CN102291394A - Security defense system based on network accelerating equipment - Google Patents
Security defense system based on network accelerating equipment Download PDFInfo
- Publication number
- CN102291394A CN102291394A CN2011102078825A CN201110207882A CN102291394A CN 102291394 A CN102291394 A CN 102291394A CN 2011102078825 A CN2011102078825 A CN 2011102078825A CN 201110207882 A CN201110207882 A CN 201110207882A CN 102291394 A CN102291394 A CN 102291394A
- Authority
- CN
- China
- Prior art keywords
- module
- request
- decision
- described system
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a security defense system based on network accelerating equipment. The system aims to effectively protect various web sites purchasing network accelerating service. The technical scheme provided by the invention is that: the system comprises a system rule base module, a system decision module, a system intrusion detection module and a system feedback module, wherein the system rule base module initializes rule base files aiming at web attack; the system decision module registers a decision algorithm required by security detection; the system intrusion detection module receives a request from a web application program client, performs content detection and verification on the request according to the decision algorithm in the system decision module so as to guarantee the security of the request, and then transmits a detection result to the system feedback module; and if the request meets the security requirement, the system feedback module allows the request to directly access the next flow after security defense, and if the request cannot meet the security requirement, the system feedback module adopts corresponding defending measures.
Description
Technical field
The present invention relates to a kind of computer network web security fields, relate in particular to a kind of system that on the network acceleration product, increases one deck Web Prevention-Security, thereby reach the purpose that defence client source is attacked.
Background technology
Computer network is popularized rapidly in economy and various fields in life, and entire society is increasing to the degree of dependence of network.Network has become the social and economic development very strong driving force, and its status is more and more important.Be accompanied by networks development, also produced various problems, wherein safety problem is particularly outstanding.Because the intrinsic opening of grid, the security breaches that procotol self exists, the imperfection of various softwares or artificial back door, network management personnel's mistake setting and internal staff's the violation operation etc. that are provided with make network security problem serious day by day.
Enterprise customer's great majority of today have all been disposed various security gateways, but still are faced with the threat of a large amount of Web risks and leak.Because traditional security boundary equipment as fire compartment wall, IPS etc., often is confined to product orientation and the defense-in-depth of self.Security breaches continue to bring out, and new application often is accompanied by new leak.The responsibility of fire compartment wall is protection " gate ", if the assailant enters from other approach, fire compartment wall is intractable also.Because a lot of companies have disposed fire compartment wall, so the hacker begins to seek the new attack method, Web uses and attacks is exactly wherein a kind of.It is why different with other attack that Web use to attack, and is because they are difficult to be found, and may be from any online user, or even the user through verifying.The investigation of Gartner shows that about 70% security breaches are derived from network application layer at present, and all kinds of big small business all constantly are subjected to the Web security threat, and security issues become increasingly urgent for Web.
Web uses and to be subjected to full spectrum of threats, and common have all kinds of attacks at the Web application such as cross site scripting, SQL injections, access control defective, buffering area overflow.Wherein most popular Web attacks and surely belongs to cross-site scripting attack and SQL injection attacks.
Cross site scripting (XSS) is the technology of the executable code that provides of a kind of Web of forcing website loopback assailant, and these codes are packed into by user's browser and carried out.Code itself is based on HTML/Javascript more, but also may expand to VBScriPt, Activex, Java, Rash etc., and the technology of other browser support.
When carry out in the browser of assailant the user that the assailant provides code the time, these codes operate in the security domain of subscriber's main station.Under this authority, code can read, revises and transmit all sensitive informations that browser can be visited.May be held as a hostage (cookie usurps) by the user account number of cross-site scripting attack, directed another address of their browser or show the fraudulent information of the Web website that they visit.In fact cross site scripting has threatened the trusting relationship between user and Web website.
It is the attack that a kind of user of utilization imports constructing SQL statement that SQL injects.And most database application nearly all can conduct interviews by sql like language.If using, Web do not verify suitably that the information that the user imports, assailant just might change the SQL statement that carry out on the backstage.Because the authority during the program running SQL statement and current this assembly are (for example, database server, Web Application Server and Web server etc.) authority identical, and these assembly operating authorities are generally all higher, and often be to move with keeper's authority, so the assailant can obtain the control fully of database, and the executive system order, cause serious harm.
Will be able to accomplish the defence to the Web attack, prerequisite is must detect Web to attack.The detection technique that Web attacks is divided into two classes usually, and abnormality detection and misuse detect.
Abnormality detection is also named the detection based on behavior, is to utilize the method for adding up to come the abnormal behaviour of detection system.Abnormality detection can only identify those and normal processes behavior than large deviation; because it is not strong to the adaptability of variety of network environments; and lack criterion accurately, phenomenons such as wrong report appear in abnormality detection through regular meeting, and this has just caused the abnormality detection rate of false alarm higher.
Misuse detects the detection of also crying based on knowledge, is meant the attack method that utilization is known, according to the intrusion model that has defined, invasion whether occurs detecting by judging these intrusion models.This method is owing to judging according to concrete feature database, so very effective to known attack type.Though this method has certain inferior position on the mutation of handling attack and new attack, but require based on the Web Prevention-Security in the CDN system---reduce rate of false alarm as far as possible, rather fail to report the principle of not reporting by mistake, it is a comparatively desirable detection model that misuse detects for the CDN system.
Summary of the invention
The objective of the invention is to address the above problem, a kind of safety defense system of acceleration equipment Network Based is provided, content detection and checking are carried out in all kinds of requests from the weblication client, guarantee its fail safe and legitimacy, illegal request is blocked in real time, thereby all kinds of web-site of buying the network acceleration service are effectively protected.
Technical scheme of the present invention is: the present invention has disclosed a kind of safety defense system of acceleration equipment Network Based, make the web-site that described network acceleration equipment is set obtain the protection of attacking at web, described system comprises system convention library module, system decision-making module, system's intrusion detection module and system feedback module, wherein:
Described system convention library module, the rule base file that initialization is attacked at web, the rule base document definition regular keyword, matched rule and matching algorithm, and described system convention library module is responsible for the initialization keyword and is detected tree and decision making algorithm is registered in the described system decision-making module;
Described system decision-making module is registered the decision making algorithm that safety detection is required;
Described system intrusion detection module, reception is from the request of weblication client, according to the decision making algorithm in the described system decision-making module content detection and checking are carried out in request, guaranteed the fail safe of asking testing result to be transferred to described system feedback module;
Described system feedback module for the request that meets fail safe, allows request directly enter Prevention-Security flow process afterwards, for the request that does not meet fail safe, takes corresponding defensive measure.
According to an embodiment of the safety defense system of acceleration equipment Network Based of the present invention, described network acceleration equipment comprises the upper strata load-balanced server on cache caching server or the cache.
According to an embodiment of the safety defense system of acceleration equipment Network Based of the present invention, described system at web attack and comprise that cross site scripting and SQL inject.
According to an embodiment of the safety defense system of acceleration equipment Network Based of the present invention, the initialized described rule base file of described system convention library module is a rule base file of supporting that cross-site scripting attack and SQL inject.
According to an embodiment of the safety defense system of acceleration equipment Network Based of the present invention, described system convention library module is the pre-configured described rule base file of attacking at web before initialization rule base file.
According to an embodiment of the safety defense system of acceleration equipment Network Based of the present invention, described system decision-making module further comprises key tree algorithm decision package and regular expression matching algorithm decision package.
According to an embodiment of the safety defense system of acceleration equipment Network Based of the present invention, described system intrusion detection module comprises pretreatment layer detecting unit, keyword detection layers detecting unit, optional processing layer detecting unit, rule match layer detecting unit.
Embodiment according to the safety defense system of acceleration equipment Network Based of the present invention, described system feedback module comprises request refusal unit and malice statement delete cells, the request of fail safe is directly refused not meet in described request refusal unit, directly refuses this request; Malice statement deletion during described malice statement delete cells will be asked allows enter Prevention-Security flow process afterwards through the request after the deletion of malice statement again.
The present invention contrasts prior art following beneficial effect: the invention provides the safety defense system of an expedite product Network Based, at first increase this system of defense on each network acceleration product such as Cache.Start this system of defense when starting when Cache quickens, system of defense is done initial work according to the rule base of exterior arrangement, and all kinds of decision making algorithms in the loading system decision-making module.After this, when Cache accepted external request, this request was introduced into the intrusion detection module of system of defense, and then carried out the detection and the checking of content, and last testing result is handled by the system feedback module.The contrast prior art, the present invention combines system of defense and network acceleration equipment, makes all kinds of website clients of buying the network acceleration service become the beneficiary, has accelerated detection speed to a certain extent, has obtained good detection effect.
Description of drawings
Fig. 1 is the work reciprocal process schematic diagram in user, CDN system, safety defense system and client source.
Fig. 2 is the general frame figure of embodiment of the safety defense system of acceleration equipment Network Based of the present invention.
The example schematic that Fig. 3 injects for SQL.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
As shown in Figure 1, CDN server zone 3 is arranged between user 1 and the client's source server 2, and safety defense system 4 is installed between CDN server zone 3 and client's source server 2.Go up the installation safety defense system at CDN acceleration equipment (as the cache machine), make safety defense system 4 and cache system combine.Network acceleration equipment comprises the upper strata load-balanced server on cache caching server or the cache.Safety defense system 4 at web attack and to comprise that cross site scripting and SQL inject.
Fig. 2 shows the general frame of embodiment of the safety defense system of acceleration equipment Network Based of the present invention.See also Fig. 2, the safety defense system of present embodiment comprises system convention library module 40, system decision-making module 42, system's intrusion detection module 44 and system feedback module 46.System convention library module 40, system decision-making module 42 be connected system intrusion detection module 44 respectively, the output connected system feedback module 46 of system's intrusion detection module 44.
Before the start-up system, the required rule base file of system convention library module 40 configuration systems of defense is for example supported the rule base file that XSS attacks and SQL injects.The rule base document definition regular keyword, matched rule and matching algorithm, and described system convention library module is responsible for the initialization keyword and is detected tree and decision making algorithm is registered in the described system decision-making module.
Start and start system of defense when cache quickens, system convention library module 40 in the system of defense carries out initial work according to the rule base of exterior arrangement, and all kinds of decision making algorithms of loading system decision-making module 42, in system decision-making module 42, the decision making algorithm that safety detection is required is registered.System decision-making module 42 further comprises key tree algorithm decision package 420 and regular expression matching algorithm decision package 424.Can also comprise other decision packages 424 at the optional algorithm of each keyword.In key tree algorithm decision package 420, key tree adopts the data structure form of multiway tree, each node of key tree is deposited a character in the keyword, and because the character that node is deposited all is the ASCII value, therefore adopt binary chop, searching time complexity is linear O (n).In regular expression matching algorithm decision package 424, for example can realize DFA algorithm-Lex algorithm and NFA algorithm-Pcre algorithm.
When cache received external request, this request was introduced into system's intrusion detection module 44 of safety defense system 4 and carries out content detection and checking.
System's intrusion detection module 44 receives the request from the weblication client, according to the decision making algorithm in the system decision-making module 42 content detection and checking is carried out in request, guarantees the fail safe of asking testing result to be transferred to system feedback module 46.
System's intrusion detection module 44 comprises pretreatment layer detecting unit 440, keyword detection layers detecting unit 442, optional processing layer detecting unit 444, the rule match layer detecting unit 446 that connects in regular turn.If judge this request in some detecting units therein is reasonable request, then returns testing result to system feedback module 46, otherwise carries out next detecting unit.
In pretreatment layer detecting unit 440, carry out some special processings at detecting content.May as the URI for request, what cause attack be dynamic page and dynamic content only, therefore only needs to detect dynamic page and dynamic content, such as only needing to detect band? the URI request content of question mark back.
In keyword detection layers detecting unit 442, the first, because XSS attacks and the keyword of SQL attack is among the ASCII '! '-'~' between legal character, therefore XSS attack and SQL attack character only can appear in the standard A SCII character, and for for the more webpage of the Chinese character frequency of occurrences, filtering out non-ascii character can reduce greatly and need the content that detects, accelerates detection speed.
The second, input character is carried out quick character conversion, as ' a ', ' A ', ' %41 ', ' unifications such as %61 ' are converted to a fixing ASCII value ' a ', promptly 97.Because the keyword number is when reaching some, detection rates can be a greater impact, so such conversion can significantly reduce the length of regular expression in the number of keyword and the rule file, makes detection speed greatly improve.
The 3rd, keyword detects the main thought that adopts based on tree, adopts the method based on binary chop on the basis in second step, can accelerate detection speed.
The 4th, the introducing of Keyword Weight, main here taking into account critical word becomes the possibility of attacking statement.Because the appearance of " select " often is accompanied by the SQL injection attacks, so can give " select " higher weight in configuration file.Such as, when detecting " and " and " select " two keywords simultaneously,, just first in the subsequent detection step " select " keyword is handled because the weight of " select " is higher than the weight of " and " in the configuration file.
In optional processing layer detecting unit 444, optional processing can have multistep, is specifically determined by configuration file.Such as, following ios dhcp sample configuration IOS DHCP: keyword:and is arranged; Weight:; Optprocess:and_opt1, and_opt2; Msg: " "; Pcre: " (%27| ' | s|+| %20| (/ * .* * ∨) |; | %3b) and "; When detecting " and " keyword, the optional processing module that can dispose the back removes to handle the follow-up input character of " and ".Shown in above configuration, the optional processing of " and " is handled successively by and_opt1 and these two operations of and_opt2.Like this, just can carry out multistep according to special use scene for the processing of certain keyword handles.
In rule match layer detecting unit 446, when detecting certain keyword, can judge the attack type that this keyword is affiliated automatically.Such as, having only XSS and SQL to inject under the situation of these two kinds of attacks, when detecting " select " keyword, system can judge automatically that this keyword belongs to SQL injection attacks type, and enters the rule match layer.In the rule match layer, only need remove to handle the matched rule of SQL correspondence " select " keyword, and need not to mate all SQL rules and XSS rule, so just can accelerate detection speed greatly.
System feedback module 46 allows request directly enter Prevention-Security flow process afterwards for the request that meets fail safe, for the request that does not meet fail safe, takes corresponding defensive measure.System feedback module 46 comprises request refusal unit 460 and malice statement delete cells 462, and request refusal unit 460 direct refusals do not meet the request of fail safe, directly refuse this request.Malice statement deletion during malice statement delete cells 462 will be asked allows enter Prevention-Security flow process afterwards through the request after the deletion of malice statement again.
Fig. 3 shows the example that SQL injects.As shown in Figure 3, step 1. in, carry out preliminary treatment, to URI, only detect "? " the content of back.2. is searching of keyword in step in, and keyword adopts tree structure, and traversal is once found out all keywords.The keyword that exists among the current URI is " and ", " select " and " or ".Owing to search the judgement that has increased part grammar in the algorithm, get rid of select the most at last " and " or ".Step 3. in, the special processing of partial key (configurable) for example for " and " and " or ", judges whether the back "=", ">", "<" occur.Step 4. in, carry out the coupling of pcre regular expression.
The foregoing description provides to those of ordinary skills and realizes and use of the present invention, those of ordinary skills can be under the situation that does not break away from invention thought of the present invention, the foregoing description is made various modifications or variation, thereby invention scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.
Claims (8)
1. the safety defense system of an acceleration equipment Network Based, make the web-site that described network acceleration equipment is set obtain the protection of attacking at web, described system comprises system convention library module, system decision-making module, system's intrusion detection module and system feedback module, wherein:
Described system convention library module, the rule base file that initialization is attacked at web, the rule base document definition regular keyword, matched rule and matching algorithm, and described system convention library module is responsible for the initialization keyword and is detected tree and decision making algorithm is registered in the described system decision-making module;
Described system decision-making module is registered the decision making algorithm that safety detection is required;
Described system intrusion detection module, reception is from the request of weblication client, according to the decision making algorithm in the described system decision-making module content detection and checking are carried out in request, guaranteed the fail safe of asking testing result to be transferred to described system feedback module;
Described system feedback module for the request that meets fail safe, allows request directly enter Prevention-Security flow process afterwards, for the request that does not meet fail safe, takes corresponding defensive measure.
2. the safety defense system of acceleration equipment Network Based according to claim 1 is characterized in that, described network acceleration equipment comprises the upper strata load-balanced server on cache caching server or the cache.
3. the safety defense system of acceleration equipment Network Based according to claim 1 is characterized in that, described system at web attack and to comprise that cross site scripting and SQL inject.
4. the safety defense system of acceleration equipment Network Based according to claim 3 is characterized in that, the initialized described rule base file of described system convention library module is a rule base file of supporting that cross-site scripting attack and SQL inject.
5. the safety defense system of acceleration equipment Network Based according to claim 1 is characterized in that, described system convention library module is the pre-configured described rule base file of attacking at web before initialization rule base file.
6. the safety defense system of acceleration equipment Network Based according to claim 1 is characterized in that, described system decision-making module further comprises key tree algorithm decision package and regular expression matching algorithm decision package.
7. the safety defense system of acceleration equipment Network Based according to claim 1, it is characterized in that described system intrusion detection module comprises pretreatment layer detecting unit, keyword detection layers detecting unit, optional processing layer detecting unit, rule match layer detecting unit.
8. the safety defense system of acceleration equipment Network Based according to claim 1, it is characterized in that, described system feedback module comprises request refusal unit and malice statement delete cells, and the request of fail safe is directly refused not meet in described request refusal unit, directly refuses this request; Malice statement deletion during described malice statement delete cells will be asked allows enter Prevention-Security flow process afterwards through the request after the deletion of malice statement again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110207882.5A CN102291394B (en) | 2011-07-22 | 2011-07-22 | Security defense system based on network accelerating equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110207882.5A CN102291394B (en) | 2011-07-22 | 2011-07-22 | Security defense system based on network accelerating equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102291394A true CN102291394A (en) | 2011-12-21 |
CN102291394B CN102291394B (en) | 2014-06-11 |
Family
ID=45337503
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110207882.5A Active CN102291394B (en) | 2011-07-22 | 2011-07-22 | Security defense system based on network accelerating equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102291394B (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103902606A (en) * | 2012-12-28 | 2014-07-02 | 腾讯科技(深圳)有限公司 | Data processing method and system of database |
CN104967628A (en) * | 2015-07-16 | 2015-10-07 | 浙江大学 | Deceiving method of protecting web application safety |
CN105046154A (en) * | 2015-08-13 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Webshell detection method and device |
CN105245506A (en) * | 2015-09-23 | 2016-01-13 | 上海云盾信息技术有限公司 | Network attack defense method and equipment |
CN105812196A (en) * | 2014-12-30 | 2016-07-27 | 中国移动通信集团公司 | WebShell detection method and electronic device |
CN106210057A (en) * | 2016-07-13 | 2016-12-07 | 成都知道创宇信息技术有限公司 | A kind of cloud security means of defence based on CDN |
CN107454120A (en) * | 2016-05-30 | 2017-12-08 | 北京京东尚科信息技术有限公司 | The method of network attack defending system and defending against network attacks |
WO2018018699A1 (en) * | 2016-07-29 | 2018-02-01 | 广州市乐商软件科技有限公司 | Website scripting attack prevention method and device |
CN104994104B (en) * | 2015-07-06 | 2018-03-16 | 浙江大学 | Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateways |
CN108401011A (en) * | 2018-01-30 | 2018-08-14 | 网宿科技股份有限公司 | The accelerated method of handshake request, equipment and fringe node in content distributing network |
CN111988280A (en) * | 2020-07-24 | 2020-11-24 | 网宿科技股份有限公司 | Server and request processing method |
CN113810418A (en) * | 2021-09-18 | 2021-12-17 | 土巴兔集团股份有限公司 | Method for defending cross-site scripting attack and related equipment thereof |
CN116361795A (en) * | 2023-03-23 | 2023-06-30 | 中国人民解放军61660部队 | SQL injection attack detection method based on grammar gene segment coverage analysis |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
US20090138945A1 (en) * | 2003-09-10 | 2009-05-28 | Fidelis Security Systems | High-Performance Network Content Analysis Platform |
CN101448007A (en) * | 2008-12-31 | 2009-06-03 | 中国电力科学研究院 | Attack prevention system based on structured query language (SQL) |
-
2011
- 2011-07-22 CN CN201110207882.5A patent/CN102291394B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090138945A1 (en) * | 2003-09-10 | 2009-05-28 | Fidelis Security Systems | High-Performance Network Content Analysis Platform |
CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
CN101448007A (en) * | 2008-12-31 | 2009-06-03 | 中国电力科学研究院 | Attack prevention system based on structured query language (SQL) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103902606A (en) * | 2012-12-28 | 2014-07-02 | 腾讯科技(深圳)有限公司 | Data processing method and system of database |
CN103902606B (en) * | 2012-12-28 | 2018-07-06 | 腾讯科技(深圳)有限公司 | The data processing method and system of a kind of database |
CN105812196A (en) * | 2014-12-30 | 2016-07-27 | 中国移动通信集团公司 | WebShell detection method and electronic device |
CN104994104B (en) * | 2015-07-06 | 2018-03-16 | 浙江大学 | Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateways |
CN104967628B (en) * | 2015-07-16 | 2017-12-26 | 浙江大学 | A kind of decoy method of protection web applications safety |
CN104967628A (en) * | 2015-07-16 | 2015-10-07 | 浙江大学 | Deceiving method of protecting web application safety |
CN105046154A (en) * | 2015-08-13 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Webshell detection method and device |
CN105245506B (en) * | 2015-09-23 | 2018-10-12 | 上海云盾信息技术有限公司 | A kind of method and apparatus of defending against network attacks |
CN105245506A (en) * | 2015-09-23 | 2016-01-13 | 上海云盾信息技术有限公司 | Network attack defense method and equipment |
CN107454120A (en) * | 2016-05-30 | 2017-12-08 | 北京京东尚科信息技术有限公司 | The method of network attack defending system and defending against network attacks |
CN106210057A (en) * | 2016-07-13 | 2016-12-07 | 成都知道创宇信息技术有限公司 | A kind of cloud security means of defence based on CDN |
WO2018018699A1 (en) * | 2016-07-29 | 2018-02-01 | 广州市乐商软件科技有限公司 | Website scripting attack prevention method and device |
CN108401011A (en) * | 2018-01-30 | 2018-08-14 | 网宿科技股份有限公司 | The accelerated method of handshake request, equipment and fringe node in content distributing network |
CN108401011B (en) * | 2018-01-30 | 2021-09-24 | 网宿科技股份有限公司 | Acceleration method and device for handshake request in content distribution network and edge node |
CN111988280A (en) * | 2020-07-24 | 2020-11-24 | 网宿科技股份有限公司 | Server and request processing method |
CN113810418A (en) * | 2021-09-18 | 2021-12-17 | 土巴兔集团股份有限公司 | Method for defending cross-site scripting attack and related equipment thereof |
CN113810418B (en) * | 2021-09-18 | 2023-12-26 | 土巴兔集团股份有限公司 | Method for defending cross-site scripting attack and related equipment thereof |
CN116361795A (en) * | 2023-03-23 | 2023-06-30 | 中国人民解放军61660部队 | SQL injection attack detection method based on grammar gene segment coverage analysis |
CN116361795B (en) * | 2023-03-23 | 2024-02-13 | 中国人民解放军61660部队 | SQL injection attack detection method based on grammar gene segment coverage analysis |
Also Published As
Publication number | Publication date |
---|---|
CN102291394B (en) | 2014-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102291394B (en) | Security defense system based on network accelerating equipment | |
US11212305B2 (en) | Web application security methods and systems | |
Nikiforakis et al. | SessionShield: Lightweight protection against session hijacking | |
Balduzzi et al. | Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications. | |
CN107276986B (en) | Method, device and system for protecting website through machine learning | |
CN104954384B (en) | A kind of url mimicry methods of protection Web applications safety | |
CN102045319A (en) | Method and device for detecting SQL (Structured Query Language) injection attack | |
Cui et al. | A survey on xss attack detection and prevention in web applications | |
Nagpal et al. | SECSIX: security engine for CSRF, SQL injection and XSS attacks | |
Liu et al. | A web second-order vulnerabilities detection method | |
Khochare et al. | Survey on SQL Injection attacks and their Countermeasures | |
Shrivastava et al. | SQL injection attacks: Technique and prevention mechanism | |
Tanakas et al. | A novel system for detecting and preventing SQL injection and cross-site-script | |
Ruzhi et al. | A database security gateway to the detection of SQL attacks | |
Razzaq et al. | Ontology based application level intrusion detection system by using bayesian filter | |
Joshi et al. | Encountering sql injection in web applications | |
He | RETRACTED: Analysis of Network Intrusion Detection Technology Based on Computer Information Security Technology | |
Zhang et al. | An automated composite scanning tool with multiple vulnerabilities | |
Gadgikar | Preventing SQL injection attacks using negative tainting approach | |
Singh et al. | SQL Injection Attacks, Detection Techniques on Web Application Databases | |
CN114006713A (en) | Trust architecture for node diversity | |
Kharche et al. | Preventing SQL Injection attack using pattern matching algorithm | |
Madan et al. | Shielding against sql injection attacks using admire model | |
Medeiros et al. | Demonstrating a tool for injection attack prevention in MySQL | |
Wibowo et al. | Apache web server security with security hardening |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C56 | Change in the name or address of the patentee | ||
CP02 | Change in the address of a patent holder |
Address after: 200030 Shanghai city Xuhui District Xietu Road No. 2899 Building 5 floor A Kuangchi Cultural Square Patentee after: ChinaNetCenter Co., Ltd. Address before: 200030 Shanghai Xuhui District Xietu Road No. 2669 15 Floor Patentee before: ChinaNetCenter Co., Ltd. |