CN112069498A - SQL injection detection model construction method and detection method - Google Patents

SQL injection detection model construction method and detection method Download PDF

Info

Publication number
CN112069498A
CN112069498A CN202010997062.XA CN202010997062A CN112069498A CN 112069498 A CN112069498 A CN 112069498A CN 202010997062 A CN202010997062 A CN 202010997062A CN 112069498 A CN112069498 A CN 112069498A
Authority
CN
China
Prior art keywords
sql
labeled
training
detection model
injection detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010997062.XA
Other languages
Chinese (zh)
Other versions
CN112069498B (en
Inventor
李武军
周庆博
解银朋
周嵩
何金栋
谢新志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
Original Assignee
Nanjing University
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University, State Grid Corp of China SGCC, Global Energy Interconnection Research Institute, Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd filed Critical Nanjing University
Priority to CN202010997062.XA priority Critical patent/CN112069498B/en
Publication of CN112069498A publication Critical patent/CN112069498A/en
Application granted granted Critical
Publication of CN112069498B publication Critical patent/CN112069498B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application provides a method for constructing an SQL injection detection model and a detection method, wherein the method for constructing the SQL injection detection model comprises the following steps: obtaining a plurality of labeled SQL training samples; obtaining labeled feature vectors of all labeled SQL training samples; training the SQL injection detection model; obtaining a plurality of unlabeled SQL training samples; and inputting the label-free feature vector set into the trained SQL injection detection model, extracting a preset number of label-free feature vectors when the confidence coefficient corresponding to at least one label-free feature vector belongs to the confidence coefficient interval, taking the label-free feature vectors as new label-free feature vectors, and training the SQL injection detection model. The SQL injection detection model capable of accurately detecting the SQL injection statements in the network environment is obtained while the labeled SQL training sample resources are saved.

Description

SQL injection detection model construction method and detection method
Technical Field
The application relates to the technical field of network security, in particular to a method for constructing an SQL injection detection model and a detection method.
Background
Structured Query Language (SQL) injection is one of the most common Web application attack means at present, and usually some part of a normal SQL statement is replaced by a malicious SQL statement to construct a malicious SQL statement, and an attacker acquires the authority of a database by executing a malicious code, thereby performing a network attack.
In the prior art, a regular expression matching-based detection method is generally used, and a SQL statement set of a normally accessible system database is modeled to construct a regular expression pattern library. And matching each SQL statement to be accessed to the database with the pattern of the regular expression pattern library, if the matching is successful, the SQL statement is considered to be a normal statement, and if the matching is failed, the SQL statement is considered to be an injection statement.
However, before the SQL injection detection is performed by using the detection method based on regular expression matching, a regular expression pattern library needs to be established for the SQL injection detection, but the established regular expression pattern library has certain limitations, which results in relatively low detection accuracy. Therefore, an SQL injection detection model with high detection precision is urgently needed, and has an important meaning for improving network security.
Disclosure of Invention
The application provides a method for constructing an SQL injection detection model and a detection method, which aim to overcome the defects of low detection precision and the like of the SQL injection detection method in the prior art.
The first aspect of the present application provides a method for constructing an SQL injection detection model, which includes:
obtaining a plurality of labeled SQL training samples; wherein the tags include an injection statement tag and a normal statement tag;
constructing an SQL injection detection model based on a neural network according to preset detection requirements;
performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples;
training the SQL injection detection model according to the labeled feature vectors and labels corresponding to the labeled feature vectors to obtain a trained SQL injection detection model;
obtaining a plurality of unlabeled SQL training samples;
performing feature extraction on the plurality of label-free SQL training samples to obtain corresponding label-free feature vector sets;
inputting the label-free characteristic vector set into the trained SQL injection detection model to obtain labels and confidence degrees corresponding to the label-free SQL training samples;
judging whether the confidence corresponding to each non-label feature vector belongs to the confidence interval or not according to a preset confidence interval;
when the confidence degree corresponding to at least one non-label feature vector belongs to the confidence degree interval, extracting a preset number of non-label feature vectors according to the confidence degree ascending sorting result of the at least one non-label feature vector, and setting labels for the non-label feature vectors; adding the unlabeled feature vector with the label into the original labeled feature vector to serve as a new labeled feature vector, returning to the label corresponding to the labeled feature vector and each labeled feature vector according to the labeled feature vector, and training the SQL injection detection model to obtain a trained SQL injection detection model;
and when determining that the confidence degrees corresponding to the non-label characteristic vectors do not belong to the confidence degree interval, determining the trained SQL injection detection model as a target SQL injection detection model.
Optionally, before performing feature extraction on the plurality of labeled SQL training samples and/or performing feature extraction on the plurality of unlabeled SQL training samples, the method further includes:
performing syntax analysis on the plurality of labeled SQL training samples and/or the plurality of unlabeled SQL training samples by adopting a preset SQL syntax analysis algorithm to obtain labeled training syntax trees corresponding to the labeled SQL training samples and/or unlabeled training syntax trees corresponding to the unlabeled SQL training samples;
and determining redundant data in each grammar tree according to each labeled training grammar tree and/or the tree structure of the unlabeled training grammar tree and data information in each leaf node, and removing the redundant data to obtain a plurality of preprocessed labeled training grammar trees and/or a plurality of preprocessed unlabeled training grammar trees.
Optionally, the performing feature extraction on the plurality of labeled SQL training samples, and/or performing feature extraction on the plurality of unlabeled SQL training samples includes:
converting each preprocessed labeled training syntax tree and/or each preprocessed unlabeled training syntax tree into a corresponding SQL mode to obtain a labeled training SQL mode and/or an unlabeled training SQL mode;
and based on a preset bag-of-words model, performing feature extraction on the labeled training SQL mode and/or the unlabeled training SQL mode.
A second aspect of the present application provides a SQL injection detection method, including:
acquiring an SQL sentence to be detected;
performing feature extraction on the SQL sentences to be detected to obtain feature vectors corresponding to the SQL sentences to be detected;
the feature vector is input into the target SQL injection detection model constructed by the method for constructing an SQL injection detection model according to any one of the first aspect and the optional embodiments of the first aspect, so as to generate a corresponding detection result.
Optionally, the method further includes:
judging whether the SQL sentence to be detected is an injection sentence or not according to the detection result;
and when the SQL sentence to be detected is determined to be an injection sentence, generating injection alarm information.
Optionally, the method further includes: and returning to the step of acquiring the SQL sentence to be detected when the SQL sentence to be detected is determined to be a normal sentence.
The third aspect of the present application provides an apparatus for constructing an SQL injection detection model, comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a plurality of SQL training samples with labels; wherein the tags include an injection statement tag and a normal statement tag;
the construction module is used for constructing an SQL injection detection model based on a neural network according to preset detection requirements;
the first feature extraction module is used for performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples;
the training module is used for training the SQL injection detection model according to the labeled characteristic vectors and the labels corresponding to the labeled characteristic vectors so as to obtain a trained SQL injection detection model;
the second acquisition module is used for acquiring a plurality of unlabeled SQL training samples;
the second feature extraction module is used for performing feature extraction on the plurality of unlabeled SQL training samples to obtain corresponding unlabeled feature vector sets;
the learning module is used for inputting the label-free feature vector set into the trained SQL injection detection model so as to obtain labels and confidence degrees corresponding to the label-free SQL training samples;
the judging module is used for judging whether the confidence corresponding to each non-label feature vector belongs to the confidence interval or not according to a preset confidence interval;
the first determining module is used for extracting a preset number of non-label feature vectors according to the confidence ascending sorting result of at least one non-label feature vector when the confidence corresponding to the at least one non-label feature vector is determined to belong to the confidence interval, and setting labels for the non-label feature vectors; adding the unlabeled feature vector with the label into the original labeled feature vector to serve as a new labeled feature vector, returning to the label corresponding to the labeled feature vector and each labeled feature vector according to the labeled feature vector, and training the SQL injection detection model to obtain a trained SQL injection detection model;
and the second determining module is used for determining that the trained SQL injection detection model is the target SQL injection detection model when determining that the confidence degrees corresponding to the non-label characteristic vectors do not belong to the confidence degree interval.
Optionally, the apparatus further comprises:
the preprocessing module is used for carrying out syntax analysis on the plurality of labeled SQL training samples and/or the plurality of unlabeled SQL training samples by adopting a preset SQL syntax analysis algorithm to obtain labeled training syntax trees corresponding to the labeled SQL training samples and/or unlabeled training syntax trees corresponding to the unlabeled SQL training samples;
and determining redundant data in each grammar tree according to each labeled training grammar tree and/or the tree structure of the unlabeled training grammar tree and data information in each leaf node, and removing the redundant data to obtain a plurality of preprocessed labeled training grammar trees and/or a plurality of preprocessed unlabeled training grammar trees.
Optionally, the first feature extraction module and/or the second feature extraction module are specifically configured to:
converting each preprocessed labeled training syntax tree and/or each preprocessed unlabeled training syntax tree into a corresponding SQL mode to obtain a labeled training SQL mode and/or an unlabeled training SQL mode;
and based on a preset bag-of-words model, performing feature extraction on the labeled training SQL mode and/or the unlabeled training SQL mode.
A fourth aspect of the present application provides an SQL injection detection apparatus, including:
the acquisition module is used for acquiring the SQL sentences to be detected;
the third feature extraction module is used for performing feature extraction on the SQL sentence to be detected to obtain a feature vector corresponding to the SQL sentence to be detected;
a detection module, configured to input the feature vector into a target SQL injection detection model constructed by the SQL injection detection model construction model according to any one of the third aspect and the third aspect of the present invention, so as to generate a corresponding detection result.
Optionally, the detection module is further configured to: judging whether the SQL sentence to be detected is an injection sentence or not according to the detection result;
and when the SQL sentence to be detected is determined to be an injection sentence, generating injection alarm information.
Optionally, the detection module is further configured to: and returning to the step of acquiring the SQL sentence to be detected when the SQL sentence to be detected is determined to be a normal sentence.
A fifth aspect of the present application provides an electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes computer-executable instructions stored by the memory to cause the at least one processor to perform the method of the first aspect and any one of its alternative embodiments, or to perform the method of the second aspect and any one of its alternative embodiments.
A sixth aspect of the present application provides a computer-readable storage medium, having stored thereon computer-executable instructions, which, when executed by a processor, perform the method according to any one of the first aspect and the first alternative embodiment thereof, or perform the method according to any one of the second aspect and the second alternative embodiment thereof.
This application technical scheme has following advantage:
according to the SQL injection detection model construction method and device, a plurality of labeled SQL training samples are obtained; wherein the labels comprise an injection statement label and a normal statement label; constructing an SQL injection detection model based on a neural network according to preset detection requirements; performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples; training the SQL injection detection model according to the characteristic vectors with the labels and the labels corresponding to the characteristic vectors with the labels to obtain the trained SQL injection detection model; obtaining a plurality of unlabeled SQL training samples; performing feature extraction on a plurality of unlabeled SQL training samples to obtain corresponding unlabeled feature vector sets; inputting the label-free feature vector set into the trained SQL injection detection model to obtain labels and confidence degrees corresponding to the label-free SQL training samples; judging whether the confidence corresponding to each non-label feature vector belongs to a confidence interval or not according to a preset confidence interval; when the confidence degree corresponding to at least one non-label feature vector belongs to the confidence degree interval, extracting a preset number of non-label feature vectors according to the confidence degree ascending sorting result of the at least one non-label feature vector, and setting labels for the non-label feature vectors; adding the unlabeled characteristic vector with the label into the original labeled characteristic vector to serve as a new labeled characteristic vector, returning to the step of training the SQL injection detection model according to the labeled characteristic vector and the labels corresponding to the labeled characteristic vectors to obtain the trained SQL injection detection model; and when the confidences corresponding to the label-free feature vectors do not belong to the confidence coefficient interval, determining the trained SQL injection detection model as a target SQL injection detection model. According to the SQL injection detection model construction method provided by the scheme, the constructed SQL injection detection model is subjected to model training by using a small number of labeled SQL training samples and a large number of unlabeled SQL training samples, labeled SQL training sample resources are saved, meanwhile, the SQL injection detection model capable of accurately detecting SQL injection statements in a network environment is obtained, and a foundation is laid for improving the accuracy of SQL injection detection results.
According to the SQL injection detection method and device, the SQL sentences to be detected are obtained; performing feature extraction on the SQL sentence to be detected to obtain a feature vector corresponding to the SQL sentence to be detected; and inputting the characteristic vector into a pre-constructed SQL injection detection model to generate a corresponding detection result. According to the SQL injection detection method provided by the scheme, the SQL injection detection is carried out by utilizing the pre-constructed SQL injection detection model, the SQL sentence to be detected can be accurately detected by the model, the accuracy of the detection result is improved, and a foundation is laid for improving the safety of a network environment.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art according to these drawings.
Fig. 1 is a schematic structural diagram of an SQL injection detection model construction system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an SQL injection detection system according to an embodiment of the present application;
fig. 3 is a schematic flow chart of a method for constructing an SQL injection detection model according to an embodiment of the present application;
fig. 4 is a schematic flowchart of an exemplary SQL injection detection model construction method according to an embodiment of the present application;
fig. 5 is a schematic flowchart of an SQL injection detection method according to an embodiment of the present application;
fig. 6 is a schematic flowchart of an exemplary SQL injection detection method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an SQL injection detection model building apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an SQL injection detection apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. In the description of the following examples, "plurality" means two or more unless specifically limited otherwise.
In the prior art, a regular expression matching-based detection method is generally used, and a SQL statement set of a normally accessible system database is modeled to construct a regular expression pattern library. And matching each SQL statement to be accessed to the database with the pattern of the regular expression pattern library, if the matching is successful, the SQL statement is considered to be a normal statement, and if the matching is failed, the SQL statement is considered to be an injection statement. However, before the SQL injection detection is performed by using the detection method based on regular expression matching, a regular expression pattern library needs to be established for the SQL injection detection, but the established regular expression pattern library has certain limitations, which results in relatively low detection accuracy.
In order to solve the above problems, an embodiment of the present application provides a method for constructing an SQL injection detection model, in which a plurality of labeled SQL training samples are obtained; wherein the labels comprise an injection statement label and a normal statement label; constructing an SQL injection detection model based on a neural network according to preset detection requirements; performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples; training the SQL injection detection model according to the characteristic vectors with the labels and the labels corresponding to the characteristic vectors with the labels to obtain the trained SQL injection detection model; obtaining a plurality of unlabeled SQL training samples; performing feature extraction on each unlabeled SQL training sample to obtain a corresponding unlabeled feature vector set; inputting the label-free feature vector set into the trained SQL injection detection model to obtain labels and confidence degrees corresponding to the label-free feature vectors; judging whether the confidence corresponding to each non-label feature vector belongs to a confidence interval or not according to a preset confidence interval; when the confidence degree corresponding to at least one non-label feature vector belongs to the confidence degree interval, extracting a preset number of non-label feature vectors according to the confidence degree ascending sorting result of the at least one non-label feature vector, and setting labels for the non-label feature vectors according to the model prediction result; taking the unlabeled characteristic vector with the label as a new labeled characteristic vector, adding the new labeled characteristic vector into the original labeled characteristic vector set, and training the SQL injection detection model according to the new labeled characteristic vector set to obtain a trained SQL injection detection model; and when the confidences corresponding to the label-free feature vectors do not belong to the confidence coefficient interval, determining the trained SQL injection detection model as a target SQL injection detection model. According to the SQL injection detection model construction method provided by the scheme, the constructed SQL injection detection model is subjected to model training by using a small number of labeled SQL training samples and a large number of unlabeled SQL training samples, labeled SQL training sample resources are saved, meanwhile, the SQL injection detection model capable of accurately detecting SQL injection statements in a network environment is obtained, and a foundation is laid for improving the accuracy of SQL injection detection results.
Further, the embodiment of the application also provides an SQL injection detection method, which comprises the steps of obtaining an SQL statement to be detected; performing feature extraction on the SQL sentence to be detected to obtain a feature vector corresponding to the SQL sentence to be detected; and inputting the characteristic vector into a pre-constructed SQL injection detection model to generate a corresponding detection result. According to the SQL injection detection method provided by the scheme, the SQL injection detection is carried out by utilizing the pre-constructed SQL injection detection model, the SQL sentence to be detected can be accurately detected by the model, the accuracy of the detection result is improved, and a foundation is laid for improving the safety of a network environment.
The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Firstly, the structure of the SQL injection detection model construction system and the structure of the SQL injection detection system based on the present application will be explained:
the method and the device for constructing the SQL injection detection model provided by the embodiment of the application are suitable for constructing the SQL injection detection model for performing SQL injection detection, and as shown in fig. 1, the method and the device are a structural schematic diagram of a system for constructing the SQL injection detection model based on the embodiment of the application, and mainly comprise a sample database and a device for constructing the SQL injection detection model, wherein the sample database comprises a labeled SQL training sample and a unlabeled SQL training sample. Specifically, the SQL injection detection model construction device performs model training by using a labeled SQL training sample obtained from a sample database, detects a unlabeled SQL training sample obtained from the sample database by using the SQL injection detection model trained by the labeled SQL training sample, performs optimization training on the model again according to a detection result, and finally obtains a target SQL injection detection model with high accuracy.
The SQL injection detection method and apparatus provided in the embodiment of the present application are suitable for constructing a system for performing injection detection on an SQL statement to be detected, and as shown in fig. 2, the structural schematic diagram of the SQL injection detection system based on the embodiment of the present application mainly includes a client, a server, and an SQL injection detection apparatus, where the SQL injection detection apparatus is deployed on the server, and a pre-constructed SQL injection detection model is set in the SQL injection detection apparatus. Specifically, in the process of sending the SQL statement to the server by the client, injection detection may be performed on the SQL statement based on the SQL injection detection apparatus to determine whether the SQL statement sent by the current client is an injection statement, so as to prevent the server from being attacked maliciously by an attacker, thereby providing a guarantee for network security.
The embodiment of the application provides a method for constructing an SQL injection detection model, which is used for constructing the SQL injection detection model for SQL injection detection. The execution subject of the embodiment of the present application is an electronic device, such as a server, a desktop computer, a notebook computer, a tablet computer, and other electronic devices that can be used to construct an SQL injection detection model.
As shown in fig. 3, a schematic flow diagram of a method for constructing an SQL injection detection model provided in an embodiment of the present application is shown, where the method includes:
step 301, obtaining a plurality of labeled SQL training samples.
Wherein the tags include an injection statement tag and a normal statement tag.
Step 302, constructing an SQL injection detection model based on a neural network according to preset detection requirements.
It should be explained that the detection requirement may be determined according to the application environment and the actual SQL injection detection requirement, so that the constructed SQL injection detection model may meet the actual requirement.
Step 303, performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples.
Specifically, before model training, feature extraction is performed on a plurality of labeled SQL training samples respectively to obtain SQL patterns corresponding to the labeled SQL training samples, and further, vectorization processing is performed on the SQL patterns corresponding to the labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples.
And 304, training the SQL injection detection model according to the characteristic vectors with the labels and the labels corresponding to the characteristic vectors with the labels to obtain the trained SQL injection detection model.
Specifically, labeled feature vectors corresponding to the labeled SQL training samples and labels corresponding to the labeled SQL training samples are sequentially and correspondingly input to a pre-constructed SQL injection detection model to perform model training on the SQL injection detection model, so as to improve the accuracy of the constructed SQL injection detection model.
Step 305, a plurality of unlabeled SQL training samples are obtained.
It should be explained that, in order to improve the reliability of the constructed SQL injection detection model and save the sample resources of the labeled SQL training samples, the number of the obtained unlabeled SQL training samples may be much larger than that of the labeled SQL training samples.
Step 306, performing feature extraction on a preset number of unlabeled SQL training samples to obtain a corresponding unlabeled feature vector set.
Similarly, feature extraction is respectively performed on a preset number of unlabeled SQL training samples to obtain statement features corresponding to each unlabeled SQL training sample, further, vectorization processing is performed on the statement features corresponding to each unlabeled SQL training sample to obtain unlabeled feature vectors corresponding to each unlabeled SQL training sample, and each unlabeled feature vector is used to construct a corresponding unlabeled feature vector set.
And 307, inputting the unlabeled feature vector set into the trained SQL injection detection model to obtain labels and confidence degrees corresponding to the unlabeled SQL training samples.
It should be explained that the confidence corresponding to each unlabeled SQL training sample may be determined based on an estimation function preset in the SQL injection detection model, and is specifically used to estimate the confidence of the detection result (label) output by the current SQL injection detection model.
And 308, judging whether the confidence corresponding to each unlabeled SQL training sample belongs to the confidence interval or not according to the preset confidence interval.
It should be explained that the confidence interval is preset according to actual requirements before model training. The confidence degree output by the current SQL injection detection model specifically reflects the confidence degree of the detection result of the current label-free SQL training sample.
Step 309, when it is determined that the confidence degree corresponding to at least one non-tag feature vector belongs to the confidence degree interval, extracting a preset number of non-tag feature vectors according to the confidence degree ascending sorting result of the at least one non-tag feature vector, and setting tags for the non-tag feature vectors; and adding the unlabeled characteristic vector with the label into the original labeled characteristic vector to serve as a new labeled characteristic vector, returning to the step of training the SQL injection detection model according to the labeled characteristic vector and the labels corresponding to the labeled characteristic vectors to obtain the trained SQL injection detection model.
It should be explained that, if the confidence degrees corresponding to some unlabeled SQL training samples belong to a preset confidence degree interval, it is proved that the unlabeled SQL training samples are suitable for continuously training the model, and the label output by the SQL training model may be determined as the label corresponding to the unlabeled SQL training sample, so as to use the label as a new labeled SQL training sample, and further train the model.
In the model construction method provided by the embodiment of the application, only a small amount of SQL training samples with labels need to be obtained before the model is trained. In the subsequent process of further improving the detection precision of the model, SQL injection detection can be performed on a large number of obtained unlabeled SQL training samples by using the model, so that more labeled SQL training samples are obtained, and the model training cost is saved.
And 310, when the confidences corresponding to the label-free SQL training samples do not belong to the confidence degree interval, determining the trained SQL injection detection model as a target SQL injection detection model.
Specifically, when the confidence degrees corresponding to the unlabeled SQL training samples do not belong to the confidence degree interval, it may be determined that the unlabeled SQL training samples are not suitable for being used as new labeled SQL training samples.
Illustratively, when the preset confidence intervals are [ ρ _ min, ρ _ max ] and the preset number is k, extracting k unlabeled SQL training samples with lower confidence levels in the [ ρ _ min, ρ _ max ] confidence intervals according to the ascending ordering result of the confidence levels of the unlabeled SQL training samples, and constructing a corresponding unlabeled SQL training sample set. When the number of the label-free SQL training samples in the constructed label-free SQL training sample set is greater than or equal to 1, the labels corresponding to the label-free SQL training samples in the current label-free SQL training sample set are determined according to the labels output by the SQL injection detection model, and are added into the original labeled feature vector, so that the current SQL injection detection model is trained, and the accuracy and the reliability of the SQL injection detection model are further improved.
On the basis of the foregoing embodiment, because each SQL statement includes a large amount of redundant data, in order to improve the detection efficiency of the constructed SQL injection detection model, as an implementable manner, on the basis of the foregoing embodiment, in an embodiment, before performing feature extraction on a plurality of labeled SQL training samples and/or performing feature extraction on a preset number of unlabeled SQL training samples, the method further includes:
performing syntax analysis on a plurality of labeled SQL training samples and/or a plurality of unlabeled SQL training samples by adopting a preset SQL syntax analysis algorithm to obtain labeled training syntax trees corresponding to the labeled SQL training samples and/or unlabeled training syntax trees corresponding to the unlabeled SQL training samples; and determining redundant data in each grammar tree according to each labeled training grammar tree and/or the tree structure of the unlabeled training grammar tree and data information in each leaf node, and removing the redundant data to obtain a plurality of preprocessed labeled training grammar trees and/or a plurality of preprocessed unlabeled training grammar trees.
Specifically, the redundant data may be removed, or the redundant data may be processed uniformly according to the data type of the redundant data to convert into preset specified content.
Illustratively, each labeled training syntax tree, and/or each unlabeled training syntax tree may have a number in its leaf node that is translated to 0, a common string that is translated to'? ', the character string containing the SQL keyword is converted into', and the SQL annotation information is converted into '. I.e., converting redundant data in each syntax tree into prescribed symbols to obtain a plurality of preprocessed labeled training syntax trees and/or a preset number of preprocessed unlabeled training syntax trees.
Specifically, in an embodiment, each preprocessed labeled training syntax tree and/or each preprocessed unlabeled training syntax tree may be converted into a corresponding SQL mode to obtain a labeled training SQL mode and/or an unlabeled training SQL mode; and based on a preset bag-of-words model, performing feature extraction on the labeled training SQL mode and/or the unlabeled training SQL mode.
It should be explained that the SQL schema specifically refers to a representation of a data set, wherein each preprocessed labeled training syntax tree and/or each preprocessed unlabeled training syntax tree is a syntax tree that is subjected to redundant data elimination or transformation provided in the embodiment of the present application, and each syntax tree corresponds to each SQL schema one to one.
After the labeled training SQL mode and/or the unlabeled training SQL mode are/is input into the preset bag-of-words model, the labeled training SQL mode and/or each labeled SQL training sample corresponding to the unlabeled training SQL mode and/or the statement feature corresponding to the unlabeled SQL training sample can be determined based on the bag-of-words model, and the labeled feature vector and/or the unlabeled feature vector corresponding to each statement feature are/is generated.
Exemplarily, as shown in fig. 4, a flow diagram of an exemplary SQL injection detection model construction method provided in the embodiment of the present application is shown, where the SQL injection detection model construction method shown in fig. 4 is an exemplary implementation manner of the QL injection detection model construction method shown in fig. 3, and the two methods have the same principle and are not described again.
The SQL injection detection model constructed in the embodiment of the application is particularly suitable for scenes with shortage of professional labeling manpower and short system start-up, and the accuracy of the detection result is improved by combining a small amount of labeled SQL training samples and a large amount of unlabeled SQL training samples. And moreover, a large amount of manpower is not required to be consumed for marking, and the manpower resource is further saved.
According to the SQL injection detection model construction method provided by the embodiment of the application, a plurality of labeled SQL training samples are obtained; wherein the labels comprise an injection statement label and a normal statement label; constructing an SQL injection detection model based on a neural network according to preset detection requirements; performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples; training the SQL injection detection model according to the characteristic vectors with the labels and the labels corresponding to the characteristic vectors with the labels to obtain the trained SQL injection detection model; obtaining a plurality of unlabeled SQL training samples; performing feature extraction on a plurality of unlabeled SQL training samples to obtain corresponding unlabeled feature vector sets; inputting the label-free feature vector set into the trained SQL injection detection model to obtain labels and confidence degrees corresponding to the label-free SQL training samples; judging whether the confidence corresponding to each non-label feature vector belongs to a confidence interval or not according to a preset confidence interval; when the confidence degree corresponding to at least one non-label feature vector belongs to the confidence degree interval, extracting a preset number of non-label feature vectors according to the confidence degree ascending sorting result of the at least one non-label feature vector, and setting labels for the non-label feature vectors; adding the unlabeled characteristic vector with the label into the original labeled characteristic vector to serve as a new labeled characteristic vector, returning to the step of training the SQL injection detection model according to the labeled characteristic vector and the labels corresponding to the labeled characteristic vectors to obtain the trained SQL injection detection model; and when the confidences corresponding to the label-free feature vectors do not belong to the confidence coefficient interval, determining the trained SQL injection detection model as a target SQL injection detection model. According to the SQL injection detection model construction method provided by the scheme, the constructed SQL injection detection model is subjected to model training by using a small number of labeled SQL training samples and a large number of unlabeled SQL training samples, labeled SQL training sample resources are saved, meanwhile, the SQL injection detection model capable of accurately detecting SQL injection statements in a network environment is obtained, and a foundation is laid for improving the accuracy of SQL injection detection results.
The embodiment of the application provides an SQL injection detection method, which is used for injection detection of SQL statements in a network environment. The execution subject of the embodiment of the present application is an electronic device, such as a server, a desktop computer, a notebook computer, a tablet computer, and other electronic devices that can be used for SQL injection detection.
As shown in fig. 5, a schematic flow diagram of an SQL injection detection method provided in the embodiment of the present application is shown, where the method includes:
step 501, acquiring an SQL statement to be detected;
step 502, performing feature extraction on an SQL statement to be detected to obtain a feature vector corresponding to the SQL statement to be detected;
step 503, inputting the feature vector into the target SQL injection detection model constructed by the SQL injection detection model construction method provided in the foregoing embodiment, so as to generate a corresponding detection result.
Specifically, in an embodiment, the method further includes: judging whether the SQL sentence to be detected is an injection sentence or not according to the detection result; and when the SQL sentence to be detected is determined to be the injection sentence, generating injection alarm information.
Specifically, while the alarm information is generated, the access of the current client is also terminated, so that a network attacker is prevented from carrying out malicious attack.
Furthermore, the generated injection alarm information is reported out to remind related operators to take corresponding safety measures in time. The reporting mode of the injection alarm information can be short message reporting, warning lamp reporting or alarm sound reporting, and the like, and the specific embodiment of the application is not limited;
correspondingly, when the SQL sentence to be detected is determined to be the normal sentence, returning to the step of obtaining the SQL sentence to be detected.
Exemplarily, as shown in fig. 6, a schematic flow diagram of an exemplary SQL injection detection method provided in an embodiment of the present application is shown, where the SQL injection detection method shown in fig. 6 is an exemplary implementation manner of the SQL injection method shown in fig. 5, and the two methods have the same principle and are not described again.
According to the SQL injection detection method provided by the embodiment of the application, the SQL sentences to be detected are obtained; performing feature extraction on the SQL sentence to be detected to obtain a feature vector corresponding to the SQL sentence to be detected; and inputting the characteristic vector into a pre-constructed SQL injection detection model to generate a corresponding detection result. According to the SQL injection detection method provided by the scheme, the SQL injection detection is carried out by utilizing the pre-constructed SQL injection detection model, the SQL sentence to be detected can be accurately detected by the model, the accuracy of the detection result is improved, and a foundation is laid for improving the safety of a network environment.
The embodiment of the application provides a device for constructing an SQL injection detection model, which is used for executing the method for constructing the SQL injection detection model provided by the embodiment.
Fig. 7 is a schematic structural diagram of an SQL injection detection model building apparatus according to an embodiment of the present application. The apparatus 70 comprises: a first obtaining module 701, a constructing module 702, a first feature extracting module 703, a training module 704, a second obtaining module 705, a second feature extracting module 706, a learning module 707, a judging module 708, a first determining module 709, and a second determining module 710.
The system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a plurality of SQL training samples with labels; wherein the labels comprise an injection statement label and a normal statement label; the construction module is used for constructing an SQL injection detection model based on a neural network according to preset detection requirements; the first feature extraction module is used for performing feature extraction on a plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples; the training module is used for training the SQL injection detection model according to the labeled characteristic vectors and the labels corresponding to the labeled characteristic vectors so as to obtain the trained SQL injection detection model; the second acquisition module is used for acquiring a plurality of unlabeled SQL training samples; the second feature extraction module is used for performing feature extraction on the plurality of unlabeled SQL training samples to obtain corresponding unlabeled feature vector sets; the learning module is used for inputting the label-free feature vector set into the trained SQL injection detection model so as to obtain labels and confidence degrees corresponding to the label-free SQL training samples; the judging module is used for judging whether the confidence corresponding to each non-label feature vector belongs to the confidence interval or not according to the preset confidence interval; the first determining module is used for extracting a preset number of non-label feature vectors according to the confidence ascending sorting result of the at least one non-label feature vector when the confidence corresponding to the at least one non-label feature vector is determined to belong to the confidence interval, and setting labels for the non-label feature vectors; adding the unlabeled characteristic vector with the label into the original labeled characteristic vector to serve as a new labeled characteristic vector, returning to the step of training the SQL injection detection model according to the labeled characteristic vector and the labels corresponding to the labeled characteristic vectors to obtain the trained SQL injection detection model; and the second determining module is used for determining the trained SQL injection detection model as the target SQL injection detection model when determining that the confidence degrees corresponding to the characteristic vectors without the labels do not belong to the confidence degree interval.
Specifically, in an embodiment, the apparatus further comprises:
the preprocessing module is used for carrying out syntax analysis on a plurality of labeled SQL training samples and/or a plurality of unlabeled SQL training samples by adopting a preset SQL syntax analysis algorithm to obtain labeled training syntax trees corresponding to the labeled SQL training samples and/or unlabeled training syntax trees corresponding to the unlabeled SQL training samples;
and determining redundant data in each grammar tree according to each labeled training grammar tree and/or the tree structure of the unlabeled training grammar tree and data information in each leaf node, and removing the redundant data to obtain a plurality of preprocessed labeled training grammar trees and/or a plurality of preprocessed unlabeled training grammar trees.
Specifically, in an embodiment, the first feature extraction module and/or the second feature extraction module is specifically configured to:
converting each preprocessed labeled training syntax tree and/or each preprocessed unlabeled training syntax tree into a corresponding SQL mode to obtain a labeled training SQL mode and/or an unlabeled training SQL mode;
and based on a preset bag-of-words model, performing feature extraction on the labeled training SQL mode and/or the unlabeled training SQL mode.
With regard to the SQL injection detection model construction apparatus in the present embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment related to the method, and will not be elaborated here.
The SQL injection detection model construction device provided in the embodiment of the present application is configured to execute the SQL injection detection model construction method provided in the above embodiment, and an implementation manner thereof is the same as a principle, and is not described again.
The embodiment of the application provides a device for constructing an SQL injection detection model, which is used for executing the method for constructing the SQL injection detection model provided by the embodiment.
Fig. 8 is a schematic structural diagram of an SQL injection detection apparatus according to an embodiment of the present application. The apparatus 80 comprises: an acquisition module 801, a third feature extraction module 802 and a detection module 803.
The system comprises an acquisition module, a detection module and a processing module, wherein the acquisition module is used for acquiring SQL sentences to be detected; the third feature extraction module is used for performing feature extraction on the SQL sentence to be detected to obtain a feature vector corresponding to the SQL sentence to be detected; the detection module is configured to input the feature vector into the target SQL injection detection model constructed in the foregoing embodiment, so as to generate a corresponding detection result.
Specifically, in an embodiment, the detection module is further configured to: judging whether the SQL sentence to be detected is an injection sentence or not according to the detection result;
and when the SQL sentence to be detected is determined to be the injection sentence, generating injection alarm information.
Specifically, in an embodiment, the detection module is further configured to: and returning to the step of acquiring the SQL sentence to be detected when the SQL sentence to be detected is determined to be a normal sentence.
With regard to the SQL injection detection apparatus in the embodiment of the present application, the specific manner in which each module performs operations has been described in detail in the embodiment of the method, and will not be elaborated here.
The SQL injection detection apparatus provided in the embodiment of the present application is configured to execute the SQL injection detection method provided in the foregoing embodiment, and an implementation manner thereof is the same as a principle, and is not described again.
The embodiment of the present application provides an electronic device, which is configured to execute the SQL injection detection model building method or the SQL injection detection method provided in the foregoing embodiment.
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device 90 includes: at least one processor 91 and memory 92;
the memory stores computer-executable instructions; the at least one processor executes the computer-executable instructions stored by the memory, causing the at least one processor to perform the SQL injection detection model construction method, or the SQL injection detection method, provided by any of the embodiments above.
The electronic device provided in the embodiment of the present application is configured to execute the SQL injection detection model construction method provided in the foregoing embodiment, or the SQL injection detection method, and an implementation manner thereof is the same as a principle, and is not described again.
An embodiment of the present application provides a computer-readable storage medium, where a computer execution instruction is stored in the computer-readable storage medium, and when a processor executes the computer execution instruction, the SQL injection detection model construction method or the SQL injection detection method provided in any of the above embodiments is implemented.
The storage medium including the computer-executable instructions of the embodiment of the present application may be used to store the SQL injection detection model construction method provided in the foregoing embodiment, or the computer-executable instructions of the SQL injection detection method, and an implementation manner thereof is the same as the principle, and is not described again.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A method for constructing an SQL injection detection model is characterized by comprising the following steps:
obtaining a plurality of labeled SQL training samples; wherein the tags include an injection statement tag and a normal statement tag;
constructing an SQL injection detection model based on a neural network according to preset detection requirements;
performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples;
training the SQL injection detection model according to the labeled feature vectors and labels corresponding to the labeled feature vectors to obtain a trained SQL injection detection model;
obtaining a plurality of unlabeled SQL training samples;
performing feature extraction on the plurality of label-free SQL training samples to obtain corresponding label-free feature vector sets;
inputting the label-free characteristic vector set into the trained SQL injection detection model to obtain labels and confidence degrees corresponding to the label-free SQL training samples;
judging whether the confidence corresponding to each non-label feature vector belongs to the confidence interval or not according to a preset confidence interval;
when the confidence degree corresponding to at least one non-label feature vector belongs to the confidence degree interval, extracting a preset number of non-label feature vectors according to the confidence degree ascending sorting result of the at least one non-label feature vector, and setting labels for the non-label feature vectors; adding the unlabeled feature vector with the label into the original labeled feature vector to serve as a new labeled feature vector, returning to the label corresponding to the labeled feature vector and each labeled feature vector according to the labeled feature vector, and training the SQL injection detection model to obtain a trained SQL injection detection model;
and when determining that the confidence degrees corresponding to the non-label characteristic vectors do not belong to the confidence degree interval, determining the trained SQL injection detection model as a target SQL injection detection model.
2. The SQL injection detection model building method according to claim 1, wherein before performing feature extraction on the plurality of labeled SQL training samples and/or before performing feature extraction on the plurality of unlabeled SQL training samples, the method further comprises:
performing syntax analysis on the plurality of labeled SQL training samples and/or the plurality of unlabeled SQL training samples by adopting a preset SQL syntax analysis algorithm to obtain labeled training syntax trees corresponding to the labeled SQL training samples and/or unlabeled training syntax trees corresponding to the unlabeled SQL training samples;
and determining redundant data in each grammar tree according to each labeled training grammar tree and/or the tree structure of the unlabeled training grammar tree and data information in each leaf node, and removing the redundant data to obtain a plurality of preprocessed labeled training grammar trees and/or a plurality of preprocessed unlabeled training grammar trees.
3. The method for constructing an SQL injection detection model according to claim 2, wherein the performing feature extraction on the plurality of labeled SQL training samples and/or the performing feature extraction on the plurality of unlabeled SQL training samples comprises:
converting each preprocessed labeled training syntax tree and/or each preprocessed unlabeled training syntax tree into a corresponding SQL mode to obtain a labeled training SQL mode and/or an unlabeled training SQL mode;
and based on a preset bag-of-words model, performing feature extraction on the labeled training SQL mode and/or the unlabeled training SQL mode.
4. An SQL injection detection method, comprising:
acquiring an SQL sentence to be detected;
performing feature extraction on the SQL sentences to be detected to obtain feature vectors corresponding to the SQL sentences to be detected;
inputting the feature vector into a target SQL injection detection model constructed by the SQL injection detection model construction method according to any one of claims 1 to 3 to generate a corresponding detection result.
5. The SQL injection detection method of claim 4, further comprising:
judging whether the SQL sentence to be detected is an injection sentence or not according to the detection result;
and when the SQL sentence to be detected is determined to be an injection sentence, generating injection alarm information.
6. The SQL injection detection method of claim 4, further comprising: and returning to the step of acquiring the SQL sentence to be detected when the SQL sentence to be detected is determined to be a normal sentence.
7. An SQL injection detection model construction device is characterized by comprising the following components:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a plurality of SQL training samples with labels; wherein the tags include an injection statement tag and a normal statement tag;
the construction module is used for constructing an SQL injection detection model based on a neural network according to preset detection requirements;
the first feature extraction module is used for performing feature extraction on the plurality of labeled SQL training samples to obtain labeled feature vectors corresponding to the labeled SQL training samples;
the training module is used for training the SQL injection detection model according to the labeled characteristic vectors and the labels corresponding to the labeled characteristic vectors so as to obtain a trained SQL injection detection model;
the second acquisition module is used for acquiring a plurality of unlabeled SQL training samples;
the second feature extraction module is used for performing feature extraction on the plurality of unlabeled SQL training samples to obtain corresponding unlabeled feature vector sets;
the learning module is used for inputting the label-free feature vector set into the trained SQL injection detection model so as to obtain labels and confidence degrees corresponding to the label-free SQL training samples;
the judging module is used for judging whether the confidence corresponding to each non-label feature vector belongs to the confidence interval or not according to a preset confidence interval;
the first determining module is used for extracting a preset number of non-label feature vectors according to the confidence ascending sorting result of at least one non-label feature vector when the confidence corresponding to the at least one non-label feature vector is determined to belong to the confidence interval, and setting labels for the non-label feature vectors; adding the unlabeled feature vector with the label into the original labeled feature vector to serve as a new labeled feature vector, returning to the label corresponding to the labeled feature vector and each labeled feature vector according to the labeled feature vector, and training the SQL injection detection model to obtain a trained SQL injection detection model;
and the second determining module is used for determining that the trained SQL injection detection model is the target SQL injection detection model when determining that the confidence degrees corresponding to the non-label characteristic vectors do not belong to the confidence degree interval.
8. An SQL injection detection apparatus, comprising:
the acquisition module is used for acquiring the SQL sentences to be detected;
the third feature extraction module is used for performing feature extraction on the SQL sentence to be detected to obtain a feature vector corresponding to the SQL sentence to be detected;
a detection module, configured to input the feature vector into a target SQL injection detection model constructed by the SQL injection detection model construction method according to any of claims 1 to 3, so as to generate a corresponding detection result.
9. An electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the SQL injection detection model construction method according to any of claims 1-3 or the SQL injection detection method according to any of claims 4-6.
10. A computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, implement the SQL injection detection model construction method according to any of claims 1-3 or the SQL injection detection method according to any of claims 4-6.
CN202010997062.XA 2020-09-21 2020-09-21 SQL injection detection model construction method and detection method Active CN112069498B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010997062.XA CN112069498B (en) 2020-09-21 2020-09-21 SQL injection detection model construction method and detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010997062.XA CN112069498B (en) 2020-09-21 2020-09-21 SQL injection detection model construction method and detection method

Publications (2)

Publication Number Publication Date
CN112069498A true CN112069498A (en) 2020-12-11
CN112069498B CN112069498B (en) 2023-11-21

Family

ID=73681156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010997062.XA Active CN112069498B (en) 2020-09-21 2020-09-21 SQL injection detection model construction method and detection method

Country Status (1)

Country Link
CN (1) CN112069498B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966268A (en) * 2021-03-02 2021-06-15 全球能源互联网研究院有限公司 SQL detection method and system based on neural network model and Hash matching
CN112966507A (en) * 2021-03-29 2021-06-15 北京金山云网络技术有限公司 Method, device, equipment and storage medium for constructing recognition model and identifying attack
CN113343051A (en) * 2021-06-04 2021-09-03 全球能源互联网研究院有限公司 Abnormal SQL detection model construction method and detection method
CN113726787A (en) * 2021-08-31 2021-11-30 中国平安人寿保险股份有限公司 SQL injection generation method, device, equipment and storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108549814A (en) * 2018-03-24 2018-09-18 西安电子科技大学 A kind of SQL injection detection method based on machine learning, database security system
CN108632263A (en) * 2018-04-25 2018-10-09 杭州闪捷信息科技股份有限公司 A kind of detection method of SQL injection point
CN109194677A (en) * 2018-09-21 2019-01-11 郑州云海信息技术有限公司 A kind of SQL injection attack detection, device and equipment
KR101949338B1 (en) * 2018-11-13 2019-02-18 (주)시큐레이어 Method for detecting sql injection from payload based on machine learning model and apparatus using the same
US20190065507A1 (en) * 2017-08-22 2019-02-28 Beijing Baidu Netcom Science And Technology Co., Ltd. Method and apparatus for information processing
CN109413028A (en) * 2018-08-29 2019-03-01 集美大学 SQL injection detection method based on convolutional neural networks algorithm
CN110362597A (en) * 2019-06-28 2019-10-22 华为技术有限公司 A kind of structured query language SQL injection detection method and device
CN110414219A (en) * 2019-07-24 2019-11-05 长沙市智为信息技术有限公司 Detection method for injection attack based on gating cycle unit Yu attention mechanism
CN111126038A (en) * 2019-12-24 2020-05-08 北京明略软件系统有限公司 Information acquisition model generation method and device and information acquisition method and device
CN111291070A (en) * 2020-01-20 2020-06-16 南京星环智能科技有限公司 Abnormal SQL detection method, equipment and medium
CN111314388A (en) * 2020-03-26 2020-06-19 北京百度网讯科技有限公司 Method and apparatus for detecting SQL injection

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190065507A1 (en) * 2017-08-22 2019-02-28 Beijing Baidu Netcom Science And Technology Co., Ltd. Method and apparatus for information processing
CN108549814A (en) * 2018-03-24 2018-09-18 西安电子科技大学 A kind of SQL injection detection method based on machine learning, database security system
CN108632263A (en) * 2018-04-25 2018-10-09 杭州闪捷信息科技股份有限公司 A kind of detection method of SQL injection point
CN109413028A (en) * 2018-08-29 2019-03-01 集美大学 SQL injection detection method based on convolutional neural networks algorithm
CN109194677A (en) * 2018-09-21 2019-01-11 郑州云海信息技术有限公司 A kind of SQL injection attack detection, device and equipment
KR101949338B1 (en) * 2018-11-13 2019-02-18 (주)시큐레이어 Method for detecting sql injection from payload based on machine learning model and apparatus using the same
CN110362597A (en) * 2019-06-28 2019-10-22 华为技术有限公司 A kind of structured query language SQL injection detection method and device
CN110414219A (en) * 2019-07-24 2019-11-05 长沙市智为信息技术有限公司 Detection method for injection attack based on gating cycle unit Yu attention mechanism
CN111126038A (en) * 2019-12-24 2020-05-08 北京明略软件系统有限公司 Information acquisition model generation method and device and information acquisition method and device
CN111291070A (en) * 2020-01-20 2020-06-16 南京星环智能科技有限公司 Abnormal SQL detection method, equipment and medium
CN111314388A (en) * 2020-03-26 2020-06-19 北京百度网讯科技有限公司 Method and apparatus for detecting SQL injection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李铭;邢光升;王芝辉;王晓东;: "SQL注入行为实时在线智能检测技术研究", 湖南大学学报(自然科学版), no. 08 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966268A (en) * 2021-03-02 2021-06-15 全球能源互联网研究院有限公司 SQL detection method and system based on neural network model and Hash matching
CN112966507A (en) * 2021-03-29 2021-06-15 北京金山云网络技术有限公司 Method, device, equipment and storage medium for constructing recognition model and identifying attack
CN113343051A (en) * 2021-06-04 2021-09-03 全球能源互联网研究院有限公司 Abnormal SQL detection model construction method and detection method
CN113343051B (en) * 2021-06-04 2024-04-16 全球能源互联网研究院有限公司 Abnormal SQL detection model construction method and detection method
CN113726787A (en) * 2021-08-31 2021-11-30 中国平安人寿保险股份有限公司 SQL injection generation method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN112069498B (en) 2023-11-21

Similar Documents

Publication Publication Date Title
CN112069498B (en) SQL injection detection model construction method and detection method
CN107679039B (en) Method and device for determining statement intention
CN111723209A (en) Semi-supervised text classification model training method, text classification method, system, device and medium
CN111885000A (en) Network attack detection method, system and device based on graph neural network
CN113986864A (en) Log data processing method and device, electronic equipment and storage medium
CN111881398B (en) Page type determining method, device and equipment and computer storage medium
CN116402630B (en) Financial risk prediction method and system based on characterization learning
CN112446209A (en) Method, equipment and device for setting intention label and storage medium
CN112417887A (en) Sensitive word and sentence recognition model processing method and related equipment thereof
CN116361147A (en) Method for positioning root cause of test case, device, equipment, medium and product thereof
CN113094625B (en) Page element positioning method and device, electronic equipment and storage medium
CN116739408A (en) Power grid dispatching safety monitoring method and system based on data tag and electronic equipment
CN116719683A (en) Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium
CN115344563A (en) Data deduplication method and device, storage medium and electronic equipment
CN116306663A (en) Semantic role labeling method, device, equipment and medium
EP3889802A1 (en) Method and apparatus for image processing, electronic device, computer readable storage medium, and computer program product
CN112364649B (en) Named entity identification method and device, computer equipment and storage medium
CN115098687A (en) Alarm checking method and device for scheduling operation of electric power SDH optical transmission system
CN115269862A (en) Electric power question-answering and visualization system based on knowledge graph
CN114372082B (en) Data query method and device based on artificial intelligence, electronic equipment and medium
US11973792B1 (en) Generating vulnerability check information for performing vulnerability assessments
CN108038230B (en) Information generation method and device based on artificial intelligence
CN115618857A (en) Threat information processing method, threat information pushing method and device
CN115268933A (en) Method and device for automatically generating process document, computer equipment and storage medium
CN113343051A (en) Abnormal SQL detection model construction method and detection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant