CN110035031B - SQL injection detection method and data processing method - Google Patents
SQL injection detection method and data processing method Download PDFInfo
- Publication number
- CN110035031B CN110035031B CN201810027161.8A CN201810027161A CN110035031B CN 110035031 B CN110035031 B CN 110035031B CN 201810027161 A CN201810027161 A CN 201810027161A CN 110035031 B CN110035031 B CN 110035031B
- Authority
- CN
- China
- Prior art keywords
- sql
- bypass
- common
- characters
- typass
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Machine Translation (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application discloses a detection method and a data processing method for SQL injection; the SQL injection detection method comprises the following steps: according to the coding table, coding the detection object to obtain a coding result; wherein, the coding table records the corresponding relation between the character category and the code; and determining whether the SQL injection exists in the detection object according to the encoding result. The method and the device have the advantages that the rapid detection of SQL injection is realized, the detection effect is improved, and the defense cost is reduced.
Description
Technical Field
The present application relates to, but not limited to, the field of network security, and in particular, to a detection method and a data processing method for SQL injection.
Background
Structured Query Language (SQL) injection is a common approach to cyber attacks. SQL injection is a method of introducing a special malicious SQL statement as a parameter into a Web application and causing it to be executed, causing an illegal intrusion into a network system. The current Web Application protection system (WAF) basically depends on regular expressions to perform SQL injection detection. However, an attacker forms a bypass (bypass) method for the traditional regular expression-based SQL injection detection method, which results in poor SQL injection detection effect of the WAF. Moreover, due to the limitation of the regular expression, a large amount of manual maintenance is required to enable the regular expression to achieve sufficient coverage, which results in high defense cost.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the application provides a detection method and a data processing method for SQL injection, which can realize rapid detection of SQL injection, thereby improving the detection effect and reducing the defense cost.
In a first aspect, an embodiment of the present application provides a method for detecting SQL injection, including:
according to the coding table, coding the detection object to obtain a coding result; the encoding table records the corresponding relation between character categories and codes;
and determining whether SQL injection exists in the detection object according to the encoding result.
In an exemplary embodiment, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass (bypass) common characters, SQL and bypass universal alphabet one, SQL and bypass universal alphabet two, SQL and bypass universal alphabet table three, SQL and bypass universal symbols, spaces, numbers, characters with ASCII codes 20 to 7E part not in the above categories, characters outside ASCII codes 20 to 7E.
In an exemplary embodiment, the codes recorded in the code table may include a color corresponding to at least one character category.
In an exemplary embodiment, the encoding the detection object according to the encoding table to obtain the encoding result may include: and determining the color corresponding to the characters in the detection object according to the coding table to obtain an image corresponding to the detection object as a coding result of the detection object.
In an exemplary embodiment, the determining whether SQL injection exists in the detection object according to the encoding result may include: and carrying out image recognition on the coding result, and determining whether the SQL injection exists in the detection object.
In an exemplary embodiment, before the encoding the detection object according to the encoding table and obtaining the encoding result, the method may further include: obtaining the coding table based on the SQL syntax and the setting sample by the following method:
obtaining SQL common words based on SQL grammar;
carrying out statistical analysis on the bypass samples with SQL injection and the normal samples without SQL injection to obtain bypass common words, bypass characters and special characters;
determining a plurality of character categories recorded in the coding table according to the SQL common words, the bypass characters and the special characters;
and establishing a corresponding relation between any character type and the code to obtain the code table.
In a second aspect, an embodiment of the present application provides a data processing method, including:
determining the character type recorded in the coding table based on the SQL grammar and the set sample;
and establishing a corresponding relation between any character type in the code table and the code to obtain the code table.
In an exemplary embodiment, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass common characters, SQL and bypass common alphabet one, SQL and bypass common alphabet two, SQL and bypass common alphabet table three, SQL and bypass common symbols, spaces, numbers, characters with ASCII code 20 to 7E parts not in the above categories, characters outside ASCII code 20 to 7E.
In an exemplary embodiment, the establishing a correspondence between any character category in the coding table and a code to obtain the coding table may include: and marking a character type by adopting a color corresponding to the code table to obtain the code table.
In an exemplary embodiment, the determining the character type recorded in the coding table based on the SQL syntax and the setting sample may include:
obtaining SQL common words based on SQL grammar;
analyzing the bypass word, bypass characters and special characters by statistics of bypass samples with SQL injection and normal samples without SQL injection;
and determining a plurality of character categories recorded in the coding table according to the SQL common words, the bypass characters and the special characters.
In a third aspect, an embodiment of the present application provides an interaction method, including:
providing an interactive interface adapted to display at least one of: the method comprises the steps of encoding a detection object according to an encoding table to obtain an encoding result and detecting whether the detection object has a SQL injection detection result; and the coding table records the corresponding relation between the character categories and the codes.
In an exemplary embodiment, a character category may be marked with a color correspondence in the encoding table.
In an exemplary embodiment, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass common characters, SQL and bypass common alphabet one, SQL and bypass common alphabet two, SQL and bypass common alphabet table three, SQL and bypass common symbols, spaces, numbers, characters with ASCII code 20 to 7E parts not in the above categories, characters outside ASCII code 20 to 7E.
In addition, an embodiment of the present application further provides a computing device, including: a first memory and a first processor; the first memory is adapted to store an SQL injected detection program, and the detection program, when executed by the first processor, implements the steps of the SQL injected detection method provided by the first aspect.
In addition, an embodiment of the present application further provides a computing device, including: a second memory and a second processor; the second memory is adapted to store a data processing program which, when executed by the second processor, implements the steps of the data processing method provided by the second aspect described above.
In addition, an embodiment of the present application further provides a computer-readable medium, in which a detection program for SQL injection is stored, and when the detection program is executed by a processor, the steps of the detection method for SQL injection provided in the first aspect are implemented.
In addition, an embodiment of the present application further provides a computer readable medium, which stores a data processing program, and the data processing program, when executed by a processor, implements the steps of the data processing method provided by the second aspect.
In the embodiment of the application, the detection object is coded according to the coding table to obtain a coding result; wherein, the coding table records the corresponding relation between the character category and the code; and determining whether the SQL injection exists in the detection object according to the encoding result. The detection method provided by the application has flexibility, can greatly improve the cost of bypassing the (bypass) method for an attacker, and can realize quick detection so as to meet the mass data requirement of cloud computing.
Of course, not all of the above advantages need to be achieved at the same time in any one product embodying the present application.
Drawings
Fig. 1 is a flowchart of a detection method for SQL injection provided in an embodiment of the present application;
FIG. 2 is a diagram illustrating exemplary character categories in an encoding table according to an embodiment of the present application;
FIG. 3 is an exemplary diagram of a detection process according to an embodiment of the present application;
fig. 4 is a schematic diagram of a detection apparatus for SQL injection according to an embodiment of the present application;
fig. 5 is a flowchart of a data processing method provided in an embodiment of the present application;
FIG. 6 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic diagram of a computing device provided in an embodiment of the present application.
Detailed Description
The embodiments of the present application will be described in detail below with reference to the accompanying drawings, and it should be understood that the embodiments described below are only for illustrating and explaining the present application and are not intended to limit the present application.
It should be noted that, if not conflicted, the embodiments and the features of the embodiments can be combined with each other and are within the scope of protection of the present application. Additionally, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
In some embodiments, a computing device that executes a detection method or a data Processing method of SQL injection may include one or more processors (CPUs), input/output interfaces, network interfaces, and memories (memories).
The memory may include forms of volatile memory, Random Access Memory (RAM), and/or non-volatile memory in a computer-readable medium, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium. The memory may include module 1, module 2, … …, and module N (N is an integer greater than 2).
Computer readable media include both permanent and non-permanent, removable and non-removable storage media. A storage medium may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
The embodiment of the application provides a detection method and a data processing method for SQL injection; based on the coding table obtained by SQL grammar and set sample, the quick detection of SQL injection is realized, thereby improving detection effect and reducing defense cost.
Fig. 1 is a flowchart of a detection method for SQL injection according to an embodiment of the present application. As shown in fig. 1, the detection method for SQL injection provided in this embodiment includes:
s101, encoding the detection object according to the encoding table to obtain an encoding result; wherein, the coding table records the corresponding relation between the character category and the code;
and S102, determining whether the SQL injection exists in the detection object according to the encoding result.
The detection method of SQL injection provided by this embodiment may be executed by a Web application protection system (WAF). The WAF may be deployed on a server-side computing device, or a computing device between a client-side computing device (e.g., a mobile terminal such as a laptop, or a fixed terminal such as a desktop computer) and a server-side computing device (e.g., a server in the cloud). However, this is not limited in this application.
The detection method for SQL injection provided in this embodiment may be deployed on the WAF alone to perform the detection function of SQL injection, or may be matched with other detection methods for SQL injection to implement SQL injection detection. However, this is not limited in this application.
In an exemplary embodiment, before S101, the detection method of this embodiment may further include:
obtaining a coding table based on the SQL syntax and the set samples by:
obtaining SQL common words based on SQL grammar;
obtaining bypass (bypass) samples with SQL injection and normal samples without SQL injection through statistical analysis to obtain bypass common words, bypass characters and special characters;
determining a plurality of character categories recorded in a coding table according to the SQL common words, the bypass characters and the special characters;
and establishing a corresponding relation between any character type and the code to obtain a coding table.
Illustratively, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass common characters, SQL and bypass common alphabet one, SQL and bypass common alphabet two, SQL and bypass common alphabet table three, SQL and bypass common symbols, spaces, numbers, characters with ASCII code 20 to 7E parts not in the above categories, characters outside ASCII code 20 to 7E.
Illustratively, the codes recorded in the encoding table include colors corresponding to at least one character category.
An example of character classes in the encoding table is described below with reference to fig. 2.
As shown in fig. 2, by analyzing the SQL syntax, SQL common words can be obtained; for example, SQL common words may include: select, union, and, or, from, where, user, <, >', etc. By statistically analyzing the bypass sample and the normal sample (for example, there is no http (HyperText Transfer Protocol) request injected by SQL), the bypass common word, bypass character and special character can be obtained. For example, bypass common words and characters may include: v, -, #, +,%, char, u, c, etc.
Then, SQL common letters such as s, e, l, f and the like can be further obtained according to the SQL common words; further obtaining bypass common symbols such as/, #,% and the like according to bypass common words and characters; according to the SQL common words, the bypass common words and the characters, SQL and bypass common letters one (such as c, h and the like), SQL and bypass common letters two (such as a, n, d and the like), SQL and bypass common letters three (such as o, r and the like) and SQL and bypass common symbols (such as ═, +,' and the like) can be further obtained.
The SQL and bypass universal letters can be obtained according to SQL common words, bypass common words and characters, and then the universal letters I, II and III are obtained through further division according to set rules. The setting rule can be determined according to the difference between the bypass sample and the normal sample, and the SQL and bypass universal letters are subdivided in one step, so that the normal sample and the bypass sample cannot have the same encoding result. The present application is not limited to setting the rule. In practical applications, the setting rules can be adjusted as needed to further divide the letter into four or more general letter categories.
As shown in fig. 2, a space character, a number, characters whose ASCII (American Standard Code for Information exchange) codes 20 to 7E are not in the above category, and characters other than the ASCII codes 20 to 70E can be further obtained from the special characters. Where ASCII encoding uses a 7-bit binary number (the remaining 1-bit binary is 0) to represent all upper and lower case letters, the numbers 0 to 9, punctuation, and special control characters used in american english. Here, ASCII code 20 represents a space character, and ASCII code 7E represents a wave number.
As shown in fig. 2, in the present example, ten kinds of character categories may be recorded in the encoding table. However, this is not limited in this application. In practical applications, the character categories in the encoding table may be adjusted according to actual scenes, for example, eleven or more character categories may be obtained by further dividing on the basis of ten character categories. The number of character categories recorded in the encoding table is not limited in the present application.
In an exemplary embodiment, the correspondence between the character type and the color is recorded in the encoding table. For example, based on the ten character categories in fig. 2, ten colors may be respectively corresponded; for example, the common SQL letters correspond to black, the common bypass symbols correspond to yellow, the common SQL and bypass letters correspond to orange, the common SQL and bypass letters correspond to red, the common SQL and bypass letters correspond to green, the common SQL and bypass symbols correspond to light blue, the space bars correspond to white, the numbers correspond to gray, the characters of the ASCII codes 20 to 7E which are not in the above character categories correspond to blue, and the characters other than the ASCII codes 20 to 7E correspond to purple. However, this is not limited in this application. In other implementations, the encoding table may record a correspondence between a character category and a four-digit binary code. In other words, other code types may be used to label different character categories.
In an exemplary embodiment, taking the correspondence between the recorded character categories and the colors in the encoding table as an example, S101 may include: determining the color corresponding to the characters in the detection object according to the coding table to obtain the image corresponding to the detection object as the coding result of the detection object;
s102 may include: and carrying out image recognition on the encoding result of the detection object, and determining whether SQL injection exists in the detection object.
This example is illustrated below with reference to fig. 2 and 3.
Based on the example shown in fig. 3, the http request 1' and 1 ═ 1# is taken as an example, and based on the coding table obtained in fig. 2 in the above example, it can be determined that each character in the http request sequentially corresponds to the following character categories: number (1), SQL and bypass common symbols ('), space symbol, SQL and bypass common letter two (a), SQL and bypass common letter two (n), SQL and bypass common letter two (d), space symbol, number (1), SQL and bypass common symbols (═), number (1), space symbol, bypass common symbols (#); then, obtaining an image corresponding to the http request according to the colors corresponding to the character categories, wherein each character corresponds to one color block; then, as shown in fig. 3, the image corresponding to the http request sequentially includes the following color blocks: gray, light blue, white, red, white, gray, light blue, gray, white, yellow.
As shown in fig. 3, in this example, an image recognition system may be employed to perform image recognition on the generated image to determine whether SQL injection is present. The image recognition system can obtain a model for recognizing whether SQL injection exists through deep learning. For example, based on the setting samples used for determining the encoding table, the setting samples can be converted into image samples according to the encoding table, the image samples are correspondingly marked with normal or existing SQL injection, and the image samples are used for training to obtain the image recognition system, so that rapid recognition is realized. The image recognition step can be quickly realized, so that the detection speed of SQL injection is improved.
In this example, the known bypass scheme and its variants can be made to have very similar encoded images, easily recognizable by the image recognition system. Therefore, if an attacker needs to bypass the detection scheme of the application, a new bypass scheme needs to be developed, so that the cost of the attacker is greatly increased, and the defense cost of a defense party is reduced.
Fig. 4 is a schematic diagram of a detection apparatus for SQL injection according to an embodiment of the present application. As shown in fig. 4, the detection apparatus for SQL injection provided in this embodiment includes:
the encoding module 401 is adapted to encode the detection object according to the encoding table to obtain an encoding result; wherein, the coding table records the corresponding relation between the character category and the code;
the detecting module 402 is adapted to determine whether SQL injection exists in the detected object according to the encoding result.
Illustratively, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass common characters, SQL and bypass common alphabet one, SQL and bypass common alphabet two, SQL and bypass common alphabet table three, SQL and bypass common symbols, spaces, numbers, characters with ASCII code 20 to 7E parts not in the above categories, characters outside ASCII code 20 to 7E.
Illustratively, the codes recorded in the encoding table include colors corresponding to at least one character category.
For example, the encoding module 401 may be adapted to encode the detection object according to the encoding table to obtain the encoding result by:
and determining the color corresponding to the character in the detection object according to the coding table, and obtaining the image corresponding to the detection object as the coding result of the detection object.
Illustratively, the detecting module 402 is adapted to determine whether SQL injection exists for the detected object according to the encoding result by: and carrying out image recognition on the encoding result, and determining whether the SQL injection exists in the detection object.
For the related description of the detection apparatus provided in this embodiment, reference may be made to the description of the method embodiments above, and therefore, the description thereof is not repeated herein.
Fig. 5 is a flowchart of a data processing method according to an embodiment of the present application. As shown in fig. 5, the data processing method provided in this embodiment includes:
s501, determining character types recorded in a coding table based on SQL grammar and set samples;
s502, establishing a corresponding relation between any character type in the code table and the code to obtain the code table.
Illustratively, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass common characters, SQL and bypass common alphabet one, SQL and bypass common alphabet two, SQL and bypass common alphabet table three, SQL and bypass common symbols, spaces, numbers, characters with ASCII code 20 to 7E parts not in the above categories, characters outside ASCII code 20 to 7E.
Exemplarily, S502 may include: and marking a character type by adopting a color corresponding to the character type to obtain a coding table.
Illustratively, S501 may include:
obtaining SQL common words based on SQL grammar;
carrying out statistical analysis on the bypass samples with SQL injection and the normal samples without SQL injection to obtain bypass common words, bypass characters and special characters;
and determining a plurality of character categories recorded in the coding table according to the SQL common words, the bypass characters and the special characters.
For the related description of the data processing method provided in this embodiment, reference may be made to the related description of the code table determining process in the above-mentioned detection method embodiment, and therefore, the description thereof is omitted here.
Fig. 6 is a schematic diagram of a data processing apparatus according to an embodiment of the present application. As shown in fig. 6, the data processing apparatus provided in this embodiment includes:
a category determining module 601 adapted to determine the character categories recorded in the coding table based on the SQL syntax and the setting samples;
the code table creating module 602 is adapted to create a corresponding relationship between any character type in the code table and the code, so as to obtain the code table.
For example, the code table establishing module 602 may be adapted to establish a correspondence between any character category in the code table and the code, to obtain the code table: and marking a character type by adopting a color corresponding to the character type to obtain a coding table.
Illustratively, the category determination module 601 may be adapted to determine the character categories recorded in the coding table based on the SQL syntax and the setting samples by:
obtaining SQL common words based on SQL grammar;
carrying out statistical analysis on the bypass samples with SQL injection and the normal samples without SQL injection to obtain bypass common words, bypass characters and special characters;
and determining a plurality of character categories recorded in the coding table according to the SQL common words, the bypass characters and the special characters.
For the related description of the data processing apparatus provided in this embodiment, reference may be made to the description of the data processing method, and therefore, the description thereof is not repeated herein.
In addition, an interaction method is further provided in an embodiment of the present application, including:
providing an interactive interface adapted to display at least one of: the SQL injection detection system comprises an encoding table, an encoding result obtained by encoding a detection object according to the encoding table, and a detection result of whether the detection object has SQL injection or not; the coding table records the corresponding relation between the character type and the code.
For example, in the encoding table, a character category may be marked with a color correspondence.
Illustratively, at least the following ten character categories may be recorded in the encoding table: SQL common letters, bypass common characters, SQL and bypass common alphabet one, SQL and bypass common alphabet two, SQL and bypass common alphabet table three, SQL and bypass common symbols, spaces, numbers, characters with ASCII code 20 to 7E parts not in the above categories, characters outside ASCII code 20 to 7E.
For the description of the interaction method of the present embodiment, reference may be made to the description of the examples shown in fig. 2 and fig. 3, and therefore, the description thereof is omitted here.
Fig. 7 is a schematic diagram of a computing device according to an embodiment of the present application. As shown in fig. 7, the present embodiment provides a computing device 700, including: a first memory 701 and a first processor 702, the first memory 701 is adapted to store an SQL injection detection program, and when the detection program is executed by the first processor 702, the steps of the SQL injection detection method provided in the corresponding embodiment of fig. 1 are implemented.
The first processor 702 may include, but is not limited to, a processing device such as a Micro Controller Unit (MCU) or a Programmable logic device (FPGA). The first memory 701 may be used to store software programs and modules of application software, such as program instructions or modules corresponding to the detection method of SQL injection in this embodiment, and the first processor 702 executes various functional applications and data processing by running the software programs and modules stored in the first memory 701, that is, implements the detection method of SQL injection. The first memory 701 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, the first memory 701 may include memory located remotely from the first processor 702, which may be connected to the computing device 700 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Exemplarily, the computing device 700 may further include a first communication unit 703; the first communication unit 703 may receive or transmit data via a network. In one example, the first communication unit 703 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
In addition, an embodiment of the present application further provides a computing device, including: a second memory and a second processor, the second memory being adapted to store a data processing program, which when executed by the second processor implements the steps of the data processing method provided by the corresponding embodiment of fig. 5.
For the description of the second memory and the second processor, reference may be made to the description of the first memory and the first processor, and thus, the description thereof is omitted.
In addition, an embodiment of the present application further provides a computer readable medium, in which an SQL injection detection program is stored, and when the detection program is executed by a processor, the steps of the SQL injection detection method provided in the foregoing embodiment are implemented.
In addition, an embodiment of the present application further provides a computer readable medium, in which a data processing program is stored, and the data processing program, when executed by a processor, implements the steps of the data processing method provided in the foregoing embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules or units in the apparatus disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules or units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The foregoing shows and describes the general principles and features of the present application, together with the advantages thereof. The present application is not limited to the above-described embodiments, which are described in the specification and drawings only to illustrate the principles of the application, but also to provide various changes and modifications within the spirit and scope of the application, which are within the scope of the claimed application.
Claims (15)
1. A detection method for Structured Query Language (SQL) injection is characterized by comprising the following steps:
according to the coding table, coding the detection object to obtain a coding result; the encoding table records the corresponding relation between character categories and codes;
determining whether SQL injection exists in the detection object according to the encoding result;
wherein, at least the following ten character categories are recorded in the coding table: SQL common letters, bypass typass common characters, SQL and bypass typass common alphabet one, SQL and bypass typass common alphabet two, SQL and bypass typass common alphabet table three, SQL and bypass typass common symbols, spaces, numbers, characters with ASCII codes 20 to 7E part not in the above categories, characters outside ASCII codes 20 to 7E.
2. The method of claim 1, wherein the codes recorded in the encoding table include colors corresponding to at least one character category.
3. The method according to claim 2, wherein the encoding the detected object according to the encoding table to obtain the encoding result comprises:
and determining the color corresponding to the characters in the detection object according to the coding table to obtain an image corresponding to the detection object as a coding result of the detection object.
4. The method according to claim 3, wherein said determining whether SQL injection exists in the detected object according to the encoding result comprises:
and carrying out image recognition on the coding result, and determining whether the SQL injection exists in the detection object.
5. The method according to claim 1, wherein before encoding the detected object according to the encoding table to obtain the encoding result, the method further comprises: obtaining the coding table based on the SQL syntax and the setting sample by the following method:
obtaining SQL common words based on SQL grammar;
obtaining bypass common words, bypass characters and special characters by statistically analyzing bypass samples with SQL injection and normal samples without SQL injection;
determining a plurality of character categories recorded in the coding table according to the SQL common words, bypass characters and special characters;
and establishing a corresponding relation between any character type and the code to obtain the code table.
6. A data processing method, comprising:
determining the character types recorded in the coding table based on the SQL grammar of the structured query language and the set samples;
establishing a corresponding relation between any character category in the code table and the codes to obtain the code table;
the encoding table is a basis for encoding a detection object to obtain an encoding result, and whether SQL injection exists in the detection object can be determined according to the encoding result; at least the following ten character categories are recorded in the coding table: SQL common letters, bypass typass common characters, SQL and bypass typass common alphabet one, SQL and bypass typass common alphabet two, SQL and bypass typass common alphabet table three, SQL and bypass typass common symbols, spaces, numbers, characters with ASCII codes 20 to 7E part not in the above categories, characters outside ASCII codes 20 to 7E.
7. The method according to claim 6, wherein the establishing a correspondence between any character category in the coding table and a code to obtain the coding table comprises:
and marking a character type by adopting a color corresponding to the code table to obtain the code table.
8. The method of claim 6, wherein determining the character classes recorded in the coding table based on the SQL syntax and the setting samples comprises:
obtaining SQL common words based on SQL grammar;
obtaining bypass common words, bypass characters and special characters by statistically analyzing bypass samples with SQL injection and normal samples without SQL injection;
and determining a plurality of character categories recorded in the coding table according to the SQL common words, bypass characters and special characters.
9. An interaction method, comprising:
providing an interactive interface adapted to display at least one of: the method comprises the steps of obtaining a detection object, a coding table, a coding result obtained by coding the detection object according to the coding table, and whether the detection object has a detection result injected by Structured Query Language (SQL);
the encoding table records the corresponding relation between character categories and codes; whether the detection result of Structured Query Language (SQL) injection exists in the detection object is determined according to the coding result of the detection object; at least the following ten character categories are recorded in the coding table: SQL common letters, bypass typass common characters, SQL and bypass typass common alphabet one, SQL and bypass typass common alphabet two, SQL and bypass typass common alphabet table three, SQL and bypass typass common symbols, spaces, numbers, characters with ASCII codes 20 to 7E part not in the above categories, characters outside ASCII codes 20 to 7E.
10. The interactive method of claim 9, wherein a character category is marked in the code table with a color correspondence.
11. The interactive method according to claim 9, wherein at least the following ten character categories are recorded in the code table: SQL common letters, bypass typass common characters, SQL and bypass typass common alphabet one, SQL and bypass typass common alphabet two, SQL and bypass typass common alphabet table three, SQL and bypass typass common symbols, spaces, numbers, characters with ASCII codes 20 to 7E part not in the above categories, characters outside ASCII codes 20 to 7E.
12. A computing device, comprising: a first memory and a first processor; the first memory is adapted to store a detection program injected in structured query language, SQL, which, when executed by the first processor, implements the steps of the detection method according to any of claims 1 to 5.
13. A computing device, comprising: a second memory and a second processor; the second memory is adapted to store a data processing program which, when executed by the second processor, implements the steps of the data processing method of any one of claims 6 to 8.
14. A computer-readable medium, in which a detection program of structured query language, SQL, injection is stored, which when executed by a processor implements the steps of the detection method according to any one of claims 1 to 5.
15. A computer-readable medium, in which a data processing program is stored which, when being executed by a processor, carries out the steps of the data processing method according to any one of claims 6 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810027161.8A CN110035031B (en) | 2018-01-11 | 2018-01-11 | SQL injection detection method and data processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810027161.8A CN110035031B (en) | 2018-01-11 | 2018-01-11 | SQL injection detection method and data processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110035031A CN110035031A (en) | 2019-07-19 |
| CN110035031B true CN110035031B (en) | 2022-04-26 |
Family
ID=67234747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810027161.8A Active CN110035031B (en) | 2018-01-11 | 2018-01-11 | SQL injection detection method and data processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110035031B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039747B (en) * | 2021-10-21 | 2023-05-16 | 烽火通信科技股份有限公司 | DDOS data retransmission attack prevention method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
| CN103559444A (en) * | 2013-11-05 | 2014-02-05 | 星云融创(北京)信息技术有限公司 | Sql (Structured query language) injection detection method and device |
| CN105160252A (en) * | 2015-08-10 | 2015-12-16 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting structured query language injection attack |
| CN107292170A (en) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detection method and device, the system of SQL injection attack |
| CN107526968A (en) * | 2017-08-18 | 2017-12-29 | 郑州云海信息技术有限公司 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9313223B2 (en) * | 2013-03-15 | 2016-04-12 | Prevoty, Inc. | Systems and methods for tokenizing user-generated content to enable the prevention of attacks |
-
2018
- 2018-01-11 CN CN201810027161.8A patent/CN110035031B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
| CN103559444A (en) * | 2013-11-05 | 2014-02-05 | 星云融创(北京)信息技术有限公司 | Sql (Structured query language) injection detection method and device |
| CN105160252A (en) * | 2015-08-10 | 2015-12-16 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting structured query language injection attack |
| CN107292170A (en) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detection method and device, the system of SQL injection attack |
| CN107526968A (en) * | 2017-08-18 | 2017-12-29 | 郑州云海信息技术有限公司 | A kind of anti-method for implanting of SQL based on syntactic analysis and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110035031A (en) | 2019-07-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10915980B2 (en) | Method and apparatus for adding digital watermark to video | |
| Zhou et al. | Faster-RCNN based robust coverless information hiding system in cloud environment | |
| CN107341399B (en) | Method and device for evaluating security of code file | |
| US10585944B2 (en) | Directed graph compression | |
| Cao et al. | Coverless information hiding based on the generation of anime characters | |
| CN105447546A (en) | Two-dimensional code capable of being embedded with large-ratio graph as well as coding and decoding method and device therefor | |
| US20170185841A1 (en) | Method and electronic apparatus for identifying video characteristic | |
| US11494588B2 (en) | Ground truth generation for image segmentation | |
| CN115664859B (en) | Data security analysis method, device, equipment and medium based on cloud printing scene | |
| CN106529643A (en) | Two-dimensional code encoding and decoding generation device and method | |
| CN103259621A (en) | Encoding method and device of colorized three-dimensional codes and application method and system of colorized three-dimensional codes | |
| CN110035031B (en) | SQL injection detection method and data processing method | |
| Denning et al. | The information paradox | |
| CN104091189A (en) | Coding and decoding methods for micro-window color two-dimension code | |
| CN111209600A (en) | Block chain-based data processing method and related product | |
| CN104573781B (en) | A kind of Quick Response Code encoding and decoding method | |
| CN109359274B (en) | Method, device and equipment for identifying character strings generated in batch | |
| CN111143312A (en) | Format analysis method, device, equipment and storage medium for power logs | |
| CN113553586B (en) | Virus detection method, model training method, device, equipment and storage medium | |
| CN112019642B (en) | Audio uploading method, device, equipment and storage medium | |
| CN108040064A (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN111914513A (en) | RDP window title character recognition method and device | |
| CN114091080A (en) | Subtitle file encryption and decryption method, system, storage medium and electronic equipment | |
| Dong et al. | Reversible binary image watermarking method using overlapping pattern substitution | |
| CN110086749A (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40010963 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |