面向网络环境的SQL注入行为检测方法

赵宇飞; 熊刚; 贺龙涛; 李舟军

doi:10.11959/j.issn.1000-436x.2016034

您当前的位置：

首页 >

文章列表页 >

面向网络环境的SQL注入行为检测方法

学术论文 | 更新时间：2024-06-05

- 面向网络环境的SQL注入行为检测方法
- Approach to detecting SQL injection behaviors in network environment
- 通信学报 2016年37卷第2期页码：89-98
- 作者机构：
  
  1. 北京航空航天大学计算机学院，北京 100083
  2. 中国科学院信息工程研究所，北京 100093
  3. 国家计算机网络应急技术处理协调中心，北京 100029
- 作者简介：
  
  [ "赵宇飞（1990），男，山西太原人，北京航空航天大学博士生，主要研究方向为网络安全。" ]
  [ "熊刚（1977），男，湖北汉川人，博士，中国科学院信息工程研究所正高级工程师、博士生导师，主要研究方向为网络测量、信息对抗、信息安全等。" ]
  [ "贺龙涛（1974），男，贵州遵义人，博士，国家计算机网络应急技术处理协调中心正高级工程师、博士生导师，主要研究方向为信息安全。" ]
  [ "李舟军（1963），男，湖南湘乡人，博士，北京航空航天大学教授、博士生导师，主要研究方向为网络与信息安全、数据挖掘与人工智能。" ]
- 基金信息：
  
  国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016004);国家自然科学基金资助项目(61170189);国家自然科学基金资助项目(61370126);教育部博士点基金资助项目(20111102130003);国家科技支撑计划基金资助项目(2012BAH46B02);国家科技支撑计划基金资助项目(2012BAH46B04);中国科学院战略性科技先导专项基金资助项目(XDA06030200)
- DOI：10.11959/j.issn.1000-436x.2016034
  中图分类号： TP393
- 网络出版日期：2016-02，
  
  纸质出版日期：2016-02-15
- 稿件说明：
移动端阅览
赵宇飞, 熊刚, 贺龙涛, 等. 面向网络环境的SQL注入行为检测方法[J]. 通信学报, 2016,37(2):89-98.

Yu-fei ZHAO, Gang XIONG, Long-tao HE, et al. Approach to detecting SQL injection behaviors in network environment[J]. Journal on communications, 2016, 37(2): 89-98.
赵宇飞, 熊刚, 贺龙涛, 等. 面向网络环境的SQL注入行为检测方法[J]. 通信学报, 2016,37(2):89-98. DOI： 10.11959/j.issn.1000-436x.2016034.

Yu-fei ZHAO, Gang XIONG, Long-tao HE, et al. Approach to detecting SQL injection behaviors in network environment[J]. Journal on communications, 2016, 37(2): 89-98. DOI： 10.11959/j.issn.1000-436x.2016034.

摘要

SQL 注入攻击是 Web 应用面临的主要威胁之一，传统的检测方法针对客户端或服务器端进行。通过对SQL注入的一般过程及其流量特征分析，发现其在请求长度、连接数以及特征串等方面，与正常流量相比有较大区别

并据此提出了基于长度、连接频率和特征串的LFF（length-frequency-feature）检测方法，首次从网络流量分析的角度检测SQL注入行为。实验结果表明，在模拟环境下，LFF检测方法召回率在95%以上，在真实环境下，该方法也取得较好的检测效果。

Abstract

SQL injection attack is one of the main threats that many Web applications faced with. The traditional detection method depended on the clients or servers. Firstly the process of SQL injection attack was analyzed

and then the differences between attack traffic and normal traffic HTTP request length

HTTP connections and feature string were discovered. Based on the request length

request frequency and feature string

a new method

LFF (length-frequency-feature)

was proposed to detect SQL injection behaviors from network traffic. The results of experiments indicated that in simulation environments the recall of LFF approach reach up to 95%

and in real network traffic the LFF approach also get a good detection result.

关键词

Keywords

references

OWASP 2013 top 10 risks [EB/OL ] . https://www.owasp.org/index.php/Top_10_2013-Top_10 https://www.owasp.org/index.php/Top_10_2013-Top_10 , 2015 - 3 - 12 .

MCDONALD, S . SQL Injection: modes of attack, defense, and why it matters [EB/OL ] . http://www.governmentsecurity.org/articles/SQLInjectionModesofAttackDefenceandWhyItMatters.php http://www.governmentsecurity.org/articles/SQLInjectionModesofAttackDefenceandWhyItMatters.php , 2015 - 3 - 11 .

ORSO A , HALFOND W G J , VIEGAS J . A classification of SQL injection attacks and countermeasures [C ] // The International Symposium on Secure Software Engineering . c2006 .

APPELT D , NGUYEN D C , BRIAND L . Behind an application irewall, are we safe from SQL injection attacks [C ] // IEEE International Conference on Software Testing, Verification and Validation (ICST) . c2015 : 1 - 10 .

马小婷 , 胡国平 , 李舟军 . SQL注入漏洞检测与防御技术研究 [J ] . 计算机安全 , 2010 ( 11 ): 18 - 24 .

MA X T , HU G P , LI Z J . Research on detection and prevention technologies for SQL injection vulnerability [J ] . Computer Security , 2010 ( 11 ): 18 - 24 .

HALFOND W G J , ORSO A . AMNESIA: analysis and monitorin for NEutralizing SQL-injection attacks [C ] // 20th IEEE/ACM International Conference on Automated Software Engineering . ACM , c2005 : 174 - 183 .

HALFOND W G J , ORSO A . Detection and prevention of SQL injection attacks [J ] . Malware Detection , 2006 , ( 27 ): 85 - 109 .

SHAR L K , TAN H B K , BRIAND L C . Mining SQL injection cross site scripting vulnerabilities using hybrid program analysis [C ] // 2013 International Conference on Software Engineering . IEEE Press , c2013 : 642 - 651 .

SHAHRIAR H , NORTH S , CHEN W C . Early detection of SQL injection attacks [J ] . International Journal of Network Security ＆ Its Applications , 2013 , 5 ( 4 ): 53 - 65 .

VALEUR F , MUTZ D , VIGNA G . A learning-based approach to the detection of SQL attacks [M ] . Detection of Intrusions and Malware, and Vulnerability Assessment , Springer Berlin Heidelberg , 2005 : 123 - 140 .

KEMALIS K , TZOURAMANIS T . SQL-IDS: a specification-based approach for SQL-injection detections [C ] // 2008 ACM Symposium on Applied Computing . ACM , c2008 : 2153 - 2158 .

陆开奎 . 基于动态污点分析的漏洞攻击检测技术研究与实现 [D ] . 成都: 电子科技大学 , 2013 .

LU K K . The Research and realization of dynamic taint analysis based security attack detection technology [D ] . Chengdu: University of Electronic Science and Technology of China , 2013 .

HUANG Y W , HUANG S K , TSAI C H . Web application security assessment by fault injection and behavior monitoring [C ] // WWW’03 International Conference on World Wide Web . c2003 : 148 - 159 .

KALS S , KIRDA E , KRUEGEL C , et al . SecuBat: a Web vulnerability scanner [C ] // International Conference on World Wide Web . c2006 : 247 - 256 .

APPELT D , NGUYEN C D , BRIAND L C , et al . Automated testing for SQL injection vulnerabilities: an input mutation approach [C ] // In ternational Symposium on Software Testing ＆ Analysis . c2014 : 259 - 269 .

王苏南 . 高速复杂网络环境下异常流量检测技术研究 [D ] . 郑州:解放军信息工程大学 , 2012 .

WANG S N . Research on anomaly detection technology in high-speed complex network environment [D ] . Zhengzhou: PLA Information Engineering University , 2012 .

ZHANG J , XIANG Y , WANG Y , et al . Network traffic classification using correlation information [J ] . IEEE Transactions on Parallel ＆ Distributed Systems , 2013 , 24 ( 1 ): 104 - 117 .

周爱平 , 程光 , 郭晓军 . 高速网络流量测量方法 [J ] . 软件学报 , 2014 , 25 ( 1 ): 135 - 153 .

ZHOU A P , CHENG G , GUO X J . High-speed network traffic measurement method [J ] . Journal of Software , 2014 , 25 ( 1 ): 135 - 153 .

王鹏 , 兰巨龙 , 陈庶樵 . 粒度自适应的多径流量分割算法 [J ] . 通信学报 , 2015 , 36 ( 1 ): 211 - 217 .

WANG P , LAN J L , CHEN S Q . Multipath traffic splitting algorithm based on adaptive granularity [J ] . Journal on Communicatio , 2015 , 36 ( 1 ): 211 - 217 .

Pangolin-SQLinjection tools [EB/OL ] . http://nosec.org/cn/productservice/pangolin http://nosec.org/cn/productservice/pangolin , 2014 - 12 - 22 .

Sqlmap-Automatic SQL injection and databasetakeover tool [EB/OL ] . http://sqlmap.org/ http://sqlmap.org/ , 2015 - 3 - 5 .

浏览量

690

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

网络异常检测中的流量表示研究

基于VAE-CWGAN和特征统计重要性融合的网络入侵检测方法

基于网络流量水平等级预测的自适应随机早期检测算法

基于多尺度特征的网络流量异常检测方法

基于自相似流量水平分级预测的网络队列调度算法