CN111064735B - 一种电力信息系统sql注入漏洞检测方法及系统 - Google Patents
一种电力信息系统sql注入漏洞检测方法及系统 Download PDFInfo
- Publication number
- CN111064735B CN111064735B CN201911357101.3A CN201911357101A CN111064735B CN 111064735 B CN111064735 B CN 111064735B CN 201911357101 A CN201911357101 A CN 201911357101A CN 111064735 B CN111064735 B CN 111064735B
- Authority
- CN
- China
- Prior art keywords
- state
- test
- injection
- response
- injection characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002347 injection Methods 0.000 title claims abstract description 283
- 239000007924 injection Substances 0.000 title claims abstract description 283
- 238000001514 detection method Methods 0.000 title claims abstract description 54
- 238000012360 testing method Methods 0.000 claims abstract description 426
- 230000004044 response Effects 0.000 claims abstract description 129
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000035515 penetration Effects 0.000 claims abstract description 32
- 230000009471 action Effects 0.000 claims abstract description 18
- 238000006243 chemical reaction Methods 0.000 claims abstract description 5
- 239000011159 matrix material Substances 0.000 claims description 71
- 230000001360 synchronised effect Effects 0.000 claims description 42
- 230000007704 transition Effects 0.000 claims description 38
- 238000012546 transfer Methods 0.000 claims description 37
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 16
- 238000010276 construction Methods 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 6
- 230000000875 corresponding effect Effects 0.000 description 70
- 238000013101 initial test Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000011160 research Methods 0.000 description 4
- 102100029469 WD repeat and HMG-box DNA-binding protein 1 Human genes 0.000 description 3
- 101710097421 WD repeat and HMG-box DNA-binding protein 1 Proteins 0.000 description 3
- 230000001276 controlling effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000010422 painting Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911357101.3A CN111064735B (zh) | 2019-12-25 | 2019-12-25 | 一种电力信息系统sql注入漏洞检测方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911357101.3A CN111064735B (zh) | 2019-12-25 | 2019-12-25 | 一种电力信息系统sql注入漏洞检测方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111064735A CN111064735A (zh) | 2020-04-24 |
CN111064735B true CN111064735B (zh) | 2021-10-15 |
Family
ID=70303560
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911357101.3A Active CN111064735B (zh) | 2019-12-25 | 2019-12-25 | 一种电力信息系统sql注入漏洞检测方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111064735B (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112306889B (zh) * | 2020-11-23 | 2023-10-20 | 国网北京市电力公司 | 充电桩的测试方法、装置、存储介质及处理器 |
CN113127366B (zh) * | 2021-04-28 | 2023-08-15 | 芜湖雄狮汽车科技有限公司 | 基于模型的矩阵自动化测试方法及计算机可读存储介质 |
CN113111008B (zh) * | 2021-05-12 | 2024-02-23 | 中国工商银行股份有限公司 | 测试用例生成方法及装置 |
CN114844689A (zh) * | 2022-04-19 | 2022-08-02 | 尚蝉(浙江)科技有限公司 | 一种基于有限状态机的网站逻辑漏洞检测方法及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102831345A (zh) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Sql注入漏洞检测中的注入点提取方法 |
US8381026B2 (en) * | 2009-06-22 | 2013-02-19 | Citrix Systems, Inc. | Systems and method for transaction stall detection and propagating the result in a multi-core architecture |
CN104184728A (zh) * | 2014-08-14 | 2014-12-03 | 电子科技大学 | 一种Web应用系统的安全检测方法及安全检测装置 |
CN107292170A (zh) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Sql注入攻击的检测方法及装置、系统 |
CN110581864A (zh) * | 2019-11-11 | 2019-12-17 | 北京安博通科技股份有限公司 | 一种sql注入攻击的检测方法及装置 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9313223B2 (en) * | 2013-03-15 | 2016-04-12 | Prevoty, Inc. | Systems and methods for tokenizing user-generated content to enable the prevention of attacks |
-
2019
- 2019-12-25 CN CN201911357101.3A patent/CN111064735B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8381026B2 (en) * | 2009-06-22 | 2013-02-19 | Citrix Systems, Inc. | Systems and method for transaction stall detection and propagating the result in a multi-core architecture |
CN102831345A (zh) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Sql注入漏洞检测中的注入点提取方法 |
CN104184728A (zh) * | 2014-08-14 | 2014-12-03 | 电子科技大学 | 一种Web应用系统的安全检测方法及安全检测装置 |
CN107292170A (zh) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Sql注入攻击的检测方法及装置、系统 |
CN110581864A (zh) * | 2019-11-11 | 2019-12-17 | 北京安博通科技股份有限公司 | 一种sql注入攻击的检测方法及装置 |
Non-Patent Citations (3)
Title |
---|
Exposing SQL Injection Vulnerability through Penetration Test Based on Finite State Machine;Lei Liu et al;《2016 2nd IEEE International Conference on Computer and Communications》;20170511;正文I-V节,表1 * |
基于扩展 FSM 的 Web 应用安全测试研究;李 栋等;《计算机应用与软件》;20180228;全文 * |
基于策略推导的访问控制漏洞测试用例生成方法;文 硕等;《计 算 机 学 报》;20171231;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111064735A (zh) | 2020-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111064735B (zh) | 一种电力信息系统sql注入漏洞检测方法及系统 | |
Li et al. | Block: a black-box approach for detection of state violation attacks towards web applications | |
Xue et al. | Detection and classification of malicious JavaScript via attack behavior modelling | |
CN109150833A (zh) | 一种基于模型检测的安全协议形式化验证方法 | |
Zhou et al. | Vulnerability analysis of smart contract for blockchain-based IoT applications: a machine learning approach | |
Zhang et al. | ART4SQLi: The ART of SQL injection vulnerability discovery | |
CN113098887A (zh) | 一种基于网站联合特征的钓鱼网站检测方法 | |
CN105740711B (zh) | 一种基于内核对象行为本体的恶意代码检测方法及系统 | |
Zhuo et al. | Long short‐term memory on abstract syntax tree for SQL injection detection | |
Zhuang et al. | Just-in-time defect prediction based on AST change embedding | |
RU2659482C1 (ru) | Способ защиты веб-приложений при помощи интеллектуального сетевого экрана с использованием автоматического построения моделей приложений | |
Remmide et al. | Detection of phishing URLs using temporal convolutional network | |
Meena Siwach | Anomaly detection for web log data analysis: A review | |
Aghaei et al. | Automated CVE Analysis for Threat Prioritization and Impact Prediction | |
CN102982282B (zh) | 程序漏洞的检测系统和方法 | |
Zhang et al. | Research on SQL injection vulnerabilities and its detection methods | |
Wang et al. | A model-based behavioral fuzzing approach for network service | |
Lamba et al. | Model-based cluster analysis for identifying suspicious activity sequences in software | |
Gong et al. | GRATDet: Smart Contract Vulnerability Detector Based on Graph Representation and Transformer. | |
Kong et al. | A multi-type vulnerability detection framework with parallel perspective fusion and hierarchical feature enhancement | |
Walkinshaw et al. | Improving dynamic software analysis by applying grammar inference principles | |
Gadgikar | Preventing SQL injection attacks using negative tainting approach | |
Wang et al. | A model-based fuzzing approach for DBMS | |
Lin et al. | Novel JavaScript malware detection based on fuzzy Petri nets | |
Khan | Detecting phishing attacks using nlp |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210202 Address after: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Applicant after: NANKAI University Applicant after: STATE GRID TIANJIN ELECTRIC POWER Co. Applicant after: STATE GRID CORPORATION OF CHINA Address before: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Applicant before: NANKAI University Applicant before: STATE GRID TIANJIN ELECTRIC POWER Co. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240220 Address after: 300384 No. 8, Haitai Huake 4th Road, Binhai New Area, Tianjin Patentee after: ELECTRIC POWER SCIENCE & RESEARCH INSTITUTE OF STATE GRID TIANJIN ELECTRIC POWER Co. Country or region after: China Patentee after: STATE GRID TIANJIN ELECTRIC POWER Co. Patentee after: STATE GRID CORPORATION OF CHINA Patentee after: NANKAI University Address before: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Patentee before: NANKAI University Country or region before: China Patentee before: STATE GRID TIANJIN ELECTRIC POWER Co. Patentee before: STATE GRID CORPORATION OF CHINA |
|
TR01 | Transfer of patent right |