CN110032862A - A kind of data dynamic protection method and device of anticollision library attack - Google Patents
A kind of data dynamic protection method and device of anticollision library attack Download PDFInfo
- Publication number
- CN110032862A CN110032862A CN201910258817.1A CN201910258817A CN110032862A CN 110032862 A CN110032862 A CN 110032862A CN 201910258817 A CN201910258817 A CN 201910258817A CN 110032862 A CN110032862 A CN 110032862A
- Authority
- CN
- China
- Prior art keywords
- attribute
- authentication
- dynamic
- priv
- authentication secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Abstract
The present invention relates to a kind of data dynamic protection method and devices of anticollision library attack, the database store structure of authentication storage information is changed to double tables by single table by method, it is isolated and obscures certification entity and discloses attribute and authentication secret attribute, certification entity, which discloses, does not include any and associated field of authentication secret attribute list in attribute list, the major key of authentication secret attribute list is dynamic hash value, the double tables of database are inquired when application system is authenticated, dynamic calculating discloses the corresponding certification entity of attribute with certification entity and discloses attribute hash value;Safety device based on this method is deployed in database front-end, safeguards the update of double tables and calculates inquiry.The present invention change the open attribute of traditional certification be associated with by force with authentication secret attribute, the mode of static binding, it is proposed the data protection technology that Sensitive Attributes separation and dynamic update, the authentication record information in differentiation data library, database leakage is reduced to greatest extent to cause to hit the influence of library attack, ensures the safety of website and Verification System.
Description
Technical field
The present invention relates to a kind of anticollision library attack method and devices, and in particular to the data for being related to a kind of anticollision library attack are dynamic
State means of defence and device, belong to computer network security field.
Background technique
Internet has goed deep into the method face face of human society, everyone is dependent on more and more Internet applications and carrys out work
Make, entertain and lives.Man memory is limited, therefore in order to reduce brain burden, simplify register, multiple website settings are similar
The situation that username and password or even a set of account password log in all Internet applications is extremely widespread, this is also hacker attack
It offers convenience, there are huge security risks.Wherein hit library attack coverage it is wide, difficulty is low, harm is big, become internet and answer
Important threat.Library attack is associated there are three concept with hitting: Tuo Ku, Xi Ku, hitting library." dragging library " refers to that attacker invades certain
Database duplicate copy comprising largely registering user account information is come out the row stolen by website or network application server
To be also possible to the batch in such a way that network hole is by database injection attacks and obtaining a large amount of login accounts in database, " drag
The partials in library " are also referred to as " de- trousers ".After obtaining a large amount of user data, attacker can be by a series of technological means and black
Color industrial chain cashes valuable user data, this is generally also referred to as " washing library "." hitting library " " drags in attacker's successful implementation
Library " obtains a large number of users and encrypted message afterwards, is also possible to generate by collecting the user and encrypted message that internet has been revealed
Corresponding attack dictionary table, batch " trial " log in other websites, final " hitting big fortune " " examination " go out some users that can be logged in
Name, password, to invade other web station systems.
Library is dragged to occur information leakage, information leakage and to hit library attack be the relationship for complementing each other, promoting each other.Information is let out
It is frequently accompanied by after dew event and hits the new outburst of library attack;And hitting the most direct harm of library attack is to cause more serious letter
Breath leakage.In recent years, it the information leakage in global range and hits library event and grows in intensity.Electric business website, social network sites, travel network
Stand, aircraft high-speed rail ticketing website etc. large-scale website and application, usually single leakage account just reach it is millions of, tens million of in addition on
Hundred million.User information behind library is dragged to propagate rapidly on the internet, it is more huge that consequent hits library attack quantity.According to CDN factory
Quotient Akamai statistics is hit library attack malice and is logged in just more than 30,000,000,000 times/year.It is unquestionable lower than the meaning for hitting library attack.
A kind of scheme is the password protection of reinforcement account.Preventing weak passwurd is the important method for protecting account number safety.Although
Weak passwurd is one of risk of web portal security, and still, only reinforcing password intensity cannot prevent from hitting library attack.Once registering
The information leakage of account, then complicated strong password is all to be copied directly to use in dictionary library in hitting library attacker, therefore
It not can avoid and hit library attack yet.
The technique study and solution for more preventing from hitting library are mainly using setting challenge code, control login times, inspection
Degree is attacked and destroy in the violence that the technologies such as list IP logon account quantity are surveyed to attempt to weaken when hitting library attack.However attacker also have it is many
Mode evades these detections.The actual position for hitting library attacker and hiding using Agent IP oneself avoids being detected and being traced back by source IP
Source tracking.Secondly, Botnet is an important method for implementing large-scale concurrent attack, single corpse node simulation is normal
The behavior and frequency that client logs in, the Brute Force for reaching high concurrent on the whole hit library attack.There is challenge even for those
Code also has the protectiving scheme strictly limited to whole concurrent amount of access, and attacker can also be coped with using " slowly attack ".This
The strategy of kind of " low speed wait a moment speed ", per a few minutes only send a login attempt, initiate thousands of times malice in one week altogether and log in
It attempts, has used different user agents and largely acted on behalf of IP address.This low frequency behavior is difficult to, and leads to attacker
It can hide for a long time, realize target.
Comparative analysis is it is found that such as above-mentioned means of defence is all the safety defense method carried out after information leakage, only
Passive counter-measure can be done for the behavior that log in is attempted, not solve the fact that leakage information is utilized, hit library resisting and attack
It is limited to hit aspect effect.If can be on the defensive from the source for hitting library, namely before information leakage, before dragging library attack to occur
Dynamic protection just is carried out to the registration user information in database, the row that will be abused, usurp, misapply from essence torsion information
Just to play the effect of Initiative Defense before hitting library attack and occurring, the defence pattern for hitting library attack will be reversed, reached
More effective protection effect.
Summary of the invention
In view of this, the invention discloses a kind of data dynamic protection method and device of anticollision library attack, method will be deposited
The database store structure for storing up authentication information is changed to double tables by single table, is isolated and obscures certification entity disclosing attribute and authentication secret
Attribute, certification entity, which discloses, does not include any and associated field of authentication secret attribute list, authentication secret attribute list in attribute list
Major key be dynamic hash value, the double tables of database are inquired when application system is authenticated, dynamic calculating is disclosed with certification entity
The corresponding certification entity of attribute discloses attribute hash value;Safety device based on this method is deployed in database front-end, dimension
It protects the update of double tables and calculates inquiry.The present invention, which changes traditional certification and discloses attribute, to be associated with by force with authentication secret attribute, is quiet
The mode of state binding proposes the data protection technology that Sensitive Attributes separation and dynamic update, the authentication record in differentiation data library
Information can reduce database leakage to the maximum extent and cause to hit the influence of library attack, ensure the safety of website and Verification System.
Technical scheme is as follows: a kind of data dynamic protection method of anticollision library attack, step include:
1) two tables are created in the database, and the storage organization of authentication storage information is changed to double tables by single table, is respectively authenticated
Entity discloses attribute list (Pub table) and authentication secret attribute list (Priv table);
2) authentication information is that the certification of each record discloses attribute data deposit Pub table in deposit database, chooses a category
Property be major key, authentication secret attribute data be stored in Priv table, set up a dynamic hash value be major key;
3) data base querying of user authentication compares, and the certification first inquired in Pub table discloses attribute value, by authenticating open attribute value
A dynamic hash value is calculated with major key to match with the major key in Priv table, finds authentication secret attribute value;
4) when updating authentication record, while corresponding record in Pub table and Priv table is updated;
5) dynamic hash value in Priv table is periodically independently replaced, not synchronous with Pub table.
Further, the certification entity discloses every a line in attribute list (Pub table) and stores a record, contains one
Or multiple open attributes, but all properties are not directly linked the record in Priv table.
Further, the authentication secret attribute list (Priv table) is only comprising two column: one is classified as dynamic hashing attribute, based on
Key attribute: second is classified as authentication secret attribute.
Further, the authentication secret attribute number W is greater than 1, then does extended below:
1) database is extended to W+1 table by double tables;
2) certification of each record discloses attribute data and is still stored in Pub table, and choosing an attribute is major key;
3) 1 to W authentication secret attribute, each respectively be stored in Priv1, Priv2 ... in RrivW table, each table be two
Column, one is classified as dynamic hashing attribute, and be primary key attribute: second is classified as authentication secret attribute.
Further, the dynamic hashing attribute can be by being calculated as follows:
1) database owner's unique string (such as company name abbreviation): Sco is chosen;
2) time Tv and current time Tn progress and fortune that a Priv table independently replaces dynamic hashing attribute next time are chosen
Calculation obtains time fixed value Ts:Ts=(Tv | Tn);
3) the Major key Kp for the open attribute of certification that any row records in Pub table, calculates authentication secret attribute in corresponding Priv table
Dynamic hashing Kv:Kv=Hash (Kp+Sco+Ts) of the row at place, wherein Hash is one-way hash function.
Further, at regular intervals, recalculate and replace the Kv and random permutation in authentication secret attribute list
Authenticate the row sequence of private attribute record.
The present invention also proposes that a kind of data dynamic protection device of anticollision library attack, including authentication database multilist manage mould
Block, authentication information recording module, authentication information inquire computing module, authentication secret attribute list dynamic update module:
The authentication database multilist management module carries out creation table according to the quantity of authentication secret attribute, when only one is recognized
When demonstrate,proving secrecy, it is created that double tables more generally when there are W cryptographic properties, are created that W+1 table, wherein
One of for certification entity attribute list (Pub table) is disclosed, remaining is all authentication secret attribute list (Priv table);
New certification entity is disclosed attribute data and deposited by the authentication information recording module after receiving authentication information warehouse-in instruction
Pub table is stored up, authentication secret attribute is stored into Priv table, and calculate and add the major key dynamic hash value Kv in Priv table;
The authentication information inquires computing module, and the certification first inquired in Pub table discloses attribute value, by authenticate open attribute value and
Major key calculates a dynamic hash value and matches with the major key in Priv table, finds authentication secret attribute value;
The authentication secret attribute list dynamic update module, when for updating authentication record, while updating in Pub table and Priv table
Corresponding record also executes the time cycle according to setting, recalculates and replace the Kv in authentication secret attribute list, and random
The row sequence of displacement certification private attribute record.
The beneficial effects of the present invention are:
The present invention provides a kind of data dynamic protection method and apparatus of anticollision library attack, change traditional database using single
Table stores the strategy of user authentication information, but creates double tables or multilist in data according to the quantity of authentication password attribute, point
Other authentication storage entity discloses attribute and authentication secret attribute, and the double tables of database, dynamic are inquired when application system is authenticated
Calculating discloses the corresponding certification entity of attribute with certification entity and discloses attribute hash value.By this method and device, it is isolated and mixed
The certification entity that confused discloses attribute and authentication secret attribute, the differentiation authentication record information of database, can be to greatest extent
A possibility that library attack utilizes is hit after reducing database leakage in ground.The present invention realizes the dynamic of database before information leakage
To obscure, dynamic protection is carried out to the registration user information in database, defence can inherently resist information and be abused, usurp,
Torsion Passive Defence hits the post situation of library attack, greatly improves protection effect.
Detailed description of the invention
Attached drawing 1 is the configuration diagram of the data dynamic protection device of anticollision library attack of the present invention.
Specific embodiment
The invention will be further described with reference to the accompanying drawings and examples:
The data dynamic protection device of the attack of anticollision library disclosed in one embodiment of the invention, the steps include:
1) before protective device being placed in database, log database management the characteristics of according to authentication information, enables authentication data
Library multilist management module creates double tables or multilist in the database, specifically: when only one authentication secret attribute,
It is created that double tables more generally when there are W cryptographic properties, are created that W+1 table, one of them is public for certification entity
Attribute list (Pub table) is opened, remaining is all authentication secret attribute list (Priv table);
2) when receiving authentication information warehouse-in instruction, new certification entity is disclosed attribute data and deposited by starting card data input module
Pub table is stored up, authentication secret attribute is stored into Priv table, and calculate and add the major key dynamic hash value Kv in Priv table;
3) when receiving authentication challenge instruction, starting authentication information inquires computing module, and the certification first inquired in Pub table discloses category
Property value, calculated a dynamic hash value by authenticating open attribute value and major key and matched with the major key in Priv table, find authenticate it is secret
Close attribute value;
4) authentication secret attribute list dynamic update module, when for updating authentication record, while update it is right in Pub table and Priv table
It should record, also execute the time cycle according to setting, recalculate and replace the Kv in authentication secret attribute list, and set at random
Change the row sequence of certification private attribute record.
The data dynamic protection method and device attacked below by way of specific example anticollision library in attached drawing is carried out into one
The explanation of step:
As shown in the picture, a kind of data dynamic protection device of anticollision library attack, comprising: authentication database multilist management module,
Authentication information recording module, authentication information inquire computing module, authentication secret attribute list dynamic update module;Its key step packet
It includes:
1, the authentication database multilist management module carries out creation table according to the quantity of authentication secret attribute:
A) when only one authentication secret attribute, it is created that double tables, respectively certification entity disclose attribute list (Pub table)
With authentication secret attribute list (Priv table);
B) when authentication secret attribute more than one, it is created that multilist;
C) more generally, when having W secrecy, it is created that W+1 table, one of them discloses attribute for certification entity
Table (Pub table), remaining is all authentication secret attribute list (Priv table);
2, new certification entity is disclosed attribute data after receiving authentication information warehouse-in instruction by the authentication information recording module
Pub table is stored, authentication secret attribute is stored into Priv table, and calculate and add the major key dynamic hash value Kv in Priv table:
A) certification of each record discloses attribute data deposit Pub table, and choosing an attribute is major key;
B) 1 to W authentication secret attribute, each respectively be stored in Priv1, Priv2 ... in RrivW table, each table be two
Column, one is classified as dynamic hashing attribute, and be primary key attribute: second is classified as authentication secret attribute;
C) following several parameters: database owner's unique string Sco, Ts transformation period are provided in device;
D) the Major key Kp for the open attribute of certification that any row records in Pub table, calculates authentication secret attribute in corresponding Priv table
Dynamic hashing Kv:Kv=Hash (Kp+Sco+Ts) of the row at place, wherein Hash is one-way hash function;
3, the authentication information inquires computing module, receives authentication challenge instruction and completes the operation of authentication information matching inquiry:
A) certification first inquired in Pub table discloses attribute value;
B) it is calculated a dynamic hash value by authenticating open attribute value and major key and is matched with the major key in Priv table, find certification
Secrecy value;
C) result whether inquiry hits is returned;
4, the authentication secret attribute list dynamic update module, for updating database table:
A) when the authentication information for having record changes, while corresponding record in Pub table and Priv table is updated;
B) according to dynamic period renewal time of setting, recalculate and replace the Kv in authentication secret attribute list;
C) the row sequence of random permutation certification private attribute record.
The purpose of the above described specific embodiments of the present invention is use for a better understanding of the present invention, is not constituted
Limiting the scope of the present invention.Any modification made within the spirit and principles in the present invention essence deforms and is equal
Replacement etc., all should belong within scope of protection of the claims of the invention.
Claims (7)
1. a kind of data dynamic protection method of anticollision library attack, step include:
1) two tables are created in the database, and the storage organization of authentication storage information is changed to double tables by single table, is respectively authenticated
Entity discloses attribute list (Pub table) and authentication secret attribute list (Priv table);
2) authentication information is that the certification of each record discloses attribute data deposit Pub table in deposit database, chooses a category
Property be major key, authentication secret attribute data be stored in Priv table, set up a dynamic hash value be major key;
3) data base querying of user authentication compares, and the certification first inquired in Pub table discloses attribute value, by authenticating open attribute value
A dynamic hash value is calculated with major key to match with the major key in Priv table, finds authentication secret attribute value;
4) when updating authentication record, while corresponding record in Pub table and Priv table is updated;
5) dynamic hash value in Priv table is periodically independently replaced, not synchronous with Pub table.
2. the data dynamic protection method of anticollision library attack as described in claim 1, which is characterized in that the certification entity is public
It opens every a line in attribute list (Pub table) and stores a record, containing one or more open attributes, but all properties are not straight
Connect the record in association Priv table.
3. the data dynamic protection method of anticollision library attack as described in claim 1, which is characterized in that the authentication secret category
Property table (Priv table) only comprising two column: one is classified as dynamic hashing attribute, be primary key attribute: second is classified as authentication secret attribute.
4. the data dynamic protection method that the anticollision library as described in claim 1-3 is attacked, which is characterized in that the authentication secret
Attribute number W is greater than 1, then does extended below:
1) database is extended to W+1 table by double tables;
2) certification of each record discloses attribute data and is still stored in Pub table, and choosing an attribute is major key;
3) 1 to W authentication secret attribute, each respectively be stored in Priv1, Priv2 ... in RrivW table, each table be two
Column, one is classified as dynamic hashing attribute, and be primary key attribute: second is classified as authentication secret attribute.
5. the data dynamic protection method that the anticollision library as described in claim 1 or 3 or 4 any one is attacked, which is characterized in that
The dynamic hashing attribute can be by being calculated as follows:
1) database owner's unique string (such as company name abbreviation): Sco is chosen;
2) time Tv and current time Tn progress and fortune that a Priv table independently replaces dynamic hashing attribute next time are chosen
Calculation obtains time fixed value Ts:Ts=(Tv | Tn);
3) the Major key Kp for the open attribute of certification that any row records in Pub table, calculates authentication secret attribute in corresponding Priv table
Dynamic hashing Kv:Kv=Hash (Kp+Sco+Ts) of the row at place, wherein Hash is one-way hash function.
6. the data dynamic protection method of anticollision library attack as claimed in claim 5, which is characterized in that at regular intervals,
Recalculate and replace the Kv in authentication secret attribute list, and the row sequence of random permutation certification private attribute record.
7. a kind of data dynamic protection device of anticollision library attack, including the record of authentication database multilist management module, authentication information
Enter module, authentication information inquiry computing module, authentication secret attribute list dynamic update module:
The authentication database multilist management module carries out creation table according to the quantity of authentication secret attribute, when only one is recognized
When demonstrate,proving secrecy, it is created that double tables more generally when there are W cryptographic properties, are created that W+1 table, wherein
One of for certification entity attribute list (Pub table) is disclosed, remaining is all authentication secret attribute list (Priv table);
New certification entity is disclosed attribute data and deposited by the authentication information recording module after receiving authentication information warehouse-in instruction
Pub table is stored up, authentication secret attribute is stored into Priv table, and calculate and add the major key dynamic hash value Kv in Priv table;
The authentication information inquires computing module, and the certification first inquired in Pub table discloses attribute value, by authenticate open attribute value and
Major key calculates a dynamic hash value and matches with the major key in Priv table, finds authentication secret attribute value;
The authentication secret attribute list dynamic update module, when for updating authentication record, while updating in Pub table and Priv table
Corresponding record also executes the time cycle according to setting, recalculates and replace the Kv in authentication secret attribute list, and random
The row sequence of displacement certification private attribute record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910258817.1A CN110032862B (en) | 2019-04-01 | 2019-04-01 | Dynamic data protection method and device for preventing database attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910258817.1A CN110032862B (en) | 2019-04-01 | 2019-04-01 | Dynamic data protection method and device for preventing database attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110032862A true CN110032862A (en) | 2019-07-19 |
| CN110032862B CN110032862B (en) | 2022-12-16 |
Family
ID=67237039
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910258817.1A Active CN110032862B (en) | 2019-04-01 | 2019-04-01 | Dynamic data protection method and device for preventing database attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110032862B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110457948A (en) * | 2019-08-13 | 2019-11-15 | 中科天御(苏州)科技有限公司 | A kind of dynamic data means of defence and system based on store instruction randomization |
| CN113726764A (en) * | 2021-08-27 | 2021-11-30 | 杭州溪塔科技有限公司 | Private data transmission method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100043057A1 (en) * | 2006-09-20 | 2010-02-18 | Universita' Degli Studi Roma Tre | Method for dynamic secure management of an authenticated relational table in a database |
| CN102158494A (en) * | 2011-04-18 | 2011-08-17 | 电子科技大学 | Low-cost radio frequency identification (RFID) security authentication protocol capable of shielding illegal reader-writer |
| US20110264908A1 (en) * | 2008-10-31 | 2011-10-27 | Chengdu Huawei Symantec Technologies Co., Ltd. | Method and device for preventing network attacks |
| CN108170753A (en) * | 2017-12-22 | 2018-06-15 | 北京工业大学 | A kind of method of Key-Value data base encryptions and Safety query in shared cloud |
| CN108345801A (en) * | 2018-02-09 | 2018-07-31 | 南京邮电大学 | A kind of middleware dynamic user authentication method and system towards ciphertext database |
| CN109379338A (en) * | 2018-09-19 | 2019-02-22 | 杭州安恒信息技术股份有限公司 | A kind of recognition methods of Web application system SessionID attack |
-
2019
- 2019-04-01 CN CN201910258817.1A patent/CN110032862B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100043057A1 (en) * | 2006-09-20 | 2010-02-18 | Universita' Degli Studi Roma Tre | Method for dynamic secure management of an authenticated relational table in a database |
| US20110264908A1 (en) * | 2008-10-31 | 2011-10-27 | Chengdu Huawei Symantec Technologies Co., Ltd. | Method and device for preventing network attacks |
| CN102158494A (en) * | 2011-04-18 | 2011-08-17 | 电子科技大学 | Low-cost radio frequency identification (RFID) security authentication protocol capable of shielding illegal reader-writer |
| CN108170753A (en) * | 2017-12-22 | 2018-06-15 | 北京工业大学 | A kind of method of Key-Value data base encryptions and Safety query in shared cloud |
| CN108345801A (en) * | 2018-02-09 | 2018-07-31 | 南京邮电大学 | A kind of middleware dynamic user authentication method and system towards ciphertext database |
| CN109379338A (en) * | 2018-09-19 | 2019-02-22 | 杭州安恒信息技术股份有限公司 | A kind of recognition methods of Web application system SessionID attack |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110457948A (en) * | 2019-08-13 | 2019-11-15 | 中科天御(苏州)科技有限公司 | A kind of dynamic data means of defence and system based on store instruction randomization |
| CN113726764A (en) * | 2021-08-27 | 2021-11-30 | 杭州溪塔科技有限公司 | Private data transmission method and device |
| CN113726764B (en) * | 2021-08-27 | 2023-03-24 | 杭州溪塔科技有限公司 | Private data transmission method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110032862B (en) | 2022-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Plohmann et al. | A comprehensive measurement study of domain generating malware | |
| Brar et al. | Cybercrimes: A proposed taxonomy and challenges | |
| Sinrod et al. | Cyber-crimes: A practical approach to the application of federal computer crime laws | |
| Sharma et al. | Analysis and classification of SQL injection vulnerabilities and attacks on web applications | |
| Nagpal et al. | A survey on the detection of SQL injection attacks and their countermeasures | |
| Baezner | Cyber and Information warfare in the Ukrainian conflict | |
| Akin et al. | On the difficulty of securing web applications using CryptDB | |
| US20190147451A1 (en) | Collaborate Fraud Prevention | |
| CN104966032A (en) | Method for randomly simulating sensitive information in cloud database | |
| Alam et al. | A case study of sql injection vulnerabilities assessment of. bd domain web applications | |
| CN110032862A (en) | A kind of data dynamic protection method and device of anticollision library attack | |
| Efendi et al. | A survey on deception techniques for securing web application | |
| Kessler | Information security: New threats or familiar problems? | |
| Saint-Claire | Overview and Analysis on Cyber Terrorism. | |
| Joshi et al. | Encountering sql injection in web applications | |
| Dmitrieva | I Know It When I See It: Should Internet Providers Recognize Copyright Violation When They See It? | |
| Brindtha et al. | Identification and detecting of attacker in a purchase portal using honeywords | |
| Brill | From hit and run to invade and stay: How cyberterrorists could be living inside your systems | |
| Tatara et al. | The Potential of Cyber Attacks in Indonesia's Digital Economy Transformation | |
| Sam et al. | Survey of risks and threats in online learning applications | |
| Maillet | The Evolution of Malware in America's Adversaries: A Study of Evolving Cyber Threats | |
| Srimathi et al. | Study of Various Prevention Scheme Used for XSS Attacks through Data Sanitization Techniques | |
| Mitră | The Structure of Cyber Attacks | |
| Kushwaha et al. | A Survey on Malware & Session Hijack Attack over WebEnvironments | |
| Zamfiroiu et al. | CrawVulns-A Software Solution for Vulnerabilities Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |