CN113190839A - Web attack protection method and system based on SQL injection - Google Patents

Web attack protection method and system based on SQL injection Download PDF

Info

Publication number
CN113190839A
CN113190839A CN202110336050.7A CN202110336050A CN113190839A CN 113190839 A CN113190839 A CN 113190839A CN 202110336050 A CN202110336050 A CN 202110336050A CN 113190839 A CN113190839 A CN 113190839A
Authority
CN
China
Prior art keywords
data
access request
content
web
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110336050.7A
Other languages
Chinese (zh)
Inventor
魏力鹏
王玮
吕嵘晶
龙玉江
张克贤
苏杨
李洵
王皓然
严彬元
刘俊荣
陶佳冶
周泽元
方继宇
班秋成
周琳妍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Power Grid Co Ltd
Original Assignee
Guizhou Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Power Grid Co Ltd filed Critical Guizhou Power Grid Co Ltd
Priority to CN202110336050.7A priority Critical patent/CN113190839A/en
Publication of CN113190839A publication Critical patent/CN113190839A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a web attack protection method based on SQL injection, which comprises the following steps: acquiring a first data access request based on a web application program; analyzing the characteristics of Structured Query Language (SQL) injection in the access request, sending the characteristics to a first virtual machine based on a web application program to detect whether a web attack behavior based on SQL exists, if so, sending the access request to a virtual database to obtain data content matched with the data access request, if so, directly sending the access request to a web server to obtain the data content matched with the data access request, and if not, directly returning error information. By the first detection at the web application program end and the second detection returned by the content, the vulnerability existing in SQL injection is effectively protected, and the network security in the internet data interaction process is effectively improved.

Description

Web attack protection method and system based on SQL injection
Technical Field
The invention relates to the technical field of network security, in particular to a web attack protection method and system based on SQL injection.
Background
Structured Query Language (SQL) injection attacks, namely SQL injection attacks, may occur in any web application, generally, the web application needs to perform data interaction with a web application server, for the web application, acquiring a corresponding code or a specific database and the like may not be directly acquired, but some tests are required to be performed for confirmation, the adopted test means includes actively sending an exception request to acquire exception information returned by the web application, and using information possibly included in the exception information, an SQL statement containing an attack behavior is constructed for the web application in a targeted manner to implement an attack on the web application. The SQL injection is that an attacker sniffs bugs of the web system in the programming process of a developer by sending malicious SQL parameters, and directly searches and modifies the content of a database of the web system by utilizing the bugs so as to attack the web application program.
The web attack detection method based on SQL injection commonly used at present has some problems, in actual attack detection, an exhaustion method is mostly adopted to detect SQL injection attack loopholes existing in a web system, however, when the web system is detected for the first time, the processing method needs to call all test cases, so that the problems of low efficiency, large processing and the like are caused, in addition, the problem of simple design also exists in the selection of the existing test cases, so that the detection result is inaccurate, and even the problem of report missing rate is caused.
Disclosure of Invention
In order to solve the technical problems, the invention provides a web attack protection method and a system based on SQL injection, aiming at realizing active protection aiming at the attack behavior of the SQL injection and improving the network security.
The first aspect of the invention is realized by the following technical scheme:
a web attack protection method based on SQL injection comprises the following steps:
step S101, acquiring a first data access request based on a web application program;
step S102: analyzing the characteristics injected by the Structured Query Language (SQL) in the access request, and sending the characteristics to a first virtual machine based on a web application program to detect whether a web attack behavior based on the SQL exists or not;
step S103: and if the first matching rule is met, the access request is sent to a virtual database to obtain the data content matched with the data access request, if the second matching rule is met, the access request is directly sent to a web server to obtain the data content matched with the data access request, and if the first matching rule and the second matching rule are not matched, error information is directly returned.
Further, before the step of obtaining the first request for data access based on the web application, the method further comprises: the method comprises the steps that a classification detection model based on SQL injection is established in a first virtual machine through a machine learning algorithm in advance, the classification detection model comprises an input layer for receiving data input, a strategy layer for screening through preset rules and a result output layer, wherein the preset rules comprise a first matching rule and a second matching rule, and the first matching rule is a blacklist rule which is set in the classification detection model and does not accord with the requirements of IP addresses, form data and keywords; the second matching rule is a white list rule which is set in the classification detection model and is based on IP addresses, form data and keywords.
Further, if the first matching rule is satisfied, the step of sending the access request to a virtual database to obtain the data content matched with the data access request specifically includes:
inputting the extracted SQL characteristics into a classification detection model;
and matching the characteristics through a strategy layer, and if the matched characteristics do not belong to any one of blacklist rules based on the IP address, the form data and the key words and do not belong to any one of white list rules based on the IP address, the form data and the key words, sending the access request to a virtual database to obtain the data content matched with the data access request.
Further, the step of sending the access request to a virtual database to obtain the data content matched with the data access request specifically includes:
the virtual database receives the access request, extracts the data content attribute carried in the first request, matches the data content attribute with a content data table pre-stored in the virtual database, finds out the identification and the position of a web server and a database stored in the content data, stores the access request into a data request list in the virtual database, waits for response, establishes a second request based on the first access request, only carries the found identification of the web server and the database to obtain the content, and returns a content response message based on the first request after matching the content with the first request.
Further, if the second matching rule is satisfied, the access request is directly sent to the web server to obtain the data content matched with the first data access request, which specifically includes:
inputting the extracted SQL characteristics into a classification detection model;
and matching the characteristics through a strategy layer, allowing the access request to enter a database layer of the virtual machine if the matched characteristics belong to any one of white list rules based on the IP address, the form data and the keywords, and searching the identification and the position of a web server, a database of the data content matched with the first request in the database layer to acquire the content.
Further, after the step of acquiring the content, the method further includes inputting the acquired content and the first request matched with the content into the classification detection model of the first virtual machine again, detecting the attack behavior again, directly returning content data based on the first request if the attack behavior is not detected, and returning error information if the attack behavior is detected.
Further, the step of performing attack detection again further comprises,
and judging whether the acquired content has sensitive data, if so, extracting the acquisition permission of the sensitive data to determine whether the first access request meets the access permission, and if not, directly returning error information.
Further, if the attack behavior is detected when the attack behavior detection is performed again, the SQL behavior characteristics are input into the classification detection model, and the classification detection model is updated.
The second aspect of the present invention aims to provide a SQL injection-based web attack protection system, which includes a first virtual machine, a virtual database, a web server, and a database, wherein the first virtual machine includes:
the acquisition module is used for acquiring a first data access request based on the web application program;
the detection module is used for detecting whether the first request has an attack behavior or not and detecting whether the acquired content has the attack behavior or not;
and the processing module is used for inputting the detection content of the detection module into the classification detection model and outputting a result according to different rules.
An object of a third aspect of the present invention is to provide a readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the SQL injection-based web attack prevention method as described above.
The invention has the beneficial effects that:
the invention provides a web attack protection method based on SQL injection, which is used for acquiring a first request of data access based on a web application program; analyzing the characteristics of Structured Query Language (SQL) injection in the access request, sending the characteristics to a first virtual machine based on a web application program to detect whether a web attack behavior based on SQL exists, if so, sending the access request to a virtual database to obtain data content matched with the data access request, if so, directly sending the access request to a web server to obtain the data content matched with the data access request, and if not, directly returning error information. By the first detection at the web application program end and the second detection returned by the content, the vulnerability existing in SQL injection is effectively protected, and the network security in the internet data interaction process is effectively improved.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the present invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a flow chart of a web attack protection method based on SQL injection;
FIG. 2 is a diagram of a web attack prevention system architecture based on SQL injection.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.
As shown in fig. 1, the present invention provides a web attack protection method based on SQL injection, which specifically includes:
step S101: a first request for data access based on a web application is obtained.
The SQL injection vulnerability is a vulnerability generated in the internet data transmission process based on website security, when a web application program transmits SQL query to a backward database, if an attacker can modify the grammar or word meaning of an SQL statement, the SQL injection is possibly generated, and the attacker can carry out SQL attack through web form data, malicious IP address attack, parameter modification of Uniform Resource Locator (URL) or body of http request. Typical SQL injection attacks are mainly directed to the database of the server.
The invention aims to intercept the access request when the web application program is accessed, and determine whether the request is safe or not by detecting whether the access request is SQL injection attack or not. Therefore, in the technical scheme of the invention, the virtual machine is arranged to firstly carry out security detection locally.
Specifically, a classification detection model based on SQL injection is established in advance in the first virtual machine through a machine learning algorithm, and the classification detection model includes an input layer for receiving data input, a policy layer for performing screening through a preset rule, and a result output layer. The virtual machine in the invention can be a KVM virtual machine, QEMU (Quick Emulator independent virtual software) is used as an upper control tool of the virtual machine, and different hierarchical structures are arranged in the virtual machine. The system comprises all hierarchical structures of a classification detection model and a simulation database structure, wherein content lists and addresses of different web servers and databases are stored in the database structure, and when a request enters the database structure, remote database content can be obtained by searching corresponding data identification.
The white list and the black list are all pre-established behavior characteristics which are possibly generated based on SQL injection and are deployed, all SQL sentences without attack behaviors are recorded in the white list, all SQL sentences with attack behaviors are stored in the black list, however, an SQL injection attack mode is not invariable, some new SQL injection attack behaviors can be generated along with the development of Internet network technology, and some SQL sentences without attack behaviors can also be generated, so that real-time distinguishing is needed, therefore, a first matching rule and a second matching rule are set in the invention, and the first matching rule is a black list rule which is set in a classification detection model and does not accord with IP addresses, form data and keywords; the second matching rule is a white list rule which is set in the classification detection model and is based on IP addresses, form data and keywords. The SQL sentences which are not recorded in the black and white list may not be threatened or may be threatened, but in order not to affect the effect of content acquisition, the part of content is allowed to access data, but the data is not directly accessed, and the interception is performed through a virtual machine and a virtual database, and a new request is created for content acquisition.
Step S102: analyzing the characteristics of the Structured Query Language (SQL) injection in the access request, and sending the characteristics to a first virtual machine based on a web application program to detect whether the SQL-based web attack behavior exists.
Step S103: and if the first matching rule is met, the access request is sent to a virtual database to obtain the data content matched with the data access request, if the second matching rule is met, the access request is directly sent to a web server to obtain the data content matched with the data access request, and if the first matching rule and the second matching rule are not matched, error information is directly returned.
In the invention, the virtual machine is used for detecting the SQL statement to judge whether an attack behavior exists, a classification detection model is used in the step, and specifically, the extracted SQL characteristics are input into the classification detection model; and matching the characteristics through a strategy layer, and if the matched characteristics do not belong to any one of blacklist rules based on the IP address, the form data and the key words and do not belong to any one of white list rules based on the IP address, the form data and the key words, sending the access request to a virtual database to obtain the data content matched with the data access request.
The virtual database receives the access request, extracts the data content attribute carried in the first request, matches the data content attribute with a content data table pre-stored in the virtual database, finds out the identification and the position of a web server and a database stored in the content data, stores the access request into a data request list in the virtual database, waits for response, establishes a second request based on the first access request, only carries the found identification of the web server and the database to obtain the content, and returns a content response message based on the first request after matching the content with the first request.
According to the embodiment of the present invention, if the second matching rule is satisfied, the directly sending the access request to the web server to obtain the data content matched with the first data access request includes:
inputting the extracted SQL characteristics into a classification detection model;
and matching the characteristics through a strategy layer, allowing the access request to enter a database layer of the virtual machine if the matched characteristics belong to any one of white list rules based on the IP address, the form data and the keywords, and searching the identification and the position of a web server, a database of the data content matched with the first request in the database layer to acquire the content.
After the step of obtaining the content, the method further comprises the steps of inputting the obtained content and the first request matched with the content into the classification detection model of the first virtual machine again, detecting the attack behavior again, directly returning content data based on the first request if the attack behavior is not detected, and returning error information if the attack behavior is detected. And if the attack behavior is detected when the attack behavior detection is carried out again, inputting the SQL behavior characteristics into the classification detection model, and updating the classification detection model.
According to the purpose of the invention, some contents accessed by the web application program belong to sensitive types, such as important data, the acquisition process needs to be carefully treated.
The database layer of the virtual machine and the virtual database are arranged in the invention, and the aim of distinguishing the data according to different types of access requests is also achieved, as described above, the data received by the virtual database is neither data in a black list nor data in a white list, but the data may form a potential threat, the virtual database is required to intercept the request, and a new request is created to obtain the content to return to the corresponding request in the virtual database, and the database in the database layer of the virtual machine is a data request in the white list, so that no threat can be considered, and the data content can be directly accessed without creating a new request.
In the invention, all the acquired contents need to be detected again at the virtual machine end, no matter SQL statements in a white list without threat or request contents from a virtual data layer possibly with threat need to be detected again by the virtual machine, if no threat behavior exists, no safety threat exists, the contents can be directly returned, if the threat behavior exists, the contents are immediately cut off, and error information is returned.
According to an embodiment of the present invention, the present invention further provides a system for protecting against web attacks based on SQL injection, where the system includes a first virtual machine, a virtual database, a web server, and a database, where as shown in fig. 2, the first virtual machine includes:
the acquisition module is used for acquiring a first data access request based on the web application program;
the detection module is used for detecting whether the first request has an attack behavior or not and detecting whether the acquired content has the attack behavior or not;
and the processing module is used for inputting the detection content of the detection module into the classification detection model and outputting a result according to different rules, and the processing module further comprises steps of a specific method for realizing matching and analysis of the different rules.
According to an embodiment of the present invention, the present invention further provides a readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the web attack behavior detection method performed based on local commands as described above.
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on a display.
Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.

Claims (10)

1. A web attack protection method based on SQL injection is characterized by comprising the following steps:
step S101: acquiring a first data access request based on a web application program;
step S102: analyzing the characteristics injected by the Structured Query Language (SQL) in the access request, and sending the characteristics to a first virtual machine based on a web application program to detect whether a web attack behavior based on the SQL exists or not;
step S103: and if the first matching rule is met, the access request is sent to a virtual database to obtain the data content matched with the data access request, if the second matching rule is met, the access request is directly sent to a web server to obtain the data content matched with the data access request, and if the first matching rule and the second matching rule are not matched, error information is directly returned.
2. The SQL injection-based web attack protection method according to claim 1, wherein: before step S101, the method further includes: the method comprises the steps that a classification detection model based on SQL injection is established in a first virtual machine through a machine learning algorithm in advance, the classification detection model comprises an input layer for receiving data input, a strategy layer for screening through preset rules and a result output layer, wherein the preset rules comprise a first matching rule and a second matching rule, and the first matching rule is a blacklist rule which is set in the classification detection model and does not accord with the requirements of IP addresses, form data and keywords; the second matching rule is a white list rule which is set in the classification detection model and is based on IP addresses, form data and keywords.
3. The SQL injection-based web attack protection method according to claim 2, wherein: if the first matching rule is satisfied, sending the access request to a virtual database to obtain the data content matched with the data access request, specifically comprising:
inputting the extracted SQL characteristics into a classification detection model;
and matching the characteristics through a strategy layer, and if the matched characteristics do not belong to any one of blacklist rules based on the IP address, the form data and the key words and do not belong to any one of white list rules based on the IP address, the form data and the key words, sending the access request to a virtual database to obtain the data content matched with the data access request.
4. The SQL injection-based web attack protection method according to claim 3, wherein: the specific steps of obtaining the data content matched with the data access request include:
the virtual database receives the access request, extracts the data content attribute carried in the first request, matches the data content attribute with a content data table pre-stored in the virtual database, finds out the identification and the position of a web server and a database stored in the content data, stores the access request into a data request list in the virtual database, waits for response, establishes a second request based on the first access request, only carries the found identification of the web server and the database to obtain the content, and returns a content response message based on the first request after matching the content with the first request.
5. The SQL injection-based web attack protection method according to claim 2, wherein: if the second matching rule is satisfied, the access request is directly sent to the web server to obtain the data content matched with the first data access request, and the method specifically includes:
inputting the extracted SQL characteristics into a classification detection model;
and matching the characteristics through a strategy layer, allowing the access request to enter a database layer of the virtual machine if the matched characteristics belong to any one of white list rules based on the IP address, the form data and the keywords, and searching the identification and the position of a web server, a database of the data content matched with the first request in the database layer to acquire the content.
6. The SQL injection-based web attack protection method according to claim 4 or 5, wherein: after the step of obtaining the content, the method further comprises the steps of inputting the obtained content and the first request matched with the content into the classification detection model of the first virtual machine again, detecting the attack behavior again, directly returning content data based on the first request if the attack behavior is not detected, and returning error information if the attack behavior is detected.
7. The SQL injection-based web attack protection method according to claim 6, wherein: the specific step of detecting the attack behavior again further comprises:
and judging whether the acquired content has sensitive data, if so, extracting the acquisition permission of the sensitive data to determine whether the first access request meets the access permission, and if not, directly returning error information.
8. The SQL injection-based web attack protection method according to claim 6, wherein: and if the attack behavior is detected when the attack behavior detection is carried out again, inputting the SQL behavior characteristics into the classification detection model, and updating the classification detection model.
9. A web attack protection system based on SQL injection is characterized in that the system comprises a first virtual machine, a virtual database, a web server and a database, wherein the first virtual machine comprises:
the acquisition module is used for acquiring a first data access request based on the web application program;
the detection module is used for detecting whether the first request has an attack behavior or not and detecting whether the acquired content has the attack behavior or not;
and the processing module is used for inputting the detection content of the detection module into the classification detection model and outputting a result according to different rules.
10. A readable storage medium, on which a computer program is stored, which, when executed by a processor, carries out the steps of the SQL injection based web attack protection method according to any of claims 1 to 8.
CN202110336050.7A 2021-03-29 2021-03-29 Web attack protection method and system based on SQL injection Pending CN113190839A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110336050.7A CN113190839A (en) 2021-03-29 2021-03-29 Web attack protection method and system based on SQL injection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110336050.7A CN113190839A (en) 2021-03-29 2021-03-29 Web attack protection method and system based on SQL injection

Publications (1)

Publication Number Publication Date
CN113190839A true CN113190839A (en) 2021-07-30

Family

ID=76974407

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110336050.7A Pending CN113190839A (en) 2021-03-29 2021-03-29 Web attack protection method and system based on SQL injection

Country Status (1)

Country Link
CN (1) CN113190839A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244558A (en) * 2021-11-09 2022-03-25 上海浦东发展银行股份有限公司 Injection attack detection method and device, computer equipment and readable storage medium
CN115314255A (en) * 2022-07-11 2022-11-08 深信服科技股份有限公司 Attack result detection method and device, computer equipment and storage medium
CN115664856A (en) * 2022-12-26 2023-01-31 北京安锐卓越信息技术股份有限公司 Request filtering method, system, equipment and medium
CN116136901A (en) * 2023-04-19 2023-05-19 杭州美创科技股份有限公司 Application program anti-counterfeiting method and device, computer equipment and storage medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515931A (en) * 2009-03-24 2009-08-26 北京理工大学 Method for enhancing the database security based on agent way
CN103559444A (en) * 2013-11-05 2014-02-05 星云融创(北京)信息技术有限公司 Sql (Structured query language) injection detection method and device
CN103929440A (en) * 2014-05-09 2014-07-16 国家电网公司 Web page tamper prevention device based on web server cache matching and method thereof
CN105704146A (en) * 2016-03-18 2016-06-22 四川长虹电器股份有限公司 System and method for SQL injection prevention
CN106790292A (en) * 2017-03-13 2017-05-31 摩贝(上海)生物科技有限公司 The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis
CN107786545A (en) * 2017-09-29 2018-03-09 中国平安人寿保险股份有限公司 A kind of attack detection method and terminal device
CN111031009A (en) * 2019-11-25 2020-04-17 杭州安恒信息技术股份有限公司 Multilayer-based NOSQL injection attack detection method and device
CN111314388A (en) * 2020-03-26 2020-06-19 北京百度网讯科技有限公司 Method and apparatus for detecting SQL injection
CN111767577A (en) * 2020-07-07 2020-10-13 杭州安恒信息技术股份有限公司 SQL injection risk detection method and device, electronic device and storage medium
WO2020210538A1 (en) * 2019-04-09 2020-10-15 Prismo Systems Inc. Systems and methods for detecting injection exploits
CN111917691A (en) * 2019-05-10 2020-11-10 张长河 WEB dynamic self-adaptive defense system and method based on false response
CN112383546A (en) * 2020-11-13 2021-02-19 腾讯科技(深圳)有限公司 Method for processing network attack behavior, related device and storage medium
CN112468460A (en) * 2020-11-13 2021-03-09 平安普惠企业管理有限公司 HTTP request detection method, device, computer equipment and storage medium

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515931A (en) * 2009-03-24 2009-08-26 北京理工大学 Method for enhancing the database security based on agent way
CN103559444A (en) * 2013-11-05 2014-02-05 星云融创(北京)信息技术有限公司 Sql (Structured query language) injection detection method and device
CN103929440A (en) * 2014-05-09 2014-07-16 国家电网公司 Web page tamper prevention device based on web server cache matching and method thereof
CN105704146A (en) * 2016-03-18 2016-06-22 四川长虹电器股份有限公司 System and method for SQL injection prevention
US20180262521A1 (en) * 2017-03-13 2018-09-13 Molbase (Shanghai) Biotechnology Co., Ltd Method for web application layer attack detection and defense based on behavior characteristic matching and analysis
CN106790292A (en) * 2017-03-13 2017-05-31 摩贝(上海)生物科技有限公司 The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis
CN107786545A (en) * 2017-09-29 2018-03-09 中国平安人寿保险股份有限公司 A kind of attack detection method and terminal device
WO2020210538A1 (en) * 2019-04-09 2020-10-15 Prismo Systems Inc. Systems and methods for detecting injection exploits
CN111917691A (en) * 2019-05-10 2020-11-10 张长河 WEB dynamic self-adaptive defense system and method based on false response
CN111031009A (en) * 2019-11-25 2020-04-17 杭州安恒信息技术股份有限公司 Multilayer-based NOSQL injection attack detection method and device
CN111314388A (en) * 2020-03-26 2020-06-19 北京百度网讯科技有限公司 Method and apparatus for detecting SQL injection
CN111767577A (en) * 2020-07-07 2020-10-13 杭州安恒信息技术股份有限公司 SQL injection risk detection method and device, electronic device and storage medium
CN112383546A (en) * 2020-11-13 2021-02-19 腾讯科技(深圳)有限公司 Method for processing network attack behavior, related device and storage medium
CN112468460A (en) * 2020-11-13 2021-03-09 平安普惠企业管理有限公司 HTTP request detection method, device, computer equipment and storage medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244558A (en) * 2021-11-09 2022-03-25 上海浦东发展银行股份有限公司 Injection attack detection method and device, computer equipment and readable storage medium
CN114244558B (en) * 2021-11-09 2023-10-27 上海浦东发展银行股份有限公司 Injection attack detection method, injection attack detection device, computer equipment and readable storage medium
CN115314255A (en) * 2022-07-11 2022-11-08 深信服科技股份有限公司 Attack result detection method and device, computer equipment and storage medium
CN115314255B (en) * 2022-07-11 2023-12-29 深信服科技股份有限公司 Attack result detection method, device, computer equipment and storage medium
CN115664856A (en) * 2022-12-26 2023-01-31 北京安锐卓越信息技术股份有限公司 Request filtering method, system, equipment and medium
CN116136901A (en) * 2023-04-19 2023-05-19 杭州美创科技股份有限公司 Application program anti-counterfeiting method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US11716348B2 (en) Malicious script detection
Rodríguez et al. Cross-site scripting (XSS) attacks and mitigation: A survey
US10904286B1 (en) Detection of phishing attacks using similarity analysis
US10581879B1 (en) Enhanced malware detection for generated objects
US9871826B1 (en) Sensor based rules for responding to malicious activity
CN113190839A (en) Web attack protection method and system based on SQL injection
CN105491053A (en) Web malicious code detection method and system
CN108989355B (en) Vulnerability detection method and device
CN107612924A (en) Attacker's localization method and device based on wireless network invasion
WO2017056121A1 (en) Method for the identification and prevention of client-side web attacks
CN113190838A (en) Web attack behavior detection method and system based on expression
CN110704816B (en) Interface cracking recognition method, device, equipment and storage medium
CN113158197B (en) SQL injection vulnerability detection method and system based on active IAST
KR102362516B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
CN106250761B (en) Equipment, device and method for identifying web automation tool
KR102396237B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
Gupta et al. A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social network
CN114780398B (en) Cisco IOS-XE-oriented Web command injection vulnerability detection method
CN116932381A (en) Automatic evaluation method for security risk of applet and related equipment
CN112817877B (en) Abnormal script detection method and device, computer equipment and storage medium
CN107018152A (en) Message block method, device and electronic equipment
KR102447279B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
Medhane Efficient solution for SQL injection attack detection and prevention
KR102432649B1 (en) Processor for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
CN112351008B (en) Network attack analysis method and device, readable storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210730