CN107526968A - A kind of anti-method for implanting of SQL based on syntactic analysis and device - Google Patents
A kind of anti-method for implanting of SQL based on syntactic analysis and device Download PDFInfo
- Publication number
- CN107526968A CN107526968A CN201710710787.4A CN201710710787A CN107526968A CN 107526968 A CN107526968 A CN 107526968A CN 201710710787 A CN201710710787 A CN 201710710787A CN 107526968 A CN107526968 A CN 107526968A
- Authority
- CN
- China
- Prior art keywords
- user
- sql
- input
- list
- string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
Abstract
The invention discloses a kind of anti-method for implanting of the SQL based on syntactic analysis, it is characterized in that, comprise the following steps:Obtain the input of user's list;User's list is inputted and carries out pretreatment operation;According to the morpheme in sentence after the morphological rule of structure identification pretreatment operation;Syntactic analysis is carried out to morpheme according to the syntax rule of structure, extracts abstract syntax structure string;Judge whether abstract syntax structure string matches with normal structure string, if it does, then judging that user's input is simple structure, do not form SQL injection attack;If it does not match, judging that user's input is labyrinth, SQL injection attack is formed.Assembling SQL statement grammer preanalysis method can just filter most SQL injection attacks using the simple special SQL syntax.The syntax of enhancing help further to improve attack recognition rate, efficiently avoid the contradiction in feature string matching strategy.
Description
Technical field
The present invention relates to technical field of network security, the anti-method for implanting of especially a kind of SQL based on syntactic analysis and dress
Put.
Background technology
SQL injection is a kind of conventional and easy to implement attack meanses, and the safety of web application is formed seriously
Threaten.The strick precaution of SQL injection at present mainly has several sides such as manual inspection, automatic fitration, sql command coding and special API
Method.
Manual inspection requirements application developer adds the inspection code that information is inputted for user in a program.Exploit person
It is legal input information that what member, which need to definitely distinguish, can accurately filter out malice and input.But under complicated architectures
Application program needs to handle a large number of users input, checks the anti-SQL injection coding for not only greatly testing developer by hand
Experience, program is also allowed to become to be difficult to safeguard.It is the upgrading of the customized anti-SQL injection of program for application for on-line running
Patch expense is too high.
Automatic fitration is to increase the fire wall of an application layer in network service front end, when receiving user's input information
Concentration inspection is carried out, malice is filtered out and inputs, and filter generally use characteristic character string matching algorithm, often only with advance
A series of regular expressions defined are filtered, and the malice input constructed meticulously is easy to bypass this filter.
Sql command coding method, which assumes that user is inputted in information, should not include sql command, first by SQL statement
All control commands of non-user importation encode, and the SQL statement after coding first passes through SQL before submitting to database and performing
Agency's decoding, SQL are acted on behalf of if it find that the sql command that can not be decoded, then be determined as that user have input illegal control command.This
Kind method is related to a large amount of modifications to Web server and database server platform software, realizes and installation is all very cumbersome.
Conventional database manipulation is packaged into some special api functions by many new high-level languages, and programmer does not need constructing SQL
Character string, therefore there will not be the risk of SQL injection.New application program can avoid SQL injection using special API, but
It is then helpless for the extensive application run.
The content of the invention
It is an object of the invention to provide a kind of anti-method for implanting of SQL based on syntactic analysis and device, and this method is using letter
Single special SQL syntax can just filter most SQL injection attacks, it is not necessary to existing application code is changed,
Any server platform software need not be changed.
To achieve the above object, the present invention uses following technical proposals:
A kind of anti-method for implanting of SQL based on syntactic analysis, comprises the following steps:
Obtain the input of user's list;
User's list is inputted and carries out pretreatment operation;
According to the morpheme in sentence after the morphological rule of structure identification pretreatment operation;
Syntactic analysis is carried out to morpheme according to the syntax rule of structure, extracts abstract syntax structure string;
Judge whether abstract syntax structure string matches with normal structure string, if it does, then judging that user's input is simple
Structure, SQL injection attack is not formed;If it does not match, judging that user's input is labyrinth, SQL injection attack is formed.
Further, before progress pretreatment operation is inputted to user's list, in addition to:
The input of user's list is extracted, keyword is added and is assembled into complete SQL statement.
Further, the pretreatment operation, including:
The input of user's list is carried out to filter annotation and transform coding, the filtering annotation includes removing the input of user's list
In interference character string, the transform coding include to user's list input in hexadecimal code change.
Further, the morpheme after the identification pretreatment operation according to the morphological rule of structure in sentence, including,
The word in pretreated user's list input is identified, it is to belong to keyword, variable name, constant to judge word
It is any in name, and form morpheme list.
Further, the syntax rule according to structure carries out syntactic analysis to morpheme, extracts abstract syntax structure
String, including:
Syntactic analysis is carried out to morpheme list, the abstract characters string of user's input is extracted according to keyword, and judges to take out
As the type of character string.
Further, the type of the abstract characters string, including:
It is non-implanted, refer to normal users input, do not form injection attacks;Value injection, subquery is replaced with by expression formula r value
Sentence or arithmetic expression;Condition is injected, the conditional expression of generalized Petri net sentence;Combination injection, is accorded with using SQL combinatorial operations
Compound query is constructed to obtain extra database information;Sentence injects, in the sentence behind former SQL statement outside plus.
Further, the normal structure string is non-implanted input type, and grammatical representation formula is A=V andA=V, i.e., single
Individual or multiple A=V, A here represent variable, V expression values.
A kind of anti-injection devices of SQL based on syntactic analysis, including:
Extraction module is inputted, completes the extraction to user's input;
Pretreatment module, complete to the filtering annotation of user's input and the back work of transform coding;
Morpheme list extraction module, complete to input user the extraction of word, and the part of speech for inputting user word is carried out
Analysis forms morpheme list;
Syntactic structure analysis module, morpheme list is analyzed, complete the extraction of abstract characters string;
Syntactic structure string comparing module, to extracting abstract characters string compared with standard characters, judge whether it is SQL
Injection.
Further, in addition to:
SQL statement assembles module, and complete SQL statement is formed to user's input addition keyword of extraction.
The effect provided in the content of the invention is only the effect of embodiment, rather than whole effects that invention is all, above-mentioned
A technical scheme in technical scheme has the following advantages that or beneficial effect:
SQL statement grammer preanalysis strategy proposed by the present invention be it is a kind of take precautions against SQL injection attack new method, the party
The list input of method extraction user, is assembled into complete SQL statement, carries out syntactic analysis to assembling sentence, searching can
The syntactic structure that can be injected.This method judges that unique foundation of SQL injection is abstract syntactic structure string, rather than specifically
Feature string.Assembling SQL statement grammer preanalysis method can just filter most SQL using the simple special SQL syntax
Injection attacks.The syntax of enhancing help further to improve attack recognition rate, efficiently avoid feature string matching strategy
In contradiction.
Brief description of the drawings
Accompanying drawing described herein is used for providing that the present invention is explained further, and forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the method flow diagram of the SQL anti-method for implanting embodiments one of the invention based on syntactic analysis;
Fig. 2 is the method flow diagram of the SQL anti-method for implanting embodiments two of the invention based on syntactic analysis;
Fig. 3 is that the anti-injection devices of SQL of the present invention based on syntactic analysis implement a structure chart;
Fig. 4 is that the anti-injection devices of SQL of the present invention based on syntactic analysis implement two structure charts.
Embodiment
For the technical characterstic for illustrating this programme can be understood, below by embodiment, and its accompanying drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or set.
As shown in figure 1, a kind of anti-method for implanting of SQL based on syntactic analysis, comprises the following steps:
S1, obtain the input of user's list;
S2, progress pretreatment operation is inputted to user's list;Preprocessing rule is used to complete filtering annotation, transform coding etc.
Back work;Preprocessing process is used to remove interference character string and hexadecimal code in user's input etc., and attacker is past
Toward the filter that feature based string matching is avoided using these character strings.
S3, the morpheme in sentence after the morphological rule of structure identification pretreatment operation;Identify pretreated use
Word in the list input of family, it is to belong to any in keyword, variable name, constant name to judge word, and forms morpheme row
Table.
S4, syntactic analysis carried out to morpheme according to the syntax rule of structure, extract abstract syntax structure string;Morpheme is arranged
Table carries out syntactic analysis, and the abstract characters string of user's input is extracted according to keyword, and judges the type of abstract characters string.
S5, judge whether abstract syntax structure string matches with normal structure string, if it does, then judging that user's input is letter
Single structure, SQL injection attack is not formed;If it does not match, judging that user's input is labyrinth, SQL injection attack is formed.
The grammer that syntactic structure string only records the where clause of assembling SQL statement is abstracted, and pays attention to syntax rule using Bison
The context-free grammar of specified format.
Due to the highly structural of SQL statement, no matter the user of composite construction is inputted by the application journey comprising defect code
Which type of SQL statement is sequence is finally assembled in, can all cause explanation of error of the background data base to the sentence, so as to trigger one
Secondary SQL injection attack, therefore user's input of composite construction is once found in syntactic analysis, just it is determined as malice
SQL injection character string.
As shown in table 1, normal user's input is the simple structure with logic entirety implication, represents ID users, surname
The information such as name;And the character string for implementing SQL injection must include the composite construction of SQL syntax fragment.Because SQL injection
The SQL interpretive programs that attack is substantially desirable to background data base explain the SQL statement assembled in different ways, if
The character string of user's input does not include SQL syntax fragment, it is clear that is unable to reach this purpose.
The user inputs character string of table 1
Whether common filter judges user's input by searching the SQL syntax fragment in user inputs character string
For composite construction, it is the root for causing filter to produce more mistakes and omissions to depart from the residing context of user's input individually to carry out analysis
Source.As the application level firewall of program front end, although can not definitely understand the context of user's input, sql like language
Highly structural allow to by for user assign a typical context environmental, assemble a complete SQL statement
To carry out grammer preanalysis, so as to definitely judge user input whether be malice composite construction.
The select sentences of simple structure are as follows as context environmental, referred to as standard select sentences:
Select col fromtbl where a=v and a=v
Select col fromtbl where a=' v ' and a=v
User inputs character string is substituted into first conditional expression r value v of where clause, obtains complete SQL languages
Sentence, as follows, whether user's input is that composite construction becomes apparent.
Select col fromtbl where a=selecttop 1col from tbl and a=v
Or ' any ' of select col fromtbl where a=' 1 '=' any ' and a=v
The purpose of SQL syntax preanalysis be judge user input whether be malice composite construction, analysis means then be ratio
Compared with the similarities and differences between the syntactic structure string between the select sentences and standard select sentences of assembling.Syntactic structure string is
The simple abstract of select sentence where clause grammar structures, the select sentences obtained by the input assembling of composite construction
The syntactic structure string of where clause is necessarily different from the normal structure string of standard select sentence where clauses.
According to SQL grammar property, several syntactic structure strings corresponding to SQL injection attack sentence can be summarized, such as
Shown in table 2.A:Represent variable V:Expression value Q:Represent inquiry, E:Represent calculating formula, U:Represent the union inquiries in SQL, S:Table
Show that system function calls.A and V is the character string of any non-SQL keywords, represents the lvalue and r value of conditional expression respectively;Q
It is independent SQL query statement;E is SQL arithmetic expression;U represents the combinatorial operation symbol in SQL;S is the order built in SQL
Or the independent sentence of storing process composition.
The SQL injection of table 2 attack grammer is abstracted
Non-implanted finger normal users input, does not form injection attacks;Value injection is that expression formula r value is replaced with into subquery
Sentence or arithmetic expression;Condition injection is the conditional expression of generalized Petri net sentence;It is to utilize SQL combinatorial operations to combine injection
Symbol construction compound query attempts to obtain extra database information;Sentence injection is in the language behind former SQL statement outside plus
Sentence.Syntactic structure A=V is abstract as conditional expression, is not necessarily equation, it is also possible in inequality or SQL
Like expression formulas or in expression formulas etc..
The typical grammer preanalysis example of table 3
As shown in table 3, the overall process that grammer preanalysis is analyzed is carried out to a typical SQL injection character string.It is logical
Cross and build server, by way of proxy access, the present invention can be used for the anti-SQL injection of various systems to attack.
As shown in Fig. 2 a kind of anti-method for implanting of SQL based on syntactic analysis, comprises the following steps:
S1, obtain the input of user's list;
S2, extraction user list input, add keyword and are assembled into complete SQL statement;
S3, pretreatment operation is carried out to the complete S QL sentences being assembled into;
S4, the morpheme in sentence after the morphological rule of structure identification pretreatment operation;
S5, syntactic analysis carried out to morpheme according to the syntax rule of structure, extract abstract syntax structure string;
S6, judge whether abstract syntax structure string matches with normal structure string, if it does, then judging that user's input is letter
Single structure, SQL injection attack is not formed;If it does not match, judging that user's input is labyrinth, SQL injection attack is formed.
As shown in figure 3, a kind of anti-injection devices of SQL based on syntactic analysis, including:
Extraction module 101 is inputted, completes the extraction to user's input;
Pretreatment module 102, complete to the filtering annotation of user's input and the back work of transform coding;
Morpheme list extraction module 103, complete to input user the extraction of word, and the part of speech for inputting user word is entered
Row analysis forms morpheme list;
Syntactic structure analysis module 104, morpheme list is analyzed, complete the extraction of abstract characters string;
Syntactic structure string comparing module 105, to extract abstract characters string compared with standard characters, judge whether be
SQL injection.
As shown in figure 4, a kind of anti-injection devices of SQL based on syntactic analysis, including:
Extraction module 101 is inputted, completes the extraction to user's input;
SQL statement assembles module 102, and complete SQL statement is formed to user's input addition keyword of extraction;
Pretreatment module 103, complete to the filtering annotation of user's input and the back work of transform coding;
Morpheme list extraction module 104, complete to input user the extraction of word, and the part of speech for inputting user word is entered
Row analysis forms morpheme list;
Syntactic structure analysis module 105, morpheme list is analyzed, complete the extraction of abstract characters string;
Syntactic structure string comparing module 106, to extract abstract characters string compared with standard characters, judge whether be
SQL injection.
Although above-mentioned the embodiment of the present invention is described with reference to accompanying drawing, model not is protected to the present invention
The limitation enclosed, one of ordinary skill in the art should be understood that on the basis of technical scheme those skilled in the art are not
Need to pay various modifications or deformation that creative work can make still within protection scope of the present invention.
Claims (9)
1. a kind of anti-method for implanting of SQL based on syntactic analysis, it is characterized in that, comprise the following steps:
Obtain the input of user's list;
User's list is inputted and carries out pretreatment operation;
According to the morpheme in sentence after the morphological rule of structure identification pretreatment operation;
Syntactic analysis is carried out to morpheme according to the syntax rule of structure, extracts abstract syntax structure string;
Judge whether abstract syntax structure string matches with normal structure string, if it does, then judge that user's input is simple structure,
SQL injection attack is not formed;If it does not match, judging that user's input is labyrinth, SQL injection attack is formed.
2. a kind of anti-method for implanting of SQL based on syntactic analysis as claimed in claim 1, it is characterized in that, to user's list
Before input carries out pretreatment operation, in addition to:
The input of user's list is extracted, keyword is added and is assembled into complete SQL statement.
3. a kind of anti-method for implanting of SQL based on syntactic analysis as claimed in claim 1, it is characterized in that, the pretreatment behaviour
Make, including:
The input of user's list is carried out to filter annotation and transform coding, the filtering annotation includes removing in the input of user's list
Character string is disturbed, the hexadecimal code that the transform coding is included in being inputted to user's list is changed.
4. a kind of anti-method for implanting of SQL based on syntactic analysis as claimed in claim 1, it is characterized in that, it is described according to structure
Morphological rule identification pretreatment operation after morpheme in sentence, including,
The word in pretreated user's list input is identified, judging word is belonged in keyword, variable name, constant name
It is any, and form morpheme list.
5. a kind of anti-method for implanting of SQL based on syntactic analysis as claimed in claim 4, it is characterized in that, it is described according to structure
Syntax rule to morpheme carry out syntactic analysis, extract abstract syntax structure string, including:
Syntactic analysis is carried out to morpheme list, the abstract characters string of user's input is extracted according to keyword, and judges abstract word
Accord with the type of string.
6. a kind of anti-method for implanting of SQL based on syntactic analysis as claimed in claim 5, it is characterized in that, the abstract characters
The type of string, including:
It is non-implanted, refer to normal users input, do not form injection attacks;Value injection, subquery sentence is replaced with by expression formula r value
Or arithmetic expression;Condition is injected, the conditional expression of generalized Petri net sentence;Combination injection, accorded with and constructed using SQL combinatorial operations
Compound query obtains extra database information;Sentence injects, in the sentence behind former SQL statement outside plus.
7. a kind of anti-method for implanting of SQL based on syntactic analysis as claimed in claim 1, it is characterized in that, the normal structure
It is A=V andA=V, i.e., single or multiple A=V to go here and there as non-implanted input type, grammatical representation formula, and A here represents variable,
V expression values.
8. a kind of such as anti-injection devices of SQL based on syntactic analysis of any one of claim 1 to 7 claim methods described,
It is characterized in that including:
Extraction module is inputted, completes the extraction to user's input;
Pretreatment module, complete to the filtering annotation of user's input and the back work of transform coding;
Morpheme list extraction module, complete to input user the extraction of word, and the part of speech for inputting user word is analyzed
Form morpheme list;
Syntactic structure analysis module, morpheme list is analyzed, complete the extraction of abstract characters string;
Syntactic structure string comparing module, to extracting abstract characters string compared with standard characters, judge whether it is SQL notes
Enter.
9. a kind of anti-injection devices of SQL based on syntactic analysis as claimed in claim 8, it is characterized in that, in addition to:
SQL statement assembles module, and complete SQL statement is formed to user's input addition keyword of extraction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710710787.4A CN107526968A (en) | 2017-08-18 | 2017-08-18 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710710787.4A CN107526968A (en) | 2017-08-18 | 2017-08-18 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107526968A true CN107526968A (en) | 2017-12-29 |
Family
ID=60681525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710710787.4A Pending CN107526968A (en) | 2017-08-18 | 2017-08-18 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107526968A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110035031A (en) * | 2018-01-11 | 2019-07-19 | 阿里巴巴集团控股有限公司 | A kind of detection method and data processing method of SQL injection |
| CN112202822A (en) * | 2020-12-07 | 2021-01-08 | 中国人民解放军国防科技大学 | Database injection detection method and device, electronic equipment and storage medium |
| CN113139183A (en) * | 2020-01-17 | 2021-07-20 | 深信服科技股份有限公司 | Detection method, device, equipment and storage medium |
| CN114500053A (en) * | 2022-01-27 | 2022-05-13 | 安徽华云安科技有限公司 | Code injection detection method and device, electronic equipment and readable storage medium |
| CN114666078A (en) * | 2020-12-08 | 2022-06-24 | 北京中科网威信息技术有限公司 | Method and system for detecting SQL injection attack, electronic equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185930A (en) * | 2011-06-09 | 2011-09-14 | 北京理工大学 | Method for detecting SQL (structured query language) injection vulnerability |
-
2017
- 2017-08-18 CN CN201710710787.4A patent/CN107526968A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185930A (en) * | 2011-06-09 | 2011-09-14 | 北京理工大学 | Method for detecting SQL (structured query language) injection vulnerability |
Non-Patent Citations (1)
| Title |
|---|
| 周敬利等: "一种新的反SQL注入策略的研究与实现", 《计算机科学》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110035031A (en) * | 2018-01-11 | 2019-07-19 | 阿里巴巴集团控股有限公司 | A kind of detection method and data processing method of SQL injection |
| CN110035031B (en) * | 2018-01-11 | 2022-04-26 | 阿里巴巴集团控股有限公司 | SQL injection detection method and data processing method |
| CN113139183A (en) * | 2020-01-17 | 2021-07-20 | 深信服科技股份有限公司 | Detection method, device, equipment and storage medium |
| CN113139183B (en) * | 2020-01-17 | 2023-12-29 | 深信服科技股份有限公司 | Detection method, detection device, detection equipment and storage medium |
| CN112202822A (en) * | 2020-12-07 | 2021-01-08 | 中国人民解放军国防科技大学 | Database injection detection method and device, electronic equipment and storage medium |
| CN114666078A (en) * | 2020-12-08 | 2022-06-24 | 北京中科网威信息技术有限公司 | Method and system for detecting SQL injection attack, electronic equipment and storage medium |
| CN114666078B (en) * | 2020-12-08 | 2022-12-20 | 北京中科网威信息技术有限公司 | Method and system for detecting SQL injection attack, electronic equipment and storage medium |
| CN114500053A (en) * | 2022-01-27 | 2022-05-13 | 安徽华云安科技有限公司 | Code injection detection method and device, electronic equipment and readable storage medium |
| CN114500053B (en) * | 2022-01-27 | 2023-12-05 | 安徽华云安科技有限公司 | Code injection detection method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111428044B (en) | Method, device, equipment and storage medium for acquiring supervision and identification results in multiple modes | |
| CN107526968A (en) | A kind of anti-method for implanting of SQL based on syntactic analysis and device | |
| US11741309B2 (en) | Templated rule-based data augmentation for intent extraction | |
| CN103559444B (en) | A kind of sql injects detection method and device | |
| Dragoni et al. | Combining NLP approaches for rule extraction from legal documents | |
| CN105868204B (en) | A kind of method and device for converting Oracle scripting language SQL | |
| CN111475525A (en) | Desensitization method based on structured query language and related equipment thereof | |
| US20140156282A1 (en) | Method and system for controlling target applications based upon a natural language command string | |
| CN112699665B (en) | Triple extraction method and device of safety report text and electronic equipment | |
| KR20220028038A (en) | Derivation of multiple semantic expressions for utterances in a natural language understanding framework | |
| CN107656921B (en) | Short text dependency analysis method based on deep learning | |
| CN110581864B (en) | Method and device for detecting SQL injection attack | |
| CN106156623A (en) | Based on the SQLIA defence method being intended to | |
| CN112416806B (en) | JS engine fuzzy test method based on standard document analysis | |
| CN110096599B (en) | Knowledge graph generation method and device | |
| CN102955697A (en) | Aspect orientation-based component base building method | |
| CN113010209A (en) | Binary code similarity comparison technology for resisting compiling difference | |
| CN111190873B (en) | Log mode extraction method and system for log training of cloud native system | |
| CN108573152A (en) | Detect method, apparatus, server and the storage medium of SQL injection attack | |
| CN112580331A (en) | Method and system for establishing knowledge graph of policy text | |
| CN113609838A (en) | Document information extraction and mapping method and system | |
| CN116149669B (en) | Binary file-based software component analysis method, binary file-based software component analysis device and binary file-based medium | |
| CN107463845B (en) | Method and system for detecting SQL injection attack and computer processing equipment | |
| US20220229986A1 (en) | System and method for compiling and using taxonomy lookup sources in a natural language understanding (nlu) framework | |
| US20220229998A1 (en) | Lookup source framework for a natural language understanding (nlu) framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171229 |