Netinfo Security ›› 2015, Vol. 15 ›› Issue (6): 1-6.doi: 10.3969/j.issn.1671-1122.2015.06.001

    Next Articles

Research on Double Layer Defense Model for SQL Injection Attack Based on Classification

TIAN Yu-jie(), ZHAO Ze-mao, WANG Li-jun, LIAN Ke   

  1. Department of Communication Engineering, Hangzhou Dianzi University, Hangzhou Zhejiang 310018, China
  • Received:2015-05-13 Online:2015-06-20 Published:2018-07-16

Abstract:

In recent years, some progresses have been made on the research on SQL injection attack defense. However, the present measures of SQL injection attack defense still have limitations. This paper studies the problems existing in the SQL injection attack defense. At first, for the misinformation problem of normal data existing in the user inputs, a measure to filter user inputs is proposed which is based on Http request classification, and the measure of grammatical structure comparison is proposed to solve the underreporting problem of malicious data. Secondly, for the low detection efficiency problem existing in the measure of grammatical structure comparison, a dynamic query matching measure based on the parameterized classification is proposed. Finally, based on the above two measures, a double layer defense model based on classification for SQL injection attack is proposed. The experimental results show that the defense model has good defense capability against SQL injection attacks, which can effectively reduce the misinformation rate and the underreporting rate existing in user input filtering, and improve the detection efficiency of the measure of the grammatical structure comparison.

Key words: SQL injection attack, user input filtering, grammatical structure comparison, defense model

CLC Number: