CN108090351A - For handling the method and apparatus of request message - Google Patents

For handling the method and apparatus of request message Download PDF

Info

Publication number
CN108090351A
CN108090351A CN201711341371.6A CN201711341371A CN108090351A CN 108090351 A CN108090351 A CN 108090351A CN 201711341371 A CN201711341371 A CN 201711341371A CN 108090351 A CN108090351 A CN 108090351A
Authority
CN
China
Prior art keywords
identification information
request message
database
sentence
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711341371.6A
Other languages
Chinese (zh)
Other versions
CN108090351B (en
Inventor
王天宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201711341371.6A priority Critical patent/CN108090351B/en
Publication of CN108090351A publication Critical patent/CN108090351A/en
Application granted granted Critical
Publication of CN108090351B publication Critical patent/CN108090351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the present application discloses the method and apparatus for handling request message.One specific embodiment of this method includes:Receive request message;Obtain the query sentence of database that request message includes;Generate the identification information of query sentence of database;In response to determining that pre-set identification information set includes the identification information of the identification information match with being generated, request message is handled.This embodiment offers a kind of request processing mechanisms of the identification information based on query sentence of database, improve security during processing request message.

Description

For handling the method and apparatus of request message
Technical field
The invention relates to field of computer technology, the method and apparatus for more particularly, to handling request message.
Background technology
With the explosive increase of internet data, storage medium of the database as internet data assumes responsibility for more next More data and the access request to data.The security of database becomes an important indicator of Internet service.In day In normal business, there is substantial amounts of hacker tissue, by structured query language (Structured Query Language, SQL) mode of invasion steals the sensitive data in database, and trade secret and user related information is caused to reveal, threatens production Product and the information security of user.
The content of the invention
The embodiment of the present application proposes the method and apparatus for handling request message.
In a first aspect, the embodiment of the present application provides a kind of method for handling request message, this method includes:It receives Request message;Obtain the query sentence of database that request message includes;Generate the identification information of query sentence of database;Response In the identification information determined pre-set identification information set and include the identification information match with being generated, processing request Message.
In some embodiments, the identification information of query sentence of database is generated, including:Query sentence of database is carried out Word segmentation processing generates the first character string sequence;Parameter input by user in first character string sequence is replaced with into preset characters generation Second character string sequence;The capital and small letter of separator and letter in unified second character string sequence generates the 3rd character string sequence; Calculate identification information of the cryptographic Hash of the 3rd character string sequence as query sentence of database.
In some embodiments, method further includes:In response to determining not include in pre-set identification information set Identification information with the identification information match generated, syntax tree is converted to by query sentence of database;It determines pre- in syntax tree If the node content of node whether with the characteristic matching in pre-set characteristic set;In response to determining to preset in syntax tree The node content of node and the characteristic matching in pre-set characteristic set, terminate the processing to request message.
In some embodiments, method further includes:In response to determining not include in pre-set identification information set Identification information with the identification information match generated determines sentence and pre-set regular expression that request message includes Whether match, regular expression is used to characterize the feature in pre-set characteristic set;In response to determining request message bag The sentence included and pre-set matching regular expressions, terminate the processing to request message.
In some embodiments, it is characterized in characteristic set via following steps generation:Obtain history invasion sentence Set;Feature extraction is carried out to history invasion sentence set using machine learning method.
Second aspect, the embodiment of the present application provide a kind of device for being used to handle request message, which includes:It receives Unit, for receiving request message;Acquiring unit, for obtaining the query sentence of database that request message includes;Generation is single Member, for generating the identification information of query sentence of database;Processing unit, in response to determining that pre-set mark is believed Breath set includes the identification information of the identification information match with being generated, and handles request message.
In some embodiments, generation unit, including:Subelement is segmented, for being segmented to query sentence of database Processing the first character string sequence of generation;Subelement is replaced, for parameter input by user in the first character string sequence to be replaced with Preset characters generate the second character string sequence;Unified subelement, for the separator and letter in unified second character string sequence Capital and small letter generate the 3rd character string sequence;Computation subunit, for calculating the cryptographic Hash of the 3rd character string sequence as data The identification information of library inquiry sentence.
In some embodiments, device further includes:Converting unit, in response to determining pre-set identification information In set include with the identification information of the identification information match generated, query sentence of database is converted into syntax tree;The One determination unit, for determine in syntax tree preset node node content whether with the feature in pre-set characteristic set Matching;First terminates unit, in response to determining to preset the node content of node and pre-set feature in syntax tree Characteristic matching in set terminates the processing to request message.
In some embodiments, device further includes:Second determination unit, in response to determining pre-set mark Do not include in information aggregate with the identification information of the identification information match generated, determine sentence that request message includes in advance Whether the regular expression of setting matches, and regular expression is used to characterize the feature in pre-set characteristic set;Second eventually Stop element, in response to determining sentence and pre-set matching regular expressions that request message includes, terminating to please Ask the processing of message.
In some embodiments, device further includes feature generation unit, and feature generation unit is used for:Obtain history invasion Sentence set;Feature extraction is carried out to history invasion sentence set using machine learning method.
The third aspect, the embodiment of the present application provide a kind of equipment, including:One or more processors;Storage device is used In the one or more programs of storage, when said one or multiple programs are performed by said one or multiple processors so that above-mentioned One or more processors realize such as the above-mentioned method of first aspect.
Fourth aspect, the embodiment of the present application provide a kind of computer readable storage medium, are stored thereon with computer journey Sequence, which is characterized in that such as first aspect above-mentioned method is realized when the program is executed by processor.
Method and apparatus provided by the embodiments of the present application for handling request message by receiving request message, and obtain Take the query sentence of database that request message includes, then generate query sentence of database identification information, finally in response to Determine that pre-set identification information set includes the identification information of the identification information match with being generated, processing request disappears Breath so as to provide a kind of request processing mechanism of the identification information based on query sentence of database, improves processing request and disappears Security during breath.
Description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application's is other Feature, objects and advantages will become more apparent upon:
Fig. 1 is that this application can be applied to exemplary system architecture figures therein;
Fig. 2 is the flow chart for being used to handle one embodiment of the method for request message according to the application;
Fig. 3 is the schematic diagram for being used to handle the application scenarios of the method for request message according to the application;
Fig. 4 is the flow chart for being used to handle another embodiment of the method for request message according to the application;
Fig. 5 is the structure diagram for being used to handle one embodiment of the device of request message according to the application;
Fig. 6 is adapted for the structure diagram of the computer system of the server for realizing the embodiment of the present application.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention rather than the restriction to the invention.It also should be noted that in order to Convenient for description, illustrated only in attached drawing and invent relevant part with related.
It should be noted that in the case where there is no conflict, the feature in embodiment and embodiment in the application can phase Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 shows the method for being used to handle request message that can apply the application or the dress for handling request message The exemplary system architecture 100 for the embodiment put.
As shown in Figure 1, system architecture 100 can include terminal device 101,102,103, network 104 and server 105, 106.Network 104 between terminal device 101,102,103 and server 105,106 provide communication link medium.Net Network 104 can include various connection types, such as wired, wireless communication link or fiber optic cables etc..
User 110 can be interacted with using terminal equipment 101,102,103 by network 104 with server 105,106, to connect Receive or send data etc..Various applications, such as the application of shopping class, map class can be installed on terminal device 101,102,103 Using, payment class application, social class application, web browser applications, the application of search engine class, mobile phone assistant class using etc..
Terminal device 101,102,103 can be had display screen and the various electronics of data communication function is supported to set It is standby, include but not limited to smart mobile phone, tablet computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio level 4) player, knee Mo(u)ld top half pocket computer and desktop computer etc..User can be sent by terminal device 101,102,103 to server please Seek message.
Server 105,106 can be to provide the server of various services, such as to pacifying on terminal device 101,102,103 The application of dress provides the background server supported, what server 105,106 can be sent with receiving terminal apparatus 101,102,103 please Seek message;Obtain the query sentence of database that request message includes;Generate the identification information of query sentence of database;In response to Determine that pre-set identification information set includes the identification information of the identification information match with being generated, processing request disappears Breath.
It should be noted that the method for being used to handle request message that the embodiment of the present application is provided can be by server 105th, 106 perform, correspondingly, the device for handling request message can be arranged in server 105,106.
It should be understood that the number of the terminal device, network and server in Fig. 1 is only schematical.According to realization need Will, can have any number of terminal device, network and server.
With continued reference to Fig. 2, the stream for being used to handle one embodiment of the method for request message according to the application is shown Journey 200.This is used for the method for handling request message, comprises the following steps:
Step 201, request message is received.
In the present embodiment, it is (such as shown in FIG. 1 for handling the electronic equipment of the method for request message operation thereon Server) can request message be received by wired connection mode or radio connection.Request message can be from client To the request message of server end, can include to the requesting method of resource, the identifier of resource and agreement for using etc., specifically The agreements such as hypertext transfer protocol (HTTP, HyperText Transfer Protocol) can be used.
Step 202, the query sentence of database that request message includes is obtained.
In the present embodiment, the data that above-mentioned electronic equipment can be included with the request message received in obtaining step 201 Library inquiry sentence.Query sentence of database can be SQL statement or meet the sentence of other database syntax specifications.With SQL languages Exemplified by sentence, SQL invasions are the structures by changing SQL, increase attack signature to obtain the sensitive information of database.Due to SQL Itself possess abundant interactive language and complicated agreement, attack signature is extremely complex, it is therefore desirable to in request message Including SQL statement parsed, accurately identify request with the presence or absence of security threat.
Step 203, the identification information of query sentence of database is generated.
In the present embodiment, above-mentioned electronic equipment can be with the mark of the query sentence of database obtained in generation step 202 Information.The identification information of query statement can be used for characterize query statement in query statement whether be invasion sentence it is closely related Feature, the create-rule of identification information can need be configured according to specific business, for example, needing to wrap in identification information Function name is included, same character can be uniformly substituted for for part input by user.
In some optional realization methods of the present embodiment, the identification information of query sentence of database is generated, including:Logarithm Word segmentation processing, which is carried out, according to library inquiry sentence generates the first character string sequence;Parameter input by user in first character string sequence is replaced It is changed to preset characters and generates the second character string sequence;The capital and small letter generation of separator and letter in unified second character string sequence 3rd character string sequence;Calculate identification information of the cryptographic Hash of the 3rd character string sequence as query sentence of database.
In some optional realization methods of the present embodiment, by taking SQL statement as an example, SQL statement can be divided first Word processing, then uniformly replaces with question mark, and the separators such as regularization space, tab stop by user's input parameter, such as by one A or multiple adjacent spaces, tab stop is same is converted to a space, for the operator in SQL, can inquire about in Relevant multiple values replace with a question mark;Ignorecase simultaneously, finally calls hash algorithm, the character after computation rule String signature.
Step 204, in response to determining that pre-set identification information set includes the identification information with being generated The identification information matched somebody with somebody handles request message.
In the present embodiment, above-mentioned electronic equipment can be in response to determining that pre-set identification information set includes Identification information with the identification information match generated in step 203 handles request message.The matching of identification information can be mark Message part is identical, the similarity between identification information be more than predetermined threshold value, specifically can according to business it needs to be determined that Specific matched rule.Pre-set identification information set can be by the white list of offline logs analysis generation, data Storehouse fire wall can obtain white list by way of configuring heat loading.The generation of white list can pass through machine learning method By the cluster to historical data base query statement, can also be determined by business personnel.
In some optional realization methods of the present embodiment, method further includes:In response to determining pre-set mark Do not include in information aggregate with the identification information of the identification information match generated, determine sentence that request message includes in advance Whether the regular expression of setting matches, and regular expression is used to characterize the feature in pre-set characteristic set;In response to It determines the sentence and pre-set matching regular expressions that request message includes, terminates the processing to request message.
In some optional realization methods of the present embodiment, it is characterized in characteristic set via following steps generation: Obtain history invasion sentence set;Feature extraction is carried out to history invasion sentence set using machine learning method.It can pass through The common clustering method of machine learning neighborhood carries out feature extraction, can also carry out feature extraction by deep learning method.
In some optional realization methods of the present embodiment, the feature in characteristic set can also be true by behavioural analysis It is fixed.For example, metamessage is the focus of attack of SQL invasions, it contains the database table structure, account information, physical store of database The sensitive information of the cores such as mode.In data acquisition, most attack patterns is the metamessage for first obtaining data, The sensitive data of database is further obtained after success according to database metamessage.When server has provided a user result page In face, zero results page and the wrong page during at least two pages, attacker is generally by echoing injection mode attack database. When server only provides a kind of page, attacker generally steals sensitive data by the way of time blind note.According to above-mentioned behavior With reference to the grammar property of query sentence of database, emphasis can be classified according to the feature extent of injury and identification difficulty foundation for analysis The characteristic set of defence, particularly may be divided into:The low note of the high injection characteristic set of metamessage characteristic set, discrimination, discrimination Enter characteristic set and the characteristic set for different syntax gauges.
In some optional realization methods of the present embodiment, offline inspection can also be carried out to historical requests message, offline Compared with on-line checking, online detection requirements Detection accuracy maximizes for detection, that is, accidentally injures minimum, can fail to report, offline Testing requirements recall rate maximizes, that is, fails to report minimum, can occur accidentally injuring on a small quantity.On-line checking has centainly to detecting to take simultaneously It is required that.On-line checking loads the subset for being characterized in feature database, such as the injection feature set that metamessage characteristic set, discrimination are high It closes, offline inspection loads the complete or collected works for being characterized in feature database.By online and offline cooperation, intrusion prevention system can be made Detection accuracy and recall rate are optimal.
The method that above-described embodiment of the application provides is by receiving request message;Obtain the data that request message includes Library inquiry sentence;Generate the identification information of query sentence of database;In response to determining in pre-set identification information set Include the identification information of the identification information match with being generated, handle request message, looked into so as to provide one kind based on database The request processing mechanism of the identification information of sentence is ask, improves security during processing request message.
With continued reference to Fig. 3, Fig. 3 is one that is used to handle the application scenarios of the method for request message according to the present embodiment Schematic diagram.In the application scenarios of Fig. 3, the server 301 that operation has request message treatment method receives normal users and passes through Request message including normal SQL statement that terminal 302 is sent and initiate that the server 303 of SQL injection attack sends please Seek message;It is parsed to received request message, and the query sentence of database included according to request message determines After having gone out query-attack and non-attack request, non-attack request has been handled, response message has been returned for non-attack request, terminates Processing to non-attack request.
With further reference to Fig. 4, it illustrates for handling the flow 400 of another embodiment of the method for request message. This is used for the flow 400 for handling the method for request message, comprises the following steps:
Step 401, request message is received.
In the present embodiment, it is (such as shown in FIG. 1 for handling the electronic equipment of the method for request message operation thereon Server) can request message be received by wired connection mode or radio connection.
Step 402, the query sentence of database that request message includes is obtained.
In the present embodiment, the data that above-mentioned electronic equipment can be included with the request message received in obtaining step 401 Library inquiry sentence.
Step 403, the identification information of query sentence of database is generated.
In the present embodiment, above-mentioned electronic equipment can be with the mark of the query sentence of database obtained in generation step 402 Information.
Step 404, in response to determining that pre-set identification information set includes the identification information with being generated The identification information matched somebody with somebody handles request message.
In the present embodiment, above-mentioned electronic equipment can be in response to determining that pre-set identification information set includes Identification information with the identification information match generated in step 403 handles request message.
Step 405, in response to determining not including the identification information with being generated in pre-set identification information set Query sentence of database is converted to syntax tree by matched identification information.
In the present embodiment, above-mentioned electronic equipment can be in response to determining not wrap in pre-set identification information set The identification information of the identification information match with being generated in step 403 is included, query sentence of database is converted into syntax tree.Syntax tree It is the figure expression of sentence structure, it represents the derivation result of sentence, is conducive to understand the level of Sentence Grammar structure.With Exemplified by SQL statement, above-mentioned electronic equipment inquiry request can be passed sequentially through morphological analysis generation participle, then will participle according to SQL syntax generative grammar tree.
Step 406, determine in syntax tree preset node node content whether with the spy in pre-set characteristic set Sign matching.
In the present embodiment, above-mentioned electronic equipment can determine to preset the section of node in the syntax tree generated in step 405 Point content whether with the characteristic matching in pre-set characteristic set.Above-mentioned electronic equipment can be in the process of generative grammar tree In, according to the feature in pre-set characteristic set, analysis matching is carried out, judges whether Intrusion Signatures, characteristic set In feature can include characteristic value and the relevant semantic information of characteristic value.Feature is injected in part, such as some are related to function Feature and regular traffic request directly easily generate accidental injury there are certain overlapping using characteristic matching.It can be by using machine The mode of device study extracts sensitivity function in injection SQL set, serializes and clustered, form sensitivity function characteristic set. It is detected by sensitivity function characteristic set, can improve and detect the recall rate of improper SQL statement and the ratio of accuracy rate.
Step 407, in response to determining to preset in node content and the pre-set characteristic set of node in syntax tree Characteristic matching, terminate the processing to request message.
In the present embodiment, above-mentioned electronic equipment can be in response to determining to preset node in syntax tree in step 406 Node content and the characteristic matching in pre-set characteristic set, terminate the processing to request message.Default node can root It is configured according to actual needs, for example, default node can be function node.
In the present embodiment, step 401, step 402, step 403, the operation of step 404 and step 201, step 402, Step 203, the operation of step 204 are essentially identical, and details are not described herein.
Figure 4, it is seen that compared with the corresponding embodiments of Fig. 2, in the present embodiment for handling request message Including the identification information match with being generated in pre-set identification information set is determined in the flow 400 of method During identification information, query sentence of database is converted into syntax tree, according in syntax tree preset node node content determine be No that request message is handled, the scheme of the present embodiment description further enriches request processing mechanism as a result, improves peace Quan Xing.
It, please for handling this application provides one kind as the realization to method shown in above-mentioned each figure with further reference to Fig. 5 One embodiment of the device of message is sought, the device embodiment is corresponding with embodiment of the method shown in Fig. 2, which specifically may be used To be applied in various electronic equipments.
As shown in figure 5, the present embodiment includes for handling the device 500 of request message:Receiving unit 501 obtains list Member 502, generation unit 503, processing unit 504.Wherein, receiving unit 501, for receiving request message;Acquiring unit 502, For obtaining the query sentence of database that request message includes;Generation unit 503, for generating the mark of query sentence of database Know information;Processing unit 504, in response to determining that pre-set identification information set includes the mark with being generated The identification information of information matches handles request message.
In the present embodiment, for handle the receiving unit 501 of the device 500 of request message, acquiring unit 502, generation The specific processing of unit 503, processing unit 504 may be referred to Fig. 2 and correspond to step 201, step 202, step 203 in embodiment With step 204.
In some optional realization methods of the present embodiment, generation unit 503, including:Participle subelement (does not show in figure Go out), generate the first character string sequence for carrying out word segmentation processing to query sentence of database;Subelement is replaced (in figure not show Go out), generate the second character string sequence for parameter input by user in the first character string sequence to be replaced with preset characters;It is unified Subelement (not shown) generates the 3rd character for the separator in unified second character string sequence and the capital and small letter of letter String sequence;Computation subunit (not shown), for calculating the cryptographic Hash of the 3rd character string sequence as data base querying language The identification information of sentence.
In some optional realization methods of the present embodiment, device further includes:Converting unit (not shown), for ringing Ying Yu determine in pre-set identification information set not include with the identification information of the identification information match generated, by number Syntax tree is converted to according to library inquiry sentence;First determination unit (not shown), for determining destined node in syntax tree Node content whether with the characteristic matching in pre-set characteristic set;First terminates unit (not shown), for ringing Ying Yu determines the node content of destined node and the characteristic matching in pre-set characteristic set in syntax tree, terminates to asking Ask the processing of message.
In some optional realization methods of the present embodiment, device further includes:Second determination unit (not shown) is used In in response to determine in pre-set identification information set not include with the identification information of the identification information match generated, Whether the sentence that determining request message includes matches with pre-set regular expression, and regular expression is set in advance for characterizing Feature in the characteristic set put;Second terminates unit (not shown), for what is included in response to determining request message Sentence and pre-set matching regular expressions, terminate the processing to request message.
In some optional realization methods of the present embodiment, device further includes feature generation unit 503, feature generation unit 503, it is used for:Obtain history invasion sentence set;Feature extraction is carried out to history invasion sentence set using machine learning method.
The device that above-described embodiment of the application provides, by receiving request message;Obtain the number that request message includes According to library inquiry sentence;Generate the identification information of query sentence of database;In response to determining pre-set identification information set Include the identification information of the identification information match with being generated, handle request message, it is a kind of based on database so as to provide The request processing mechanism of the identification information of query statement improves security during processing request message.
Below with reference to Fig. 6, it illustrates suitable for being used for realizing the computer system 600 of the electronic equipment of the embodiment of the present application Structure diagram.Electronic equipment shown in Fig. 6 is only an example, to the function of the embodiment of the present application and should not use model Shroud carrys out any restrictions.
As shown in fig. 6, computer system 600 includes central processing unit (CPU) 601, it can be read-only according to being stored in Program in memory (ROM) 602 or be loaded into program in random access storage device (RAM) 603 from storage part 608 and Perform various appropriate actions and processing.In RAM 603, also it is stored with system 600 and operates required various programs and data. CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always Line 604.
I/O interfaces 605 are connected to lower component:Importation 606 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 607 of spool (CRT), liquid crystal display (LCD) etc. and loud speaker etc.;Storage part 608 including hard disk etc.; And the communications portion 609 of the network interface card including LAN card, modem etc..Communications portion 609 via such as because The network of spy's net performs communication process.Driver 610 is also according to needing to be connected to I/O interfaces 605.Detachable media 611, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on driver 610, as needed in order to read from it Computer program be mounted into as needed storage part 608.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description Software program.For example, embodiment of the disclosure includes a kind of computer program product, including being carried on computer-readable medium On computer program, which includes for the program code of the method shown in execution flow chart.In such reality It applies in example, which can be downloaded and installed from network by communications portion 609 and/or from detachable media 611 are mounted.When the computer program is performed by central processing unit (CPU) 601, perform what is limited in the present processes Above-mentioned function.It should be noted that computer-readable medium described herein can be computer-readable signal media or Computer readable storage medium either the two any combination.Computer readable storage medium for example can be --- but It is not limited to --- electricity, magnetic, optical, electromagnetic, system, device or the device of infrared ray or semiconductor or arbitrary above combination. The more specific example of computer readable storage medium can include but is not limited to:Electrical connection with one or more conducting wires, Portable computer diskette, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type may be programmed read-only deposit Reservoir (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory Part or above-mentioned any appropriate combination.In this application, computer readable storage medium can any be included or store The tangible medium of program, the program can be commanded the either device use or in connection of execution system, device.And In the application, computer-readable signal media can include the data letter propagated in a base band or as a carrier wave part Number, wherein carrying computer-readable program code.Diversified forms may be employed in the data-signal of this propagation, including but not It is limited to electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer Any computer-readable medium beyond readable storage medium storing program for executing, the computer-readable medium can send, propagate or transmit use In by instruction execution system, device either device use or program in connection.It is included on computer-readable medium Program code any appropriate medium can be used to transmit, include but not limited to:Wirelessly, electric wire, optical cable, RF etc., Huo Zheshang Any appropriate combination stated.
It can be with one or more programming languages or its calculating for combining to write to perform the operation of the application Machine program code, described program design language include object oriented program language-such as Java, Smalltalk, C+ +, further include conventional procedural programming language-such as C language or similar programming language.Program code can be with It fully performs, partly perform on the user computer on the user computer, the software package independent as one performs, portion Divide and partly perform or perform on a remote computer or server completely on the remote computer on the user computer. Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including LAN (LAN) or Wide area network (WAN)-be connected to subscriber computer or, it may be connected to outer computer (such as is carried using Internet service Pass through Internet connection for business).
Flow chart and block diagram in attached drawing, it is illustrated that according to the system of the various embodiments of the application, method and computer journey Architectural framework in the cards, function and the operation of sequence product.In this regard, each box in flow chart or block diagram can generation The part of one module of table, program segment or code, the part of the module, program segment or code include one or more use In the executable instruction of logic function as defined in realization.It should also be noted that it is marked at some as in the realization replaced in box The function of note can also be occurred with being different from the order marked in attached drawing.For example, two boxes succeedingly represented are actually It can perform substantially in parallel, they can also be performed in the opposite order sometimes, this is depending on involved function.Also to note Meaning, the combination of each box in block diagram and/or flow chart and the box in block diagram and/or flow chart can be with holding The dedicated hardware based system of functions or operations as defined in row is realized or can use specialized hardware and computer instruction Combination realize.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard The mode of part is realized.Described unit can also be set in the processor, for example, can be described as:A kind of processor bag Include receiving unit, acquiring unit, generation unit and processing unit.Wherein, the title of these units not structure under certain conditions The paired restriction of the unit in itself, for example, receiving unit is also described as " for receiving the unit of request message ".
As on the other hand, present invention also provides a kind of computer-readable medium, which can be Included in device described in above-described embodiment;Can also be individualism, and without be incorporated the device in.Above-mentioned calculating Machine readable medium carries one or more program, when said one or multiple programs are performed by the device so that should Device:Receive request message;Obtain the query sentence of database that request message includes;Generate the mark of query sentence of database Information;In response to determining that pre-set identification information set includes the mark letter of the identification information match with being generated Breath handles request message.
The preferred embodiment and the explanation to institute's application technology principle that above description is only the application.People in the art Member should be appreciated that invention scope involved in the application, however it is not limited to the technology that the particular combination of above-mentioned technical characteristic forms Scheme, while should also cover in the case where not departing from foregoing invention design, it is carried out by above-mentioned technical characteristic or its equivalent feature The other technical solutions for being combined and being formed.Such as features described above has similar work(with (but not limited to) disclosed herein The technical solution that the technical characteristic of energy is replaced mutually and formed.

Claims (12)

1. a kind of method for handling request message, including:
Receive request message;
Obtain the query sentence of database that the request message includes;
Generate the identification information of the query sentence of database;
In response to determining that pre-set identification information set includes the identification information of the identification information match with being generated, Handle the request message.
2. according to the method described in claim 1, wherein, the identification information of the generation query sentence of database, including:
Word segmentation processing is carried out to the query sentence of database and generates the first character string sequence;
Parameter input by user in first character string sequence is replaced with into preset characters and generates the second character string sequence;
The capital and small letter of separator and letter in unified second character string sequence generates the 3rd character string sequence;
Calculate identification information of the cryptographic Hash of the 3rd character string sequence as the query sentence of database.
3. according to the method described in claim 1, wherein, the method further includes:
Believe in response to the mark for determining not including the identification information match with being generated in pre-set identification information set Breath, syntax tree is converted to by the query sentence of database;
Determine in the syntax tree preset node node content whether with the characteristic matching in pre-set characteristic set;
Node content in response to determining to preset node in the syntax tree and the feature in pre-set characteristic set Match somebody with somebody, terminate the processing to the request message.
4. according to the method described in claim 1, wherein, the method further includes:
Believe in response to the mark for determining not including the identification information match with being generated in pre-set identification information set Whether breath, the sentence that determining the request message includes match with pre-set regular expression, and the regular expression is used Feature in the pre-set characteristic set of characterization;
In response to determining sentence and pre-set matching regular expressions that the request message includes, terminate to it is described please Ask the processing of message.
5. the method according to claim 3 or 4, wherein, it is characterized in generating via following steps in the characteristic set 's:
Obtain history invasion sentence set;
Feature extraction is carried out to history invasion sentence set using machine learning method.
6. it is a kind of for handling the device of request message, including:
Receiving unit, for receiving request message;
Acquiring unit, for obtaining the query sentence of database that the request message includes;
Generation unit, for generating the identification information of the query sentence of database;
Processing unit, in response to determining that pre-set identification information set includes the identification information with being generated The identification information matched somebody with somebody handles the request message.
7. device according to claim 6, wherein, the generation unit, including:
Subelement is segmented, the first character string sequence is generated for carrying out word segmentation processing to the query sentence of database;
Subelement is replaced, for parameter input by user in first character string sequence to be replaced with preset characters generation second Character string sequence;
Unified subelement generates the 3rd character for the separator in unified second character string sequence and the capital and small letter of letter String sequence;
Computation subunit, for calculating mark of the cryptographic Hash of the 3rd character string sequence as the query sentence of database Information.
8. device according to claim 6, wherein, described device further includes:
Converting unit, in response to determining not including the identification information with being generated in pre-set identification information set The query sentence of database is converted to syntax tree by matched identification information;
First determination unit, for determine in the syntax tree preset node node content whether with pre-set feature set Characteristic matching in conjunction;
First terminates unit, in response to determining to preset the node content of node and pre-set spy in the syntax tree Characteristic matching in collection conjunction, terminates the processing to the request message.
9. device according to claim 6, wherein, described device further includes:
Second determination unit, in response to determining not including the mark with being generated in pre-set identification information set Whether the identification information of information matches, the sentence that determining the request message includes match with pre-set regular expression, The regular expression is used to characterize the feature in pre-set characteristic set;
Second terminates unit, in response to determining sentence and pre-set regular expression that the request message includes Matching, terminates the processing to the request message.
10. device according to claim 8 or claim 9, wherein, described device further includes feature generation unit, the feature life Into unit, it is used for:
Obtain history invasion sentence set;
Feature extraction is carried out to history invasion sentence set using machine learning method.
11. a kind of electronic equipment, including:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are performed by one or more of processors so that one or more of processors Realize the method as described in any in claim 1-5.
12. a kind of computer readable storage medium, is stored thereon with computer program, realized such as when which is executed by processor Any method in claim 1-5.
CN201711341371.6A 2017-12-14 2017-12-14 Method and apparatus for processing request message Active CN108090351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711341371.6A CN108090351B (en) 2017-12-14 2017-12-14 Method and apparatus for processing request message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711341371.6A CN108090351B (en) 2017-12-14 2017-12-14 Method and apparatus for processing request message

Publications (2)

Publication Number Publication Date
CN108090351A true CN108090351A (en) 2018-05-29
CN108090351B CN108090351B (en) 2022-03-08

Family

ID=62176346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711341371.6A Active CN108090351B (en) 2017-12-14 2017-12-14 Method and apparatus for processing request message

Country Status (1)

Country Link
CN (1) CN108090351B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108959965A (en) * 2018-07-06 2018-12-07 北京天空卫士网络安全技术有限公司 Data review of compliance method and apparatus
CN109241097A (en) * 2018-08-02 2019-01-18 平安科技(深圳)有限公司 A kind of configuration method of process, computer readable storage medium and terminal device
CN109582691A (en) * 2018-11-15 2019-04-05 百度在线网络技术(北京)有限公司 Method and apparatus for controlling data query
CN109657174A (en) * 2018-12-25 2019-04-19 北京百度网讯科技有限公司 Method and apparatus for more new data
CN110912720A (en) * 2018-09-14 2020-03-24 北京微播视界科技有限公司 Information generation method and device
CN111966709A (en) * 2020-09-08 2020-11-20 支付宝(杭州)信息技术有限公司 Data query method and device and electronic equipment
CN112181990A (en) * 2020-10-15 2021-01-05 金蝶云科技有限公司 Method and device for reusing temporary table
CN112966101A (en) * 2021-02-07 2021-06-15 白腊梅 Statement clustering method, transaction clustering method, statement clustering device and transaction clustering device
CN114900422A (en) * 2021-01-26 2022-08-12 瞻博网络公司 Enhanced chat interface for network management
CN115314255A (en) * 2022-07-11 2022-11-08 深信服科技股份有限公司 Attack result detection method and device, computer equipment and storage medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101448007A (en) * 2008-12-31 2009-06-03 中国电力科学研究院 Attack prevention system based on structured query language (SQL)
CN102682047A (en) * 2011-10-18 2012-09-19 国网电力科学研究院 Mixed structured query language (SQL) injection protection method
US20140359776A1 (en) * 2013-05-29 2014-12-04 Lucent Sky Corporation Method, system, and computer program product for automatically mitigating vulnerabilities in source code
CN105704146A (en) * 2016-03-18 2016-06-22 四川长虹电器股份有限公司 System and method for SQL injection prevention
CN105959324A (en) * 2016-07-15 2016-09-21 江苏博智软件科技有限公司 Regular matching-based network attack detection method and apparatus
US20160337400A1 (en) * 2015-05-15 2016-11-17 Virsec Systems, Inc. Detection of sql injection attacks
CN106357696A (en) * 2016-11-14 2017-01-25 北京神州绿盟信息安全科技股份有限公司 Detection method and detection system for SQL injection attack
CN106355094A (en) * 2016-07-08 2017-01-25 耿童童 SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation
CN107292170A (en) * 2016-04-05 2017-10-24 阿里巴巴集团控股有限公司 Detection method and device, the system of SQL injection attack
CN107292167A (en) * 2017-06-27 2017-10-24 北京计算机技术及应用研究所 Based on the SQL statement safety detection method for simplifying syntax tree
CN107451153A (en) * 2016-05-31 2017-12-08 北京京东尚科信息技术有限公司 The method and apparatus of export structure query statement
CN107451473A (en) * 2017-07-27 2017-12-08 杭州美创科技有限公司 The sql injection detection methods of feature based pattern-recognition
CN107463845A (en) * 2017-07-14 2017-12-12 上海斐讯数据通信技术有限公司 A kind of detection method, system and the computer-processing equipment of SQL injection attack

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101448007A (en) * 2008-12-31 2009-06-03 中国电力科学研究院 Attack prevention system based on structured query language (SQL)
CN102682047A (en) * 2011-10-18 2012-09-19 国网电力科学研究院 Mixed structured query language (SQL) injection protection method
US20140359776A1 (en) * 2013-05-29 2014-12-04 Lucent Sky Corporation Method, system, and computer program product for automatically mitigating vulnerabilities in source code
US20160337400A1 (en) * 2015-05-15 2016-11-17 Virsec Systems, Inc. Detection of sql injection attacks
CN105704146A (en) * 2016-03-18 2016-06-22 四川长虹电器股份有限公司 System and method for SQL injection prevention
CN107292170A (en) * 2016-04-05 2017-10-24 阿里巴巴集团控股有限公司 Detection method and device, the system of SQL injection attack
CN107451153A (en) * 2016-05-31 2017-12-08 北京京东尚科信息技术有限公司 The method and apparatus of export structure query statement
CN106355094A (en) * 2016-07-08 2017-01-25 耿童童 SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation
CN105959324A (en) * 2016-07-15 2016-09-21 江苏博智软件科技有限公司 Regular matching-based network attack detection method and apparatus
CN106357696A (en) * 2016-11-14 2017-01-25 北京神州绿盟信息安全科技股份有限公司 Detection method and detection system for SQL injection attack
CN107292167A (en) * 2017-06-27 2017-10-24 北京计算机技术及应用研究所 Based on the SQL statement safety detection method for simplifying syntax tree
CN107463845A (en) * 2017-07-14 2017-12-12 上海斐讯数据通信技术有限公司 A kind of detection method, system and the computer-processing equipment of SQL injection attack
CN107451473A (en) * 2017-07-27 2017-12-08 杭州美创科技有限公司 The sql injection detection methods of feature based pattern-recognition

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108959965B (en) * 2018-07-06 2020-01-17 北京天空卫士网络安全技术有限公司 Data compliance examination method and device
CN108959965A (en) * 2018-07-06 2018-12-07 北京天空卫士网络安全技术有限公司 Data review of compliance method and apparatus
CN109241097A (en) * 2018-08-02 2019-01-18 平安科技(深圳)有限公司 A kind of configuration method of process, computer readable storage medium and terminal device
CN110912720B (en) * 2018-09-14 2023-05-30 北京微播视界科技有限公司 Information generation method and device
CN110912720A (en) * 2018-09-14 2020-03-24 北京微播视界科技有限公司 Information generation method and device
CN109582691B (en) * 2018-11-15 2023-04-07 百度在线网络技术(北京)有限公司 Method and apparatus for controlling data query
CN109582691A (en) * 2018-11-15 2019-04-05 百度在线网络技术(北京)有限公司 Method and apparatus for controlling data query
CN109657174A (en) * 2018-12-25 2019-04-19 北京百度网讯科技有限公司 Method and apparatus for more new data
CN109657174B (en) * 2018-12-25 2023-06-02 北京百度网讯科技有限公司 Method and device for updating data
CN111966709A (en) * 2020-09-08 2020-11-20 支付宝(杭州)信息技术有限公司 Data query method and device and electronic equipment
CN111966709B (en) * 2020-09-08 2024-07-16 支付宝(杭州)信息技术有限公司 Data query method and device and electronic equipment
CN112181990A (en) * 2020-10-15 2021-01-05 金蝶云科技有限公司 Method and device for reusing temporary table
CN114900422A (en) * 2021-01-26 2022-08-12 瞻博网络公司 Enhanced chat interface for network management
CN112966101B (en) * 2021-02-07 2024-06-18 白腊梅 Statement clustering method, transaction clustering method, statement clustering device and transaction clustering device
CN112966101A (en) * 2021-02-07 2021-06-15 白腊梅 Statement clustering method, transaction clustering method, statement clustering device and transaction clustering device
CN115314255A (en) * 2022-07-11 2022-11-08 深信服科技股份有限公司 Attack result detection method and device, computer equipment and storage medium
CN115314255B (en) * 2022-07-11 2023-12-29 深信服科技股份有限公司 Attack result detection method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN108090351B (en) 2022-03-08

Similar Documents

Publication Publication Date Title
CN108090351A (en) For handling the method and apparatus of request message
JP6609047B2 (en) Method and device for application information risk management
EP3811266A1 (en) Concealing sensitive information in text
CN106874253A (en) Recognize the method and device of sensitive information
CN112468658B (en) Voice quality detection method and device, computer equipment and storage medium
CN110855648B (en) Early warning control method and device for network attack
CN111783132A (en) SQL sentence security detection method, device, equipment and medium based on machine learning
CN107634947A (en) Limitation malice logs in or the method and apparatus of registration
CN109614327B (en) Method and apparatus for outputting information
CN111586695B (en) Short message identification method and related equipment
CN109582954A (en) Method and apparatus for output information
CN113568626B (en) Dynamic packaging and application package opening method and device and electronic equipment
CN114693192A (en) Wind control decision method and device, computer equipment and storage medium
CN108959965A (en) Data review of compliance method and apparatus
WO2020232902A1 (en) Abnormal object identification method and apparatus, computing device, and storage medium
CN112328486A (en) Interface automation test method and device, computer equipment and storage medium
US20220321598A1 (en) Method of processing security information, device and storage medium
WO2024169388A1 (en) Security requirement generation method and apparatus based on stride model, electronic device and medium
CN108182180B (en) Method and apparatus for generating information
Chen et al. Fraud analysis and detection for real-time messaging communications on social networks
CN105354506B (en) The method and apparatus of hidden file
US12067138B2 (en) Systems and methods for linking a screen capture to a user support session
CN110020239B (en) Malicious resource transfer webpage identification method and device
US11886590B2 (en) Emulator detection using user agent and device model learning
CN109086438A (en) Method and apparatus for query information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant