode. Therefore, when an execution SQL statement has an error, it is necessary to extract a character string of the execution error and further determine whether the execution error is an injected SQL statement, thereby determining whether a stricter detection mode needs to be set.
In one embodiment of the present application, a string of execution errors may be extracted from the data echoed in errors. When the SQL sentence executed by the database is wrong, the character string with the wrong execution is displayed back, and the application program embeds the character string with the wrong execution into the response data of the user and displays the response data back to the user.
S102, when the character string with the execution error meets a preset second detection mode setting condition, setting a detection mode as a second detection mode;
after the wrong character string is extracted, it is further determined whether the SQL injection attack has occurred, i.e., whether the character string is an injected SQL statement. When the character string is determined to be the injected SQL statement, in order to defend the attacker from continuing the attack in the same manner, the detection mode needs to be set to the second detection mode which is more strict, so as to enhance the defense against the SQL injection attack.
In a specific embodiment of the present application, a character string used for an attack may be extracted in advance from a known SQL injection attack with a high detection difficulty, so as to form an attack character string set. If the character string with the execution error is searched, the character string is shown to be the injected SQL sentence, namely the SQL injection attack is actually generated, and the detection mode can be set to be a stricter second detection mode according to the character string with the execution error which is searched and the SQL injection attack is actually generated. If the character string with the execution error is not retrieved, the character string is not the injected SQL statement, and the SQL injection attack may not occur, at this time, the detection mode does not need to be set to the second stricter detection mode, and the first detection mode can still be adopted.
In addition, the administrator of the application may also update the set of attack strings. For example, the administrator may manually monitor whether the character string with the execution error is the injected SQL statement, and determine whether a false judgment occurs, for example, a certain character string with the execution error is actually the injected SQL statement, but since the character string is not retrieved in the attack character string set, it is determined that the character string is not the injected SQL statement, that is, a false judgment occurs, and at this time, the administrator may add the character string into the attack character string set, so as to avoid a false judgment occurring again.
In another specific embodiment of the present application, statistics may be performed on the frequency of occurrence of the character string with the execution error, and before the SQL injection attack detection is performed, a frequency threshold is preset, so as to determine whether the detection mode needs to be set as the second detection mode during the detection. For example, before detecting the SQL injection attack, the frequency threshold may be preset to 10 times/minute, and if the number of times a certain execution error string occurs in a unit time is too many, for example, 12 times occur in one minute, it may be considered that an attacker is using the string to perform the SQL injection attack, and at this time, the detection mode needs to be set to the second stricter detection mode to avoid being attacked again.
It is understood that, in practical applications, a person skilled in the art may set the frequency threshold according to practical requirements, and the scheme provided in the present application is not limited thereto.
S103, monitoring the duration after the last setting to be the second detection mode, and setting the detection mode to be the first detection mode when the duration exceeds the preset effective duration.
Because an administrator of the application program may periodically repair the bug and update the system, and the detection rule adopted by the second detection mode is relatively strict, false alarms may occur in some cases, the second detection mode may not be required to be permanently used for detection after the detection mode is set as the second detection mode, and the detection mode may be set back as the first detection mode after the administrator performs corresponding maintenance according to the generated SQL injection attack, so as to avoid the occurrence of false alarms as much as possible. Therefore, the effective time length of the second detection mode can be set according to the requirements in practical application. For example, if the period for which the administrator updates the system is one week, the effective period of the second detection mode may be set to one week.
Meanwhile, the duration of the second detection mode can be detected, and the detection mode is set to be the first detection mode, wherein the duration exceeds the preset effective duration and is considered not to be attacked by the same SQL injection.
In addition, after the character string with the execution error occurs and the detection mode is set to the second detection mode, before the duration possibly does not exceed the effective duration, due to the occurrence of other character strings with the execution error, when the detection mode is set to the second detection mode again, the duration of the second detection mode can be monitored again, namely, the duration after the last time is set to the second detection mode is monitored, and when the vulnerability causing the last SQL injection attack is not repaired, the detection mode is set to the first detection mode, and the same attack is received again.
The timing for setting the effective duration of the second detection mode can be selected by those skilled in the art according to the actual application, and for example, the timing can be set before the detection and when the second detection mode is configured in advance, or the timing can be set when the detection mode is set as the second detection mode during the detection.
By applying the scheme of the application, after the SQL injection attack is detected, whether undetected SQL injection attack occurs or not is judged according to the execution condition of the statement under the mode that the detection rule is relatively loose, so that the detection mode can be dynamically set, the false alarm or the false alarm is avoided, and the detection effect is improved.
Corresponding to the above method embodiment, the present application further provides a device for setting an SQL injection attack detection mode, as shown in fig. 2, where the device may include:
a mode configuration module 110, configured to configure a first detection mode and a second detection mode in advance, where a detection rule of the second detection mode is stricter than a detection rule of the first detection mode;
the character string extraction module 120 is configured to, when an error occurs in an executed SQL statement, extract a character string of the execution error in the SQL statement;
a mode setting module 130, configured to set the detection mode to a second detection mode when the error-executed character string satisfies a preset second detection mode setting condition;
a duration monitoring module 140, configured to monitor a duration after the last time is set to the second detection mode;
the mode setting module 130 is further configured to set the detection mode to the first detection mode when the duration exceeds a preset valid duration.
In a specific embodiment of the present application, the character string extraction module 120 may be specifically configured to:
when the execution SQL statement generates error playback, extracting the character string of the execution error in the error playback.
In one embodiment of the present application, referring to fig. 3, the mode setting module 130 may include:
a string retrieving unit 131, configured to retrieve a string of the execution error from a preset set of attack strings;
a mode setting unit 132 configured to set the detection mode to a second detection mode when the execution error character string is retrieved.
In one embodiment of the present application, referring to fig. 4, the mode setting module 130 may further include:
a character string updating unit 133, configured to add the attack character string to the preset attack character string set when the attack character string input by the user is acquired.
In a specific embodiment of the present application, the mode setting module 130 may specifically be configured to:
and when the frequency of the character string with the execution error is not less than a preset threshold value, setting the detection mode to be a second detection mode.
In a specific embodiment of the present application, the preset valid duration may include:
presetting effective duration set in a second detection mode;
or
An effective time period set when the detection mode is set to the second detection mode.
The implementation process of the functions of each unit in the system is specifically described in the implementation process of the corresponding step in the method, and is not described herein again.
For the system embodiment, since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described system embodiments are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The foregoing is directed to embodiments of the present invention, and it is understood that various modifications and improvements can be made by those skilled in the art without departing from the spirit of the invention.
Claims (10)
1. A method for setting SQL injection attack detection mode, which is characterized in that a first detection mode and a second detection mode are configured in advance, wherein the detection rule of the second detection mode is stricter than that of the first detection mode, the method is applied to a database server, the database server is used for constructing and executing SQL sentences, and the method comprises the following steps:
when an execution SQL statement has an error, extracting a character string of the execution error in the SQL statement;
setting the detection mode to be a second detection mode when the character string with the execution error meets a preset second detection mode setting condition;
and monitoring the duration after the last setting to be the second detection mode, and setting the detection mode to be the first detection mode when the duration exceeds the preset effective duration.
2. The method according to claim 1, wherein the extracting the character string of the execution error in the SQL statement when the execution SQL statement has an error comprises:
when the execution SQL statement generates error playback, extracting the character string of the execution error in the error playback.
3. The method according to claim 1, wherein the setting the detection mode to the second detection mode when the character string with the execution error satisfies a preset second detection mode setting condition comprises:
retrieving the character string with the execution error in a preset attack character string set;
setting the detection mode to a second detection mode when the character string of the execution error is retrieved.
4. The method of claim 3, further comprising:
and when an attack character string input by a user is acquired, adding the attack character string into the preset attack character string set.
5. The method according to claim 1, wherein the setting the detection mode to the second detection mode when the character string with the execution error satisfies a preset second detection mode setting condition comprises:
and when the frequency of the character string with the execution error is not less than a preset threshold value, setting the detection mode to be a second detection mode.
6. The method of claim 1, wherein the preset effective duration comprises:
presetting effective duration set in a second detection mode;
or
An effective time period set when the detection mode is set to the second detection mode.
7. An apparatus for setting SQL injection attack detection mode, the apparatus being applied to a database server, the database server being configured to construct and execute SQL statements, the apparatus comprising:
the mode configuration module is used for configuring a first detection mode and a second detection mode in advance, wherein the detection rule of the second detection mode is stricter than that of the first detection mode;
the character string extraction module is used for extracting the character string with the execution error in the SQL statement when the execution of the SQL statement has the error;
the mode setting module is used for setting the detection mode to be a second detection mode when the character string with the execution error meets a preset second detection mode setting condition;
the duration monitoring module is used for monitoring the duration after the last time is set to be the second detection mode;
the mode setting module is further configured to set the detection mode to the first detection mode when the duration exceeds a preset valid duration.
8. The apparatus of claim 7, wherein the mode setting module comprises:
the character string retrieval unit is used for retrieving the character string with the execution error in a preset attack character string set;
a mode setting unit configured to set a detection mode to a second detection mode when the execution error character string is retrieved.
9. The apparatus of claim 8, further comprising:
and the character string updating unit is used for adding the attack character string into the preset attack character string set when the attack character string input by the user is acquired.
10. The apparatus of claim 7, wherein the mode setting module is specifically configured to:
and when the frequency of the character string with the execution error is not less than a preset threshold value, setting the detection mode to be a second detection mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710790379.4A CN107682315B (en) | 2017-09-05 | 2017-09-05 | Method and device for setting SQL injection attack detection mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710790379.4A CN107682315B (en) | 2017-09-05 | 2017-09-05 | Method and device for setting SQL injection attack detection mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107682315A CN107682315A (en) | 2018-02-09 |
| CN107682315B true CN107682315B (en) | 2020-11-06 |
Family
ID=61134515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710790379.4A Active CN107682315B (en) | 2017-09-05 | 2017-09-05 | Method and device for setting SQL injection attack detection mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107682315B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760083B (en) * | 2021-01-08 | 2024-04-12 | 腾讯科技(深圳)有限公司 | Method, device and storage medium for issuing attack detection file |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106503557A (en) * | 2016-07-08 | 2017-03-15 | 耿童童 | SQL injection attacks system of defense and defence method based on dynamic mapping |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964025B (en) * | 2009-07-23 | 2016-02-03 | 北京神州绿盟信息安全科技股份有限公司 | XSS detection method and equipment |
| CN102567546B (en) * | 2012-01-18 | 2014-03-12 | 北京神州绿盟信息安全科技股份有限公司 | Structured query language (SQL) injection detection method and SQL injection detection device |
| US9117077B2 (en) * | 2013-09-27 | 2015-08-25 | Bitdefender IPR Management Ltd. | Systems and methods for using a reputation indicator to facilitate malware scanning |
| CN105678167B (en) * | 2015-12-24 | 2019-03-22 | 北京奇虎科技有限公司 | Safety protecting method and device |
-
2017
- 2017-09-05 CN CN201710790379.4A patent/CN107682315B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106503557A (en) * | 2016-07-08 | 2017-03-15 | 耿童童 | SQL injection attacks system of defense and defence method based on dynamic mapping |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107682315A (en) | 2018-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8225402B1 (en) | Anomaly-based detection of SQL injection attacks | |
| CN102622435B (en) | A kind of method and apparatus for detecting black chain | |
| Gao et al. | Behavioral distance for intrusion detection | |
| CN103780614B (en) | A kind of SQL injection loophole method for digging based on simulated strike extension | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| CN104994091B (en) | Detection method and device, the method and apparatus of defence Web attacks of abnormal flow | |
| CN102045319B (en) | Method and device for detecting SQL (Structured Query Language) injection attack | |
| KR100912794B1 (en) | Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search | |
| KR102120232B1 (en) | Cyber targeted attack detect system and method using kalman-filter algorithm | |
| CN103679053B (en) | A kind of detection method of webpage tamper and device | |
| CN102567546A (en) | Structured query language (SQL) injection detection method and SQL injection detection device | |
| CN111628990A (en) | Attack recognition method and device and server | |
| CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
| EP3657374A1 (en) | Threat detection using artifact change analysis | |
| US20150074808A1 (en) | Rootkit Detection in a Computer Network | |
| CN112016096A (en) | XSS vulnerability auditing method and device | |
| CN107682315B (en) | Method and device for setting SQL injection attack detection mode | |
| KR102159399B1 (en) | Device for monitoring web server and analysing malicious code | |
| Hailesellasie et al. | Intrusion detection in PLC-based industrial control systems using formal verification approach in conjunction with graphs | |
| US10789159B2 (en) | Non-regressive injection of deception decoys | |
| US20210075812A1 (en) | A system and a method for sequential anomaly revealing in a computer network | |
| CN106953874B (en) | Website falsification-proof method and device | |
| CN103679024A (en) | Virus treating method and device | |
| US11671440B1 (en) | Detection failure monitoring system | |
| WO2021212739A1 (en) | Network attack defense method and apparatus, device, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210616 Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang. Patentee after: Hangzhou Dip Information Technology Co.,Ltd. Address before: 6 / F, Zhongcai building, 68 Tonghe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou DPtech Technologies Co.,Ltd. |
|
| TR01 | Transfer of patent right |