CN109324985A - A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning - Google Patents
A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning Download PDFInfo
- Publication number
- CN109324985A CN109324985A CN201811019272.0A CN201811019272A CN109324985A CN 109324985 A CN109324985 A CN 109324985A CN 201811019272 A CN201811019272 A CN 201811019272A CN 109324985 A CN109324985 A CN 109324985A
- Authority
- CN
- China
- Prior art keywords
- machine learning
- sql
- firewall
- feature
- sql statement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
Abstract
The present invention relates to digital information transmission technical fields, more particularly to a kind of SQL injection recognition methods of automatic adaptation scene based on machine learning, including machine-learning process, machine protection process, machine-learning process includes disposing firewall, the SQL statement in separation flow, machine learning SQL feature, machine learning traffic characteristic, identification SQL injection;Machine protection process includes disposing firewall, the SQL statement in separation flow, judging SQL statement risk, judge that traffic characteristic risk, identification SQL injection, user participate in firewall tuning.The present invention is different from traditional SQL injection detection model, in the case where knowing nothing backstage situation, only can detect possible SQL injection by the input of analysis user, and be classified to its threat degree;Without that can be on the defensive, reduce rate of false alarm by rules for writing.
Description
Technical field
The present invention relates to digital information transmission technical fields, and in particular to a kind of automatic adaptation scene based on machine learning
SQL injection recognition methods.
Background technique
SQL (Structured Query Language) is the field ad hoc type language used in programming, for managing
The data saved in relational database management system (RDBMS), or for the stream process in relation data Workflow Management System
(RDSMS).SQL injection is a kind of code injection technology, for attacking the application program of data-driven, by the SQL statement of malice
Input field is inserted into for execution (such as by data-base content dump to attacker), SQL injection must utilize application program
Security breaches in software, SQL injection are commonly known as the attack medium of website, but can be used to attack any kind of SQL
Database, SQL injection attack allow attacker's spoofed identity, distort available data, cause refusal problem (such as exclusion transaction or more
Change remaining sum), allow all data in full disclosure system, destroys data or keep its unavailable, and become database server
Administrator, currently, SQL injection attack detection method, the research of main leaky detection and Web two aspects of defence,
It is external more to research in this respect in terms of Hole Detection, have it is some oneself mentioned through having reached commercial value, S.Kals very early
Test model " SecBat " is gone out;For SQL injection, IBM has developed special injection detection instrument AppScan, at abroad, right
The technology of penetration testing also has the system standard of comparison system, more there is the technical team of some comparative maturities, as American National is pacified
The ISECOM safety such as global red cell (Red Cell) team and the red team of USN's computer network is ground with published method
Study carefully prepared safety detecting method open source handbook etc., in terms of Web defence, Web site safety precaution is due to SQL injection
The root of problem is the illegal input of user, the core concept of Web defence be the Url transmission stage to the legitimacy of Url into
There is bad input, are broadly divided into a series of detection of row, prevention user: verifying strobe utility, Meaning transfer encryption, shielding letter
Breath takes precautions against several classes of model, base to sensitive information encryption, user authority setting, inquiry detection system, second order SQL injection, detection
Usually have many advantages, such as verification and measurement ratio height in the model of machine learning, identifies quick.Current machine learning method is excellent due to its own
Gesture, oneself is applied to abnormal traffic detection field, has developed some abnormal traffic detection systems.But such research is often
Data volume deficiency is faced, it is of low quality, it the difficulties such as needs to be artificially generated, effective enterprise's application can not be actually generated.
Summary of the invention
It is an object of the invention to overcome problems of the prior art, provide a kind of automatic suitable based on machine learning
The SQL injection recognition methods of scene is answered, it may be implemented to be different from traditional SQL injection detection model, to backstage situation one
In the case where ignorant, possible SQL injection only can be detected by the input of analysis user, and to its threat degree into
Row classification.
To realize above-mentioned technical purpose and the technique effect, the present invention is achieved by the following technical solutions:
A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, includes the following steps:
Step 1, machine-learning process, specifically comprise the following steps:
Step 1.1, deployment firewall: firewall is disposed before server;
Step 1.2, machine learning SQL statement feature: firewall is shelled the SQL statement in data message using one automatically
From module, separate SQL statement, and using one judgement SQL statement feature module, learn SQL statement feature;
Step 1.3, machine learning traffic characteristic: module of the firewall using a judgement data flow characteristics, learning data
Flow feature;
Step 1.4 forms learning outcome: firewall is formed by ballot fusion, decision Tree algorithms by machine learning
Traffic classifier;
Step 2, machine protection process, specifically comprise the following steps:
Step 2.1, deployment firewall: firewall is disposed before server;
SQL statement in step 2.2, separation flow: firewall is shelled the SQL statement in data message using one automatically
From module, separate SQL statement;
Step 2.3 extracts traffic characteristic: firewall uses a flow information extraction device, extracts the traffic characteristic of message;
Step 2.4, identification SQL injection: firewall determines whether to intercept this using a classifier by data training
Secondary data message, and store classification results;
Step 2.5, the white list for forming feature environment: firewall at regular intervals, automatically generates the white name of flow information
Single classifier.
Further, in the SQL statement in the step 1.2 machine learning SQL statement feature and step 2.2 separation flow
Module include pretreatment to initial data, the pretreatment specifically include noise remove, missing values processing, code conversion,
Similar duplicate removal, Url decoding, character string fractionation, similar field are extensive, field division operation, and can be based on SQL statement function,
SQL data are carried out with preliminary division.
Further, include the following steps: in the step 1.2 machine learning SQL statement feature
Step 1.2.1, using Real Adaboost scheduling algorithm, to the SQL statement subclass of the classification divided, and
Store results, in case and other step machine learning results synthesis;
Step 1.2.2, it executes several times, and close to after fitting in step 1.2.1, using FP-Growth scheduling algorithm, calculates
The correlation of division result in step 1.2.1 forms the classifier of the SQL statement based on machine learning;
Step 1.2.3, rule is protected to known some SQL, using Real Adaboost scheduling algorithm, is finely divided class,
And each disaggregated classification is weighted, and store results, in case and other step machine learning results synthesis;
Step 1.2.4, using Apriori scheduling algorithm, the correlation of division result in step 1.2.3 is calculated, formation is based on
The classifier of the known SQL rule of machine learning.
Further, in the step 1.3 machine learning traffic characteristic, include the following steps:
Step 1.3.1, the module of packet information is automatically extracted using one, extracts the following information in data message:
A, source IP, source port, Target IP, target port, the information for waiting data messages generally existing;
B, host information, url target, client agent, the link informations such as connection cookie;
Step 1.3.2, using Real Adaboost scheduling algorithm, to the flow information subclass of the classification divided, and
Store results, in case and other step machine learning results synthesis;
Step 1.3.3, it executes several times, and close to after fitting in step 1.3.2, using FP-Growth scheduling algorithm, calculates
The correlation of division result in step 1.3.2 forms the classifier of the traffic characteristic based on machine learning;
Step 1.3.4, rule is protected to known some traffic characteristics, using Real Adaboost scheduling algorithm, carried out thin
Classification, and each disaggregated classification is weighted, and store results, in case and other step machine learning results synthesis;
Step 1.3.5, using Apriori scheduling algorithm, the correlation of division result in step 1.3.4 is calculated, formation is based on
The classifier of the known mass flow protection rule of machine learning.
Further, the step 1.4 forms learning outcome, includes the following steps:
Step 1.4.1, the classifier obtained using step 1.2, step 1.3 is merged, decision tree using ballot, etc.
Boosting algorithm obtains the accuracy of classifier under different boosting algorithms;
Step 1.4.2, in step 1.4.1, the highest boosting scheme of accuracy is chosen, point obtained as training
Class device.
Further, the step 2.3 extracts traffic characteristic, includes the following steps:
Step 2.3.1, the module of packet information is automatically extracted using one, extracts the following information in data message:
A. source IP, source port, Target IP, target port, the information for waiting data messages generally existing;
B.host information, url target, client agent, the link informations such as connection cookie;
Step 2.3.2, store results, in case and other step machine learning results synthesis.
Further, the step 2.4 identifies SQL injection, includes the following steps:
Step 2.4.1, firewall attempts the white list classifier obtained using step 2.5, obtains to step 2.2, step 2.3
The data message information taken is matched, and provides attack expectation to this message;
Step 2.4.2, firewall is used and is obtained in step 1.4, by the classifier of data training, foundation step 2.2,
The data message information that step 2.3 obtains provides attack expectation to this message, and the attack of step 2.4.1 is combined it is expected, into
Row attack intercepts;
Step 2.4.3, the information and step 2.4.1, step 2.4.2 that firewall storing step 2.2, step 2.3 obtain
Attack expectation, in case and other steps synthesis.
Further, the step 2.5 forms the white list of feature environment, includes the following steps:
Step 2.5.1, at regular intervals, firewall automaticly inspects the data message information and attack of step 2.4 storage
It is expected that and analyzing the data message feature wherein let pass;
Step 2.5.2, firewall generates dynamic white list classifier according to the data message feature in step 2.5.1.
Beneficial effects of the present invention: low to background information dependence based on machine learning, it is good accurate to have
Property, it is with good expansibility, meets the speed requirement protected online, deployment difficulty is low, is different from traditional SQL injection inspection
Model is surveyed, in the case where knowing nothing backstage situation, possible SQL only can be detected by the input of analysis user
Injection, and its threat degree is classified;Without that can be on the defensive, reduce rate of false alarm by rules for writing.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will be described below to embodiment required
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is a kind of process signal of SQL injection recognition methods of the automatic adaptation scene based on machine learning of the present invention
Figure;
Fig. 2 is in the embodiment of the present invention in machine-learning process step, and the learning process of the SQL of learning data message is shown
It is intended to;
Fig. 3 is the embodiment of the present invention in machine-learning process step, learns the process signal of known SQL protection rule
Figure;
Fig. 4 is the embodiment of the present invention in machine-learning process step, learns the learning process schematic diagram of traffic characteristic;
Fig. 5 is the embodiment of the present invention in machine-learning process step, and the process of study known mass flow protection rule is shown
It is intended to;
Fig. 6 is the embodiment of the present invention in machine-learning process step, forms the process schematic of traffic classifier.
Specific embodiment
In order to be easy to understand the technical means, the creative features, the aims and the efficiencies achieved by the present invention, below will
In conjunction with the attached drawing in the embodiment of the present invention, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that
Described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on the implementation in the present invention
Example, all other embodiment obtained by those of ordinary skill in the art without making creative efforts belong to
The scope of protection of the invention.
A kind of SQL injection recognition methods of automatic adaptation scene based on machine learning as shown in figures 1 to 6, including it is as follows
Step:
Step 1, machine-learning process, specifically comprise the following steps:
Step 1.1, deployment firewall: firewall is disposed before server;
Step 1.2, machine learning SQL statement feature: firewall is shelled the SQL statement in data message using one automatically
From module, separate SQL statement, and using one judgement SQL statement feature module, learn SQL statement feature;
Step 1.3, machine learning traffic characteristic: module of the firewall using a judgement data flow characteristics, learning data
Flow feature;
Step 1.4 forms learning outcome: firewall forms by ballot fusion, decision tree scheduling algorithm and passes through machine learning
Traffic classifier;
Step 2, machine protection process, specifically comprise the following steps:
Step 2.1, deployment firewall: firewall is disposed before server;
SQL statement in step 2.2, separation flow: firewall is shelled the SQL statement in data message using one automatically
From module, separate SQL statement;
Step 2.3 extracts traffic characteristic: firewall uses a flow information extraction device, extracts the traffic characteristic of message;
Step 2.4, identification SQL injection: firewall determines whether to intercept this using a classifier by data training
Secondary data message, and store classification results;
Step 2.5, the white list for forming feature environment: firewall at regular intervals, automatically generates the white name of flow information
Single classifier.
The module packet in SQL statement in the step 1.2 machine learning SQL statement feature and step 2.2 separation flow
Include the pretreatment to initial data, the pretreatment specifically include noise remove, missing values processing, code conversion, similar duplicate removal,
Url decoding, character string are split, similar field is extensive, field division operation, and can be based on SQL statement function, to SQL data
Carry out preliminary division.
Include the following steps: in the step 1.2 machine learning SQL statement feature
Step 1.2.1, using Real Adaboost scheduling algorithm, to the SQL statement subclass of the classification divided, and
Store results, in case and other step machine learning results synthesis;
Step 1.2.2, it executes several times, and close to after fitting in step 1.2.1, using FP-Growth scheduling algorithm, calculates
The correlation of division result in step 1.2.1 forms the classifier of the SQL statement based on machine learning;
Step 1.2.3, rule is protected to known some SQL, using Real Adaboost scheduling algorithm, is finely divided class,
And each disaggregated classification is weighted, and store results, in case and other step machine learning results synthesis;
Step 1.2.4, using Apriori scheduling algorithm, the correlation of division result in step 1.2.3 is calculated, formation is based on
The classifier of the known SQL rule of machine learning.
In the step 1.3 machine learning traffic characteristic, include the following steps:
Step 1.3.1, the module of packet information is automatically extracted using one, extracts the following information in data message:
A, source IP, source port, Target IP, target port, the information for waiting data messages generally existing;
B, host information, url target, client agent, the link informations such as connection cookie;
Step 1.3.2, using Real Adaboost scheduling algorithm, to the flow information subclass of the classification divided, and
Store results, in case and other step machine learning results synthesis;
Step 1.3.3, it executes several times, and close to after fitting in step 1.3.2, using FP-Growth scheduling algorithm, calculates
The correlation of division result in step 1.3.2 forms the classifier of the traffic characteristic based on machine learning;
Step 1.3.4, rule is protected to known some traffic characteristics, using Real Adaboost scheduling algorithm, carried out thin
Classification, and each disaggregated classification is weighted, and store results, in case and other step machine learning results synthesis;
Step 1.3.5, using Apriori scheduling algorithm, the correlation of division result in step 1.3.4 is calculated, formation is based on
The classifier of the known mass flow protection rule of machine learning.
The step 1.4 forms learning outcome, includes the following steps:
Step 1.4.1, the classifier obtained using step 1.2, step 1.3 is merged, decision tree using ballot, etc.
Boosting algorithm obtains the accuracy of classifier under different boosting algorithms;
Step 1.4.2, in step 1.4.1, the highest boosting scheme of accuracy is chosen, point obtained as training
Class device.
The step 2.3 extracts traffic characteristic, includes the following steps:
Step 2.3.1, the module of packet information is automatically extracted using one, extracts the following information in data message:
A. source IP, source port, Target IP, target port, the information for waiting data messages generally existing;
B.host information, url target, client agent, the link informations such as connection cookie;
Step 2.3.2, store results, in case and other step machine learning results synthesis.
The step 2.4 identifies SQL injection, includes the following steps:
Step 2.4.1, firewall attempts the white list classifier obtained using step 2.5, obtains to step 2.2, step 2.3
The data message information taken is matched, and provides attack expectation to this message;
Step 2.4.2, firewall is used and is obtained in step 1.4, by the classifier of data training, foundation step 2.2,
The data message information that step 2.3 obtains provides attack expectation to this message, and the attack of step 2.4.1 is combined it is expected, into
Row attack intercepts;
Step 2.4.3, the information and step 2.4.1, step 2.4.2 that firewall storing step 2.2, step 2.3 obtain
Attack expectation, in case and other steps synthesis.
The step 2.5 forms the white list of feature environment, includes the following steps:
Step 2.5.1, at regular intervals, firewall automaticly inspects the data message information and attack of step 2.4 storage
It is expected that and analyzing the data message feature wherein let pass;
Step 2.5.2, firewall generates dynamic white list classifier according to the data message feature in step 2.5.1.
Present invention disclosed above preferred embodiment is only intended to help to illustrate the present invention.There is no detailed for preferred embodiment
All details are described, are not limited the invention to the specific embodiments described.Obviously, according to the content of this specification,
It can make many modifications and variations.These embodiments are chosen and specifically described to this specification, is in order to better explain the present invention
Principle and practical application, so that skilled artisan be enable to better understand and utilize the present invention.The present invention is only
It is limited by claims and its full scope and equivalent.
Claims (8)
1. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, which is characterized in that including walking as follows
It is rapid:
Step 1, machine-learning process, specifically comprise the following steps:
Step 1.1, deployment firewall: firewall is disposed before server;
Step 1.2, machine learning SQL statement feature: what firewall was automatically stripped the SQL statement in data message using one
Module separates SQL statement, and using the module of a judgement SQL statement feature, learns SQL statement feature;
Step 1.3, machine learning traffic characteristic: module of the firewall using a judgement data flow characteristics, learning data stream spy
Sign;
Step 1.4 forms learning outcome: firewall forms the flow Jing Guo machine learning by ballot fusion, decision Tree algorithms
Classifier;
Step 2, machine protection process, specifically comprise the following steps:
Step 2.1, deployment firewall: firewall is disposed before server;
SQL statement in step 2.2, separation flow: what firewall was automatically stripped the SQL statement in data message using one
Module separates SQL statement;
Step 2.3 extracts traffic characteristic: firewall uses a flow information extraction device, extracts the traffic characteristic of message;
Step 2.4, identification SQL injection: firewall determines whether to intercept this number using a classifier by data training
According to message, and store classification results;
Step 2.5, the white list for forming feature environment: firewall at regular intervals, automatically generates flow information white list point
Class device.
2. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In including the following steps: in the step 1.2 machine learning SQL feature
Step 1.2.1, all kinds of essential characteristics of current SQL sentence are extracted;
Step 1.2.2, machine learning SQL statement essential characteristic corresponds to classification;
Step 1.2.3, the relationship between machine learning SQL statement classification;
Step 1.2.4, SQL rule corresponding relationship known to machine learning;
Step 1.2.5, according to learning outcome, classifier is generated.
3. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In including the following steps: in the step 1.3 machine learning traffic characteristic
Step 1.3.1, current data stream traffic characteristic is extracted;
Step 1.3.2, machine learning data flow characteristics correspond to classification;
Step 1.3.3, the relationship between machine learning data flow characteristics;
Step 1.3.4, flow rule corresponding relationship known to machine learning;
Step 1.3.5, according to learning outcome, classifier is generated.
4. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In the step 1.4 is formed in learning outcome, is included the following steps:
Step 1.4.1, the classifier obtained using step 1.2, step 1.3 waits boosting using ballot fusion, decision tree
Algorithm obtains the accuracy of classifier under different boosting algorithms;
Step 1.4.2, the highest boosting scheme of accuracy is chosen, the classifier obtained as training.
5. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In the module in SQL statement in the step 2.2 separation flow includes the pretreatment to initial data, the pretreatment tool
Body includes noise remove, missing values processing, code conversion, similar duplicate removal, Url is decoded, character string is split, similar field is extensive,
Field division operation, and it can be based on SQL statement function, SQL data are carried out with preliminary division.
6. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In the step 2.3 extracts traffic characteristic, includes the following steps:
Step 2.3.1, the module of packet information is automatically extracted using one, extracts the following information in data message:
A. source IP, source port, Target IP, target port, the information for waiting data messages generally existing;
B.host information, url target, client agent, the link informations such as connection cookie;
Step 2.3.2, store results, in case and other step machine learning results synthesis.
7. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In the step 2.4 identifies SQL injection, includes the following steps:
Step 2.4.1: firewall attempts the white list classifier obtained using step 2.5, obtains to step 2.2, step 2.3
Data message information is matched, and provides attack expectation to this message;
Step 2.4.2: firewall is used and is obtained in step 1.4, by the classifier of data training, foundation step 2.2, step
The 2.3 data message information obtained provide attack expectation to this message, and the attack expectation of comprehensive characteristics 1 carries out attack and blocks
It cuts;
Step 2.4.3: the attack expectation of information and feature 1, feature 2 that firewall storing step 2.2, step 2.3 obtain.
8. a kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning, feature according to right 1 exist
In the step 2.5 forms the white list of feature environment, includes the following steps:
Step 2.5.1: at regular intervals, firewall automaticly inspects the data message information and attack expectation of step 2.4 storage,
And the data message feature wherein let pass is analyzed, generate dynamic white list classifier.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811019272.0A CN109324985A (en) | 2018-09-03 | 2018-09-03 | A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811019272.0A CN109324985A (en) | 2018-09-03 | 2018-09-03 | A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109324985A true CN109324985A (en) | 2019-02-12 |
Family
ID=65263489
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811019272.0A Pending CN109324985A (en) | 2018-09-03 | 2018-09-03 | A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109324985A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110990864A (en) * | 2019-11-27 | 2020-04-10 | 支付宝(杭州)信息技术有限公司 | Report authority management method, device and equipment |
CN112202822A (en) * | 2020-12-07 | 2021-01-08 | 中国人民解放军国防科技大学 | Database injection detection method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294969A (en) * | 2017-06-22 | 2017-10-24 | 电子科技大学 | A kind of SQL injection attack detection and system based on SDN |
CN107392016A (en) * | 2017-07-07 | 2017-11-24 | 四川大学 | A kind of web data storehouse attack detecting system based on agency |
CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
CN107451473A (en) * | 2017-07-27 | 2017-12-08 | 杭州美创科技有限公司 | The sql injection detection methods of feature based pattern-recognition |
CN107566363A (en) * | 2017-08-30 | 2018-01-09 | 杭州安恒信息技术有限公司 | A kind of SQL injection attack guarding method based on machine learning |
-
2018
- 2018-09-03 CN CN201811019272.0A patent/CN109324985A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
CN107294969A (en) * | 2017-06-22 | 2017-10-24 | 电子科技大学 | A kind of SQL injection attack detection and system based on SDN |
CN107392016A (en) * | 2017-07-07 | 2017-11-24 | 四川大学 | A kind of web data storehouse attack detecting system based on agency |
CN107451473A (en) * | 2017-07-27 | 2017-12-08 | 杭州美创科技有限公司 | The sql injection detection methods of feature based pattern-recognition |
CN107566363A (en) * | 2017-08-30 | 2018-01-09 | 杭州安恒信息技术有限公司 | A kind of SQL injection attack guarding method based on machine learning |
Non-Patent Citations (1)
Title |
---|
张登峰: "基于机器学习的SQL注入检测", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110990864A (en) * | 2019-11-27 | 2020-04-10 | 支付宝(杭州)信息技术有限公司 | Report authority management method, device and equipment |
CN112202822A (en) * | 2020-12-07 | 2021-01-08 | 中国人民解放军国防科技大学 | Database injection detection method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109816397B (en) | Fraud discrimination method, device and storage medium | |
CN110233849B (en) | Method and system for analyzing network security situation | |
Azeez et al. | Identifying phishing attacks in communication networks using URL consistency features | |
CN109922065B (en) | Quick identification method for malicious website | |
CN102932348A (en) | Real-time detection method and system of phishing website | |
CN112491779B (en) | Abnormal behavior detection method and device and electronic equipment | |
CN112543196A (en) | Network threat information sharing platform based on block chain intelligent contract | |
CN113704328B (en) | User behavior big data mining method and system based on artificial intelligence | |
CN114553523A (en) | Attack detection method and device based on attack detection model, medium and equipment | |
CN113949527A (en) | Abnormal access detection method and device, electronic equipment and readable storage medium | |
CN113486343A (en) | Attack behavior detection method, device, equipment and medium | |
Nalavade et al. | Mining association rules to evade network intrusion in network audit data | |
CN111191720B (en) | Service scene identification method and device and electronic equipment | |
CN109324985A (en) | A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning | |
CN115205766A (en) | Block chain-based network security abnormal video big data detection method and system | |
CN113704772B (en) | Safety protection processing method and system based on user behavior big data mining | |
US20190372998A1 (en) | Exchange-type attack simulation device, exchange-type attack simulation method, and computer readable medium | |
CN111049828A (en) | Network attack detection and response method and system | |
US20150150132A1 (en) | Intrusion detection system false positive detection apparatus and method | |
CN116827656A (en) | Network information safety protection system and method thereof | |
CN115599345A (en) | Application security requirement analysis recommendation method based on knowledge graph | |
CN116015703A (en) | Model training method, attack detection method and related devices | |
US11539730B2 (en) | Method, device, and computer program product for abnormality detection | |
CN115174205A (en) | Network space safety real-time monitoring method, system and computer storage medium | |
CN113297582A (en) | Safety portrait generation method based on information safety big data and big data system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190212 |