CN111835757A - Hybrid compatible SQL injection detection method and system based on genetic algorithm - Google Patents
Hybrid compatible SQL injection detection method and system based on genetic algorithm Download PDFInfo
- Publication number
- CN111835757A CN111835757A CN202010662424.XA CN202010662424A CN111835757A CN 111835757 A CN111835757 A CN 111835757A CN 202010662424 A CN202010662424 A CN 202010662424A CN 111835757 A CN111835757 A CN 111835757A
- Authority
- CN
- China
- Prior art keywords
- detection
- address
- query
- data packet
- sql injection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 106
- 238000002347 injection Methods 0.000 title claims abstract description 37
- 239000007924 injection Substances 0.000 title claims abstract description 37
- 230000002068 genetic effect Effects 0.000 title claims abstract description 29
- 239000003795 chemical substances by application Substances 0.000 claims description 28
- 230000002159 abnormal effect Effects 0.000 claims description 25
- 238000000034 method Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 10
- 230000003068 static effect Effects 0.000 claims description 8
- 238000010835 comparative analysis Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 4
- 239000000243 solution Substances 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 208000018208 Hyperimmunoglobulinemia D with periodic fever Diseases 0.000 description 1
- 206010072219 Mevalonic aciduria Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000009931 harmful effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- DTXLBRAVKYTGFE-UHFFFAOYSA-J tetrasodium;2-(1,2-dicarboxylatoethylamino)-3-hydroxybutanedioate Chemical compound [Na+].[Na+].[Na+].[Na+].[O-]C(=O)C(O)C(C([O-])=O)NC(C([O-])=O)CC([O-])=O DTXLBRAVKYTGFE-UHFFFAOYSA-J 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/12—Computing arrangements based on biological models using genetic models
- G06N3/126—Evolutionary algorithms, e.g. genetic algorithms or genetic programming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biophysics (AREA)
- Theoretical Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Computer Hardware Design (AREA)
- Physiology (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Genetics & Genomics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010662424.XA CN111835757B (en) | 2020-07-10 | 2020-07-10 | Hybrid compatible SQL injection detection method and system based on genetic algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010662424.XA CN111835757B (en) | 2020-07-10 | 2020-07-10 | Hybrid compatible SQL injection detection method and system based on genetic algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111835757A true CN111835757A (en) | 2020-10-27 |
CN111835757B CN111835757B (en) | 2021-04-09 |
Family
ID=72900603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010662424.XA Active CN111835757B (en) | 2020-07-10 | 2020-07-10 | Hybrid compatible SQL injection detection method and system based on genetic algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111835757B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101594266A (en) * | 2009-07-01 | 2009-12-02 | 杭州华三通信技术有限公司 | A kind of SQL detection method for injection attack and device |
CN102332072A (en) * | 2010-11-01 | 2012-01-25 | 卡巴斯基实验室封闭式股份公司 | The system and method that is used for detection of malicious software and management Malware relevant information |
US20190104152A1 (en) * | 2017-09-29 | 2019-04-04 | Paypal, Inc. | Blind injection attack mitigation |
CN110061986A (en) * | 2019-04-19 | 2019-07-26 | 长沙理工大学 | A kind of network intrusions method for detecting abnormality combined based on genetic algorithm and ANFIS |
CN111078660A (en) * | 2018-10-19 | 2020-04-28 | 厦门靠谱云股份有限公司 | Cloud database performance safety monitoring method |
CN111371783A (en) * | 2020-03-02 | 2020-07-03 | 中国建设银行股份有限公司 | SQL injection attack detection method, device, equipment and storage medium |
-
2020
- 2020-07-10 CN CN202010662424.XA patent/CN111835757B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101594266A (en) * | 2009-07-01 | 2009-12-02 | 杭州华三通信技术有限公司 | A kind of SQL detection method for injection attack and device |
CN102332072A (en) * | 2010-11-01 | 2012-01-25 | 卡巴斯基实验室封闭式股份公司 | The system and method that is used for detection of malicious software and management Malware relevant information |
US20190104152A1 (en) * | 2017-09-29 | 2019-04-04 | Paypal, Inc. | Blind injection attack mitigation |
CN111078660A (en) * | 2018-10-19 | 2020-04-28 | 厦门靠谱云股份有限公司 | Cloud database performance safety monitoring method |
CN110061986A (en) * | 2019-04-19 | 2019-07-26 | 长沙理工大学 | A kind of network intrusions method for detecting abnormality combined based on genetic algorithm and ANFIS |
CN111371783A (en) * | 2020-03-02 | 2020-07-03 | 中国建设银行股份有限公司 | SQL injection attack detection method, device, equipment and storage medium |
Non-Patent Citations (2)
Title |
---|
ROBERT BRONTE: ""A Signature-Based Intrusion Detection System for Web Applications based on Genetic Algorithm"", 《PROCEEDINGS OF THE 9TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS》 * |
张冰琦: ""SQL注入检测算法和代码静态检测***的实现"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Also Published As
Publication number | Publication date |
---|---|
CN111835757B (en) | 2021-04-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9455981B2 (en) | Method and system for protection against information stealing software | |
KR100351306B1 (en) | Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof | |
US8959634B2 (en) | Method and system for protection against information stealing software | |
US6405318B1 (en) | Intrusion detection system | |
Desai et al. | Real time hybrid intrusion detection system using signature matching algorithm and fuzzy-GA | |
US20080256624A1 (en) | Systems and method for distributed network protection | |
US20090241196A1 (en) | Method and system for protection against information stealing software | |
Nadeem et al. | Intercept the cloud network from brute force and DDoS attacks via intrusion detection and prevention system | |
Biju et al. | Cyber attacks and its different types | |
JP3967550B2 (en) | Method and system for protecting communication devices from intrusion | |
Kizza | System intrusion detection and prevention | |
Dhir et al. | Study of machine and deep learning classifications in cyber physical system | |
Hashem et al. | A proposed technique for simultaneously detecting DDoS and SQL injection attacks | |
Kamarudin et al. | Packet header intrusion detection with binary logistic regression approach in detecting R2L and U2R attacks | |
CN111835757B (en) | Hybrid compatible SQL injection detection method and system based on genetic algorithm | |
Veena et al. | An advanced intrusion detection solution for networks based on Honeypot servers | |
Lal et al. | Data Exfiltration: Preventive and detective countermeasures | |
Saeed et al. | Machine Learning Based Intrusion Detection System in Cloud Environment | |
Jain et al. | A literature review on machine learning for cyber security issues | |
KR102671718B1 (en) | Weblog new threat detection security system that predicts new intrusions through machine learning | |
Priyalakshmi et al. | Intrusion Detection Using Enhanced Transductive Support Vector Machine | |
Nayak | Research on application of intrusion detection system in data mining | |
Aloffi | Real time network security intrusions and risk management: a survey | |
Alotibi et al. | The feasibility of using behavioural profiling technique for mitigating insider threats | |
Kayikci | Multiple discriminant data analysis for distributed denial of service attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant after: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant before: Xiamen Biebeyun Co.,Ltd. Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210407 Address after: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant before: Xiamen Biebeyun Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
CP03 | Change of name, title or address |
Address after: 361000 3F-A317, Zone C, Innovation Building, Software Park, Torch High tech Zone, Xiamen City, Fujian Province Patentee after: Fujian Reliable Cloud Computing Technology Co.,Ltd. Country or region after: China Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Patentee before: Xiamen Biebeyun Co.,Ltd. Country or region before: China |
|
CP03 | Change of name, title or address |