CN110035031A - A kind of detection method and data processing method of SQL injection - Google Patents
A kind of detection method and data processing method of SQL injection Download PDFInfo
- Publication number
- CN110035031A CN110035031A CN201810027161.8A CN201810027161A CN110035031A CN 110035031 A CN110035031 A CN 110035031A CN 201810027161 A CN201810027161 A CN 201810027161A CN 110035031 A CN110035031 A CN 110035031A
- Authority
- CN
- China
- Prior art keywords
- sql
- character
- bypass
- coding
- coding schedule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Machine Translation (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
This application discloses a kind of detection method of SQL injection and data processing methods;The detection method of above-mentioned SQL injection, comprising: according to coding schedule, test object is encoded, obtains coding result;Wherein, the corresponding relationship between coding schedule record character class and code;According to coding result, determine test object with the presence or absence of SQL injection.The application realizes the quick detection of SQL injection, improves detection effect, and reduce defence cost.
Description
Technical field
This application involves but be not limited at the detection method and data of network safety filed more particularly to a kind of SQL injection
Reason method.
Background technique
Structured query language (SQL, Structured Query Language) injection is common network attack side
Formula.SQL injection is caused by constructing special malice SQL statement as the incoming web application of parameter and being performed it
Trespass network system.Current Web application guard system (WAF, Web Application Firewall) relies on substantially
Regular expression carries out SQL injection detection.However, attacker is for traditional SQL injection detection side based on regular expression
Method has formd a set of around (bypass) method, causes the SQL injection detection of WAF ineffective.Moreover, because canonical table
Up to the limitation of formula, needs a large amount of manpower maintenances that regular expression could be made to reach enough spreadabilities, cause to defend cost
It is higher.
Summary of the invention
It is the general introduction to the theme being described in detail herein below.This general introduction is not the protection model in order to limit claim
It encloses.
The embodiment of the present application provides the detection method and data processing method of a kind of SQL injection, can be realized SQL injection
Quickly detection, to improve detection effect, and reduces defence cost.
In a first aspect, the embodiment of the present application provides a kind of detection method of SQL injection, comprising:
According to coding schedule, test object is encoded, obtains coding result;Wherein, the coding schedule records character type
Corresponding relationship not between code;
According to the coding result, determine the test object with the presence or absence of SQL injection.
In the exemplary embodiment, following ten character classes: SQL commonly used word can be at least recorded in the coding schedule
It is female, around (bypass) conventional characters, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and
The general alphabet three of bypass, SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding be not above
Character, ASCII in classification encode the character other than 20 to 7E.
In the exemplary embodiment, the code recorded in the coding schedule may include at least one corresponding character class
Color.
In the exemplary embodiment, described that test object is encoded according to coding schedule, coding result is obtained, it can
To include: to determine the corresponding color of character in the test object according to the coding schedule, it is corresponding to obtain the test object
Image, the coding result as the test object.
In the exemplary embodiment, described according to the coding result, determine that the test object is infused with the presence or absence of SQL
Enter, may include: that image recognition is carried out to the coding result, determines the test object with the presence or absence of SQL injection.
In the exemplary embodiment, described that test object is encoded according to coding schedule, obtain coding result it
Before, the above method can also include: to obtain the coding schedule based on SQL syntax and setting sample in the following manner:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze there are the bypass sample of SQL injection and there is no the normal sample of SQL injection, obtain
Bypass everyday words, bypass character and spcial character;
According to SQL everyday words, bypass everyday words, bypass character and spcial character, determines and remember in the coding schedule
Multiple character classes of record;
The corresponding relationship between any character class and code is established, the coding schedule is obtained.
Second aspect, the embodiment of the present application provide a kind of data processing method, comprising:
Based on SQL syntax and setting sample, the character class recorded in coding schedule is determined;
Any character class in the coding schedule and the corresponding relationship between code are established, the coding schedule is obtained.
In the exemplary embodiment, following ten character classes: SQL commonly used word can be at least recorded in the coding schedule
Mother, bypass conventional characters, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and bypass
General alphabet three, SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding be not in the above classification
Character, ASCII encode 20 to 7E other than character.
In the exemplary embodiment, it is described establish it is corresponding between any character class and code in the coding schedule
Relationship obtains the coding schedule, may include: to obtain the coding schedule using a kind of a kind of character class of color correspondence markings.
In the exemplary embodiment, described based on SQL syntax and setting sample, determine the character type recorded in coding schedule
Not, may include:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze there are the bypass sample of SQL injection and there is no the normal sample of SQL injection, bypassed
Bypass everyday words, bypass character and spcial character;
According to SQL everyday words, bypass everyday words, bypass character and spcial character, determines and remember in the coding schedule
Multiple character classes of record.
The third aspect, the embodiment of the present application provide a kind of exchange method, comprising:
There is provided an interactive interface, the interactive interface is suitable for display at least one of: coding schedule, according to the coding
Coding result that table encodes test object, the test object whether there is the testing result of SQL injection;Its
In, the corresponding relationship between the coding schedule record character class and code.
In the exemplary embodiment, in the coding schedule, a kind of a kind of character type of color correspondence markings can be used
Not.
In the exemplary embodiment, following ten character classes: SQL commonly used word can be at least recorded in the coding schedule
Mother, bypass conventional characters, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and bypass
General alphabet three, SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding be not in the above classification
Character, ASCII encode 20 to 7E other than character.
In addition, the embodiment of the present application also provides a kind of calculating equipment, comprising: first memory and first processor;It is described
First memory is suitable for storing the detection program of SQL injection, realizes when the detection program is executed by the first processor
The step of detection method of the SQL injection of first aspect offer is provided.
In addition, the embodiment of the present application also provides a kind of calculating equipment, comprising: second memory and second processor;It is described
Second memory is suitable for storing data processing routine, and the data processor is realized above-mentioned when being executed by the second processor
The step of data processing method that second aspect provides.
In addition, the embodiment of the present application also provides a kind of computer-readable medium, it is stored with the detection program of SQL injection, institute
The step of stating the detection method for the SQL injection for realizing that above-mentioned first aspect provides when detection program is executed by processor.
In addition, the embodiment of the present application also provides a kind of computer-readable medium, it is stored with data processor, the data
The step of data processing method that above-mentioned second aspect provides is realized when processing routine is executed by processor.
In the embodiment of the present application, according to coding schedule, test object is encoded, obtains coding result;Wherein, it encodes
Table records the corresponding relationship between character class and code;According to coding result, determine test object with the presence or absence of SQL injection.
The detection method that the application proposes has flexibility, can greatly improve attacker's discovery around (bypass) method at
This, and can be realized quick detection, to adapt to the mass data demand of cloud computing.
Certainly, implement any product of the application it is not absolutely required to and meanwhile reach all of above advantage.
Detailed description of the invention
Fig. 1 is the flow chart of the detection method of SQL injection provided by the embodiments of the present application;
Fig. 2 is the exemplary diagram of the character class in the coding schedule of the embodiment of the present application;
Fig. 3 is the exemplary diagram of the testing process of the embodiment of the present application;
Fig. 4 is the schematic diagram of the detection device of SQL injection provided by the embodiments of the present application;
Fig. 5 is the flow chart of data processing method provided by the embodiments of the present application;
Fig. 6 is the schematic diagram of data processing equipment provided by the embodiments of the present application;
Fig. 7 is the schematic diagram provided by the embodiments of the present application for calculating equipment.
Specific embodiment
The embodiment of the present application is described in detail below in conjunction with attached drawing, it should be understood that embodiments described below is only
For instruction and explanation of the application, it is not used to limit the application.
It should be noted that each feature in the embodiment of the present application and embodiment can be tied mutually if do not conflicted
It closes, within the scope of protection of this application.In addition, though logical order is shown in flow charts, but in certain situations
Under, it can be with the steps shown or described are performed in an order that is different from the one herein.
In some embodiments, the calculating equipment of the detection method or data processing method that execute SQL injection may include
One or more processors (CPU, Central Processing Unit), input/output interface, network interface and memory
(memory)。
Memory may include non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.Memory may include module 1, module 2 ... ..., module N (N is the integer greater than 2).
Computer-readable medium includes permanent and non-permanent, removable and non-movable storage medium.Storage medium
It can be accomplished by any method or technique information storage.Information can be the mould of computer readable instructions, data structure, program
Block or other data.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random-access is deposited
Reservoir (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only
Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage or other magnetic
Property storage equipment or any other non-transmission medium, can be used for storing and can be accessed by a computing device information.According to herein
Define, computer-readable medium does not include non-temporary computer readable media (transitory media), such as modulation data
Signal and carrier wave.
The embodiment of the present application provides the detection method and data processing method of a kind of SQL injection;Wherein, based on passing through SQL
The coding schedule that grammer and setting sample obtain, realizes the quick detection of SQL injection, to improve detection effect, and reduces defence
Cost.
Fig. 1 is the flow chart of the detection method of SQL injection provided by the embodiments of the present application.As shown in Figure 1, the present embodiment mentions
The detection method of the SQL injection of confession, comprising:
S101, according to coding schedule, test object is encoded, coding result is obtained;Wherein, coding schedule records character type
Corresponding relationship not between code;
S102, according to coding result, determine test object with the presence or absence of SQL injection.
The detection method of SQL injection provided in this embodiment can be executed by Web application guard system (WAF).Wherein,
WAF can be deployed in server-side calculate in equipment or client computing device (for example, the mobile terminals such as portable computer, or
Person, the fixed terminals such as desktop computer) and server-side calculate equipment (for example, the server in cloud) between calculating equipment on.So
And the application does not limit this.
The detection method of SQL injection provided in this embodiment can be individually deployed on WAF, execute the detection of SQL injection
Function realizes SQL injection detection alternatively, can cooperate with the detection method of other SQL injections.However, the application to this not
It limits.
In the exemplary embodiment, before S101, the detection method of the present embodiment can also include:
Coding schedule is obtained based on SQL syntax and setting sample in the following manner:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze that there are SQL injections around (bypass) sample and there is no the normal sample of SQL injection, obtain
To bypass everyday words, bypass character and spcial character;
According to SQL everyday words, bypass everyday words, bypass character and spcial character, determines and recorded in coding schedule
Multiple character classes;
The corresponding relationship between any character class and code is established, coding schedule is obtained.
Illustratively, at least can recorde following ten character classes in coding schedule: the common letter of SQL, bypass are common
Character, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and the general alphabet three of bypass,
The character in the above classification, ASCII are not compiled for SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding
Character other than code 20 to 7E.
Illustratively, the code recorded in coding schedule includes the color of at least one corresponding character class.
Illustrate the example of character class in coding schedule referring to Fig. 2.
As shown in Fig. 2, by analysis SQL syntax, available SQL everyday words;For example, SQL everyday words may include:
Select, union, and, or, from, where, user ,=,<,>, ' etc..Pass through statistical analysis bypass sample and normal sample
This (for example, there is no the http (hypertext transfer protocol, HyperText Transfer Protocol) of SQL injection to request),
Available bypass everyday words, bypass character and spcial character.For example, bypass everyday words and character can wrap
It includes :/,-, *, # ,+, %, char, u, c etc..
Then, the common letter of SQL can further be obtained according to SQL everyday words, for example, s, e, l, f etc.;According to bypass
Everyday words and character can further obtain bypass conventional sign, for example ,/, *, #, % etc.;According to SQL everyday words, bypass
Everyday words and character can further obtain general alphabetical one (for example, c, the h etc.) of SQL and bypass, SQL and bypass general words
General alphabetical three (for example, o, the r etc.) of mother two (for example, a, n, d etc.), SQL and bypass and SQL and bypass general symbol(s)
(for example ,=,+,-, ' etc.).
Wherein it is possible to obtain the general letter of SQL and bypass according to SQL everyday words, bypass everyday words and character, then
General alphabetical one, two, three are obtained according to regular further division is set.Wherein it is possible to according to bypass sample and normal sample
Between otherness come determine setting rule, carry out the general letter of SQL and bypass one step subdivision of carry out so that normal sample
It will not coding result having the same with bypass sample.The application does not limit setting rule.In practical applications, may be used
Rule is set with adjustment as needed, four or more general alphabetical classifications are obtained with further division.
As shown in Fig. 2, can further obtain space character, number, ASCII (American according to spcial character
Standard Code for Information Interchange, ASCII) coding 20 to 7E do not exist
Character and ASCII in the above classification encode the character other than 20 to 70E.Wherein, ASCII coding uses 7 bits
(remaining 1 binary system be 0) indicates all upper case and lower case letter, digital 0 to 9, punctuation mark, and in American English
Special controlling character used in language.Wherein, ASCII coding 20 indicates space character, and ASCII, which encodes 7E, indicates tilde.
As shown in Fig. 2, can recorde ten kinds of character classes in this example, in coding schedule.However, the application to this not
It limits.In practical applications, the character class in coding schedule can be adjusted according to actual scene, such as in ten kinds of character class bases
The one or more of character class of further division available ten on plinth.The application is for the character type that records in coding schedule
Other quantity does not limit.
In the exemplary embodiment, the corresponding relationship of character class and color is recorded in coding schedule.For example, being based on Fig. 2
In ten character classes, ten kinds of colors can be respectively corresponded;For example, the corresponding black of the common letter of SQL, bypass conventional sign
Corresponding yellow, SQL and the general alphabetical a pair of bypass are answered orange, and SQL and bypass general alphabetical two are corresponding red, SQL and
The corresponding green of bypass general alphabetical three, SQL and bypass general symbol(s) correspond to light blue, the corresponding white of space character, and number is right
Grey is answered, ASCII encodes the corresponding blue of 20 to the 7E character not in the above character class, and ASCII is encoded other than 20 to 7E
Character corresponds to purple.However, the application does not limit this.In other implementations, coding schedule can recorde character class
With the corresponding relationship between tetrad code.In other words, different character class can be marked using other type of codes.
In the exemplary embodiment, for recording the corresponding relationship of character class and color in coding schedule, S101 can
To include: to determine the corresponding color of character in test object according to coding schedule, the corresponding image of test object is obtained, as inspection
Survey the coding result of object;
S102 may include: to carry out image recognition to the coding result of test object, determine test object with the presence or absence of SQL
Injection.
This example is illustrated referring to Fig. 2 and Fig. 3.
Based on shown in Fig. 3, it is illustrated so that test object is 1 ' and 1=1# of http request as an example, is based on above-mentioned example
The coding schedule that middle Fig. 2 is obtained can determine that each character in the http request is corresponding in turn to character class below: number
(1), SQL and bypass general symbol(s) ('), space character, SQL and general alphabetical two (a) of bypass, SQL and bypass general words
General alphabetical two (d) of mother two (n), SQL and bypass, space character, number (1), SQL and bypass general symbol(s) (=), number
(1), space character, bypass conventional sign (#);It is then possible to obtain the http according to the corresponding color of these character classes and ask
Seek corresponding image, wherein the corresponding color block of each character;Then as shown in figure 3, the corresponding image of the http request successively
Including following color block: grey, light blue, white, red, red, red, white, grey, light blue, grey, white, Huang
Color.
As shown in figure 3, in this example image recognition can be carried out using image of the image identification system to generation, with true
Surely it whether there is SQL injection.Wherein, image identification system can obtain infusing with the presence or absence of SQL for identification by deep learning
The model entered.For example, setting sample used by coding schedule based on determining, setting sample can be converted into figure according to coding schedule
Decent, these image pattern correspondence markings have normal or there are SQL injections, obtain image using the training of these image patterns and know
Other system, to realize quickly identification.Since image recognizing step can fast implement, to improve the detection speed of SQL injection
Degree.
In this example, it can make known bypass scheme and its mutation that there are much like encoded images, hold very much
Easily identified by image identification system.In this way, attacker around the detection scheme of the application to need to develop the new side bypass
Case, which greatly enhances the costs of attacker, reduce the defence cost of defender.
Fig. 4 is the schematic diagram of the detection device of SQL injection provided by the embodiments of the present application.As shown in figure 4, the present embodiment mentions
The detection device of the SQL injection of confession, comprising:
Coding module 401 is suitable for encoding test object according to coding schedule, obtaining coding result;Wherein, it encodes
Table records the corresponding relationship between character class and code;
Detection module 402 is suitable for determining test object with the presence or absence of SQL injection according to coding result.
Illustratively, following ten character classes can be at least recorded in coding schedule: the common letter of SQL, bypass are common
Character, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and the general alphabet three of bypass,
The character in the above classification, ASCII are not compiled for SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding
Character other than code 20 to 7E.
Illustratively, the code recorded in coding schedule includes the color of at least one corresponding character class.
Illustratively, coding module 401 may be adapted in the following manner compile test object according to coding schedule
Code, obtains coding result:
According to coding schedule, the corresponding color of character in test object is determined, the corresponding image of test object is obtained, as inspection
Survey the coding result of object.
Illustratively, detection module 402 is suitable for determining that test object whether there is in the following manner according to coding result
SQL injection: carrying out image recognition to coding result, determines test object with the presence or absence of SQL injection.
Related description about detection device provided in this embodiment is referred to the description of above method embodiment, therefore in
This is repeated no more.
Fig. 5 is the flow chart of data processing method provided by the embodiments of the present application.As shown in figure 5, provided in this embodiment
Data processing method, comprising:
S501, it is based on SQL syntax and setting sample, determines the character class recorded in coding schedule;
S502, any character class in coding schedule and the corresponding relationship between code are established, obtains coding schedule.
Illustratively, at least can recorde following ten character classes in coding schedule: the common letter of SQL, bypass are common
Character, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and the general alphabet three of bypass,
The character in the above classification, ASCII are not compiled for SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding
Character other than code 20 to 7E.
Illustratively, S502 may include: to obtain coding schedule using a kind of a kind of character class of color correspondence markings.
Illustratively, S501 may include:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze there are the bypass sample of SQL injection and there is no the normal sample of SQL injection, obtain
Bypass everyday words, bypass character and spcial character;
According to SQL everyday words, bypass everyday words, bypass character and spcial character, determines and recorded in coding schedule
Multiple character classes.
Related description about data processing method provided in this embodiment is referred in above-mentioned detection method embodiment
Coding schedule determination process related description, therefore repeated no more in this.
Fig. 6 is the schematic diagram of data processing equipment provided by the embodiments of the present application.As shown in fig. 6, provided in this embodiment
Data processing equipment, comprising:
Category determination module 601 is suitable for determining the character class recorded in coding schedule based on SQL syntax and setting sample;
Coding schedule establishes module 602, is adapted to set up any character class in coding schedule and the corresponding relationship between code,
Obtain coding schedule.
Illustratively, coding schedule, which establishes module 602, may be adapted to establish any character in coding schedule in the following manner
Corresponding relationship between classification and code obtains coding schedule: using a kind of a kind of character class of color correspondence markings, is encoded
Table.
Illustratively, category determination module 601 may be adapted in the following manner based on SQL syntax and setting sample, really
It delimits the organizational structure the character class recorded in code table:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze there are the bypass sample of SQL injection and there is no the normal sample of SQL injection, obtain
Bypass everyday words, bypass character and spcial character;
According to SQL everyday words, bypass everyday words, bypass character and spcial character, determines and recorded in coding schedule
Multiple character classes.
Related description about data processing equipment provided in this embodiment is referred to retouching for above-mentioned data processing method
It states, therefore is repeated no more in this.
In addition, the embodiment of the present application also provides a kind of exchange method, comprising:
There is provided an interactive interface, interactive interface is suitable for display at least one of: coding schedule, according to coding schedule to detection
Coding result that object is encoded, test object whether there is the testing result of SQL injection;Wherein, coding schedule records
Corresponding relationship between character class and code.
Illustratively, in coding schedule, a kind of a kind of character class of color correspondence markings can be used.
Illustratively, at least can recorde following ten character classes in coding schedule: the common letter of SQL, bypass are common
Character, SQL and the general alphabet one of bypass, SQL and the general alphabet two of bypass, SQL and the general alphabet three of bypass,
The character in the above classification, ASCII are not compiled for SQL and bypass general symbol(s), space, number, 20 to 7E part of ASCII coding
Character other than code 20 to 7E.
The related description of exchange method about the present embodiment is referred to Fig. 2 and exemplary explanation shown in Fig. 3, therefore in
This is repeated no more.
Fig. 7 is a kind of schematic diagram for calculating equipment provided by the embodiments of the present application.As shown in fig. 7, provided in this embodiment
Calculate equipment 700, comprising: first memory 701 and first processor 702, first memory 701 are suitable for storing SQL injection
Program is detected, which realizes the detection for the SQL injection that Fig. 1 corresponding embodiment provides when being executed by first processor 702
The step of method.
Wherein, first processor 702 can include but is not limited to microprocessor (MCU, Microcontroller Unit)
Or the processing unit of programmable logic device (FPGA, Field Programmable Gate Array) etc..First memory
701 can be used for storing the software program and module of application software, and the detection method such as the SQL injection in the present embodiment is corresponding
Program instruction or module, the software program and module that first processor 702 is stored in first memory 701 by operation,
Thereby executing various function application and data processing, that is, realize the detection method of above-mentioned SQL injection.First memory 701
May include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage device, flash memory,
Or other non-volatile solid state memories.In some instances, first memory 701 may include relative to first processor
702 remotely located memories, these remote memories can pass through network connection to above-mentioned calculating equipment 700.Above-mentioned network
Example include but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Illustratively, calculating equipment 700 can also include the first communication unit 703;First communication unit 703 can be via
One network receives or sends data.In an example, the first communication unit 703 can be radio frequency (Radio
Frequency, referred to as RF) module, it is used to wirelessly be communicated with internet.
In addition, the embodiment of the present application also provides a kind of calculating equipment, comprising: second memory and second processor, second
Memory is suitable for storing data processing routine, which realizes Fig. 5 corresponding embodiment when being executed by second processor
The step of data processing method of offer.
Wherein, the explanation about second memory and second processor is referred to first memory and first processor
Illustrate, therefore is repeated no more in this.
In addition, the embodiment of the present application also provides a kind of computer-readable medium, it is stored with the detection program of SQL injection, it should
The step of detection program realizes the detection method of SQL injection provided by the above embodiment when being executed by processor.
In addition, the embodiment of the present application also provides a kind of computer-readable medium, it is stored with data processor, at the data
The step of reason program realizes data processing method provided by the above embodiment when being executed by processor.
It will appreciated by the skilled person that whole or certain steps, system, dress in method disclosed hereinabove
Functional module or unit in setting may be implemented as software, firmware, hardware and its combination appropriate.In hardware embodiment
In, the division between functional module or unit referred in the above description not necessarily corresponds to the division of physical assemblies;For example,
One physical assemblies can have multiple functions or a function or step and can be executed by several physical assemblies cooperations.Certain
A little components or all components may be implemented as by processor, such as the software that digital signal processor or microprocessor execute, or
Person is implemented as hardware, or is implemented as integrated circuit, such as specific integrated circuit.Such software can be distributed in computer
On readable medium, computer-readable medium may include computer storage medium (or non-transitory medium) and communication media (or
Fugitive medium).As known to a person of ordinary skill in the art, term computer storage medium is included in for storing information
Implement in any method or technique of (such as computer readable instructions, data structure, program module or other data) volatile
Property and non-volatile, removable and nonremovable medium.Computer storage medium includes but is not limited to RAM, ROM, EEPROM, sudden strain of a muscle
It deposits or other memory technologies, CD-ROM, digital versatile disc (DVD) or other optical disc storages, magnetic holder, tape, disk storage
Or other magnetic memory apparatus or any other Jie that can be used for storing desired information and can be accessed by a computer
Matter.In addition, known to a person of ordinary skill in the art be, communication media generally comprises computer readable instructions, data structure, journey
Other data in the modulated data signal of sequence module or such as carrier wave or other transmission mechanisms etc, and may include any
Information delivery media.
The advantages of basic principles and main features and the application of the application have been shown and described above.The application is not by upper
The limitation for stating embodiment, the above embodiments and description only describe the principles of the application, are not departing from the application
Under the premise of spirit and scope, the application be will also have various changes and improvements, these changes and improvements both fall within claimed
Within the scope of the application.
Claims (17)
1. a kind of detection method of structured query language SQL injection characterized by comprising
According to coding schedule, test object is encoded, obtains coding result;Wherein, coding schedule record character class with
Corresponding relationship between code;
According to the coding result, determine the test object with the presence or absence of SQL injection.
2. the method according to claim 1, wherein at least recording following ten character types in the coding schedule
Other: the common letter of SQL bypasses bypass conventional characters, SQL and around the general alphabet one of bypass, SQL and around bypass
General alphabet two, SQL and around the general alphabet three of bypass, SQL and around bypass general symbol(s), space, number,
ASCII encodes 20 to 7E parts and does not encode the character other than 20 to 7E in character, the ASCII in the above classification.
3. the method according to claim 1, wherein the code recorded in the coding schedule includes corresponding at least one
The color of a character class.
4. according to the method described in claim 3, obtaining it is characterized in that, described encode test object according to coding schedule
To coding result, comprising:
According to the coding schedule, the corresponding color of character in the test object is determined, obtain the corresponding figure of the test object
Picture, the coding result as the test object.
5. according to the method described in claim 4, determining the detection pair it is characterized in that, described according to the coding result
As whether there is SQL injection, comprising:
Image recognition is carried out to the coding result, determines the test object with the presence or absence of SQL injection.
6. according to the method described in claim 2, obtaining it is characterized in that, described encode test object according to coding schedule
To before coding result, the method also includes: the coding is obtained based on SQL syntax and setting sample in the following manner
Table:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze that there are SQL injections around bypass sample and there is no the normal sample of SQL injection, bypassed
Bypass everyday words bypasses bypass character and spcial character;
It according to SQL everyday words, bypasses bypass everyday words, around bypass character and spcial character, determines the coding schedule
Multiple character classes of middle record;
The corresponding relationship between any character class and code is established, the coding schedule is obtained.
7. a kind of data processing method characterized by comprising
Based on structured query language SQL syntax and setting sample, the character class recorded in coding schedule is determined;
Any character class in the coding schedule and the corresponding relationship between code are established, the coding schedule is obtained.
8. the method according to the description of claim 7 is characterized in that at least recording following ten character types in the coding schedule
Other: the common letter of SQL bypasses bypass conventional characters, SQL and around the general alphabet one of bypass, SQL and around bypass
General alphabet two, SQL and around the general alphabet three of bypass, SQL and around bypass general symbol(s), space, number,
ASCII encodes 20 to 7E parts and does not encode the character other than 20 to 7E in character, the ASCII in the above classification.
9. the method according to the description of claim 7 is characterized in that any character class established in the coding schedule with
Corresponding relationship between code obtains the coding schedule, comprising:
Using a kind of a kind of character class of color correspondence markings, the coding schedule is obtained.
10. the method according to the description of claim 7 is characterized in that described based on SQL syntax and setting sample, determining coding
The character class recorded in table, comprising:
Based on SQL syntax, SQL everyday words is obtained;
By statisticalling analyze that there are SQL injections around bypass sample and there is no the normal sample of SQL injection, bypassed
Bypass everyday words bypasses bypass character and spcial character;
It according to SQL everyday words, bypasses bypass everyday words, around bypass character and spcial character, determines the coding schedule
Multiple character classes of middle record.
11. a kind of exchange method characterized by comprising
There is provided an interactive interface, the interactive interface is suitable for display at least one of: coding schedule, according to the coding schedule pair
Coding result that test object is encoded, the test object whether there is the inspection of structured query language SQL injection
Survey result;
Wherein, the corresponding relationship between the coding schedule record character class and code.
12. exchange method according to claim 11, which is characterized in that in the coding schedule, using a kind of color pair
A kind of character class should be marked.
13. exchange method according to claim 11, which is characterized in that at least record following ten words in the coding schedule
Symbol classification: the common letter of SQL and around bypass conventional characters, SQL and around the general alphabet one of bypass, SQL bypass
The general alphabet two of bypass, SQL and around the general alphabet three of bypass, SQL and around bypass general symbol(s), space,
Number, ASCII encode 20 to 7E parts and do not encode the character other than 20 to 7E in character, the ASCII in the above classification.
14. a kind of calculating equipment characterized by comprising first memory and first processor;The first memory is suitable for
The detection program of storage organization query language SQL injection is realized such as when the detection program is executed by the first processor
The step of detection method described in any one of claims 1 to 6.
15. a kind of calculating equipment characterized by comprising second memory and second processor;The second memory is suitable for
Storing data processing routine is realized when the data processor is executed by the second processor as in claim 7 to 10
The step of described in any item data processing methods.
16. a kind of computer-readable medium, which is characterized in that be stored with the detection program of structured query language SQL injection, institute
It states when detection program is executed by processor and realizes such as the step of detection method described in any one of claims 1 to 6.
17. a kind of computer-readable medium, which is characterized in that be stored with data processor, the data processor is located
Manage the step of realizing the data processing method as described in any one of claim 7 to 10 when device executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810027161.8A CN110035031B (en) | 2018-01-11 | 2018-01-11 | SQL injection detection method and data processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810027161.8A CN110035031B (en) | 2018-01-11 | 2018-01-11 | SQL injection detection method and data processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110035031A true CN110035031A (en) | 2019-07-19 |
| CN110035031B CN110035031B (en) | 2022-04-26 |
Family
ID=67234747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810027161.8A Active CN110035031B (en) | 2018-01-11 | 2018-01-11 | SQL injection detection method and data processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110035031B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039747A (en) * | 2021-10-21 | 2022-02-11 | 烽火通信科技股份有限公司 | Method, device, equipment and storage medium for preventing DDOS data retransmission attack |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
| CN103559444A (en) * | 2013-11-05 | 2014-02-05 | 星云融创(北京)信息技术有限公司 | Sql (Structured query language) injection detection method and device |
| US20140283033A1 (en) * | 2013-03-15 | 2014-09-18 | Kunal Anand | Systems and methods for tokenizing user-generated content to enable the prevention of attacks |
| CN105160252A (en) * | 2015-08-10 | 2015-12-16 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting structured query language injection attack |
| CN107292170A (en) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detection method and device, the system of SQL injection attack |
| CN107526968A (en) * | 2017-08-18 | 2017-12-29 | 郑州云海信息技术有限公司 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
-
2018
- 2018-01-11 CN CN201810027161.8A patent/CN110035031B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140283033A1 (en) * | 2013-03-15 | 2014-09-18 | Kunal Anand | Systems and methods for tokenizing user-generated content to enable the prevention of attacks |
| CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
| CN103559444A (en) * | 2013-11-05 | 2014-02-05 | 星云融创(北京)信息技术有限公司 | Sql (Structured query language) injection detection method and device |
| CN105160252A (en) * | 2015-08-10 | 2015-12-16 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting structured query language injection attack |
| CN107292170A (en) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detection method and device, the system of SQL injection attack |
| CN107526968A (en) * | 2017-08-18 | 2017-12-29 | 郑州云海信息技术有限公司 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039747A (en) * | 2021-10-21 | 2022-02-11 | 烽火通信科技股份有限公司 | Method, device, equipment and storage medium for preventing DDOS data retransmission attack |
| CN114039747B (en) * | 2021-10-21 | 2023-05-16 | 烽火通信科技股份有限公司 | DDOS data retransmission attack prevention method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110035031B (en) | 2022-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhou et al. | Coverless image steganography using partial-duplicate image retrieval | |
| US11507766B2 (en) | Method and apparatus for processing encoded pattern, storage medium, and electronic apparatus | |
| Joshi et al. | A new method of image steganography using 7th bit of a pixel as indicator by introducing the successive temporary pixel in the gray scale image | |
| RU2251734C2 (en) | Machine-readable code, method and device for encoding and decoding | |
| US10949961B1 (en) | Detecting screenshot images for protecting against loss of sensitive screenshot-borne data | |
| US10867073B1 (en) | Detecting organization image-borne sensitive documents and protecting against loss of the sensitive documents | |
| KR20190014098A (en) | System and method for identifying matching content | |
| RU2648582C1 (en) | Ways and computer device for determining whether the sign is the authentic | |
| US11080425B2 (en) | Staged information exchange facilitated by content-addressable records indexed to pseudonymous identifiers by a tamper-evident data structure | |
| CN108255555B (en) | A kind of system language switching method and terminal device | |
| US10460114B1 (en) | Identifying visually similar text | |
| CN104618350A (en) | Generation method of image checking code | |
| CN103164698A (en) | Method and device of generating fingerprint database and method and device of fingerprint matching of text to be tested | |
| US11593975B2 (en) | Systems and methods of generating color palettes with a generative adversarial network | |
| CN110502664A (en) | Video tab indexes base establishing method, video tab generation method and device | |
| CN108304839A (en) | A kind of image processing method and device | |
| CN107451106A (en) | Text method and device for correcting, electronic equipment | |
| US20110078778A1 (en) | Multi-variable challenge and response for content security | |
| US20210383159A1 (en) | Deep learning stack used in production to prevent exfiltration of image-borne identification documents | |
| CN109905328A (en) | The recognition methods of data flow and device | |
| JP2020061136A (en) | Accessible machine learning backend | |
| US11475158B1 (en) | Customized deep learning classifier for detecting organization sensitive data in images on premises | |
| CN110008462A (en) | A kind of command sequence detection method and command sequence processing method | |
| EP3920093A1 (en) | Detecting image-borne identification documents for protecting sensitive information | |
| CN110035031A (en) | A kind of detection method and data processing method of SQL injection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40010963 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |