CN111835757A - Hybrid compatible SQL injection detection method and system based on genetic algorithm - Google Patents
Hybrid compatible SQL injection detection method and system based on genetic algorithm Download PDFInfo
- Publication number
- CN111835757A CN111835757A CN202010662424.XA CN202010662424A CN111835757A CN 111835757 A CN111835757 A CN 111835757A CN 202010662424 A CN202010662424 A CN 202010662424A CN 111835757 A CN111835757 A CN 111835757A
- Authority
- CN
- China
- Prior art keywords
- detection
- address
- query
- data packet
- sql injection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 106
- 238000002347 injection Methods 0.000 title claims abstract description 37
- 239000007924 injection Substances 0.000 title claims abstract description 37
- 230000002068 genetic effect Effects 0.000 title claims abstract description 29
- 239000003795 chemical substances by application Substances 0.000 claims description 28
- 230000002159 abnormal effect Effects 0.000 claims description 25
- 238000000034 method Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 10
- 230000003068 static effect Effects 0.000 claims description 8
- 238000010835 comparative analysis Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 4
- 239000000243 solution Substances 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 208000018208 Hyperimmunoglobulinemia D with periodic fever Diseases 0.000 description 1
- 206010072219 Mevalonic aciduria Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000009931 harmful effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- DTXLBRAVKYTGFE-UHFFFAOYSA-J tetrasodium;2-(1,2-dicarboxylatoethylamino)-3-hydroxybutanedioate Chemical compound [Na+].[Na+].[Na+].[Na+].[O-]C(=O)C(O)C(C([O-])=O)NC(C([O-])=O)CC([O-])=O DTXLBRAVKYTGFE-UHFFFAOYSA-J 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/12—Computing arrangements based on biological models using genetic models
- G06N3/126—Evolutionary algorithms, e.g. genetic algorithms or genetic programming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biophysics (AREA)
- Theoretical Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Computer Hardware Design (AREA)
- Physiology (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Genetics & Genomics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a hybrid compatible SQL injection detection method and a hybrid compatible SQL injection detection system based on a genetic algorithm. The purpose of an external intruder is to perform malicious activities in the remote system. To avoid both types of attacks, powerful intrusion detection systems are required. The invention provides a hybrid intrusion detection system, which comprises internal and external attack identification, utilizes a signature matching algorithm to identify the internal attack, and applies a fuzzy genetic algorithm to external attack detection. The system is hybrid and compatible in both offline and online environments.
Description
Technical Field
The invention relates to the technical field of information security, in particular to attack detection aiming at Structured Query Language (SQL).
Background
With the use of different types of networks in Internet-based communications to provide services to users, there is an increasing threat of cyber attacks, which may expose the system to internal or external intrusion. A single computer system is shared by multiple users, who use a multi-user system by creating their own accounts, which are protected by unique IDs and passwords. Sometimes, an authorized user attacks the system for some malicious purpose. Internal attacks include deleting some important files or data and altering some important data. It is difficult for any intrusion detection system to identify authorized internal intruders. To protect personal computers from these unauthorized attacks, a viable Intrusion Detection System (IDS) should be used. The traditional intrusion detection system can only identify known intrusion based on the learned rule strategy, and can not detect unknown new intrusion in time.
An Intrusion Detection System (IDS) is a system-to-management station that monitors network or overall system activity for malicious and harmful activity or policy violations and generates reports. There are various types and methods of intrusion detection systems that detect suspicious traffic in different ways. There are network-based (NIDS) and host-based (HIDS) intrusion detection systems. NIDS are network security systems that focus on attacks from within the network. Some systems may attempt to stop intrusion attempts, but this is not necessary to monitor the system. To overcome these disadvantages of firewalls, a unique information mining program is utilized to handle interrupts that occur from within the association. Information mining systems have been effectively used to interrupt discovery as part of a unique application area for bioinformatics, stock exchange, network inspection, and the like. Many researchers have studied pattern matching algorithms for detecting SQL injection attacks. Most researchers have focused on genetic algorithms that use KDD CUP 99 data sets to create rules, and several Genetic Algorithms (GAs) and Genetic Programming (GP) have also been used to detect different kinds of intrusion detection in different scenarios, or to derive classification rules using genetic algorithms. There have also been studies on solutions for detecting and preventing SQL injection attacks using Aho corpasick pattern matching algorithms, using decision tree algorithms to achieve detection of internal attacks.
Disclosure of Invention
Because the existing SQL injection attack comprises an internal attack form and an external attack form, and the existing research mainly focuses on detection aiming at a certain attack type, the invention provides a hybrid compatible SQL injection detection method and a hybrid compatible SQL injection detection system based on a genetic algorithm.
The hybrid compatible SQL injection detection method comprises two intrusion detection algorithms, and internal and external attacks are detected in an integrated mode. In the proposed system, when multiple computers are connected to each other, each system has its internal intrusion detection mechanism, and first performs external intrusion detection using a fuzzy genetic algorithm, and then performs internal intrusion detection using a signature matching algorithm.
The system comprises an Agent and at least two terminals; the Agent is used as a uniform Agent of the at least two terminals and is responsible for receiving a data packet sent to any one of the multiple terminals and carrying out external attack detection based on a fuzzy genetic algorithm; when the detection result is not abnormal, the Agent sends the data packet to a specified terminal; the at least two terminals are provided with respective internal intrusion detection mechanisms; and after any terminal receives the data packet sent by the Agent, triggering query on the database, and performing internal intrusion detection by using a signature matching algorithm.
Furthermore, each terminal stores a standard signature of malicious query, and when a user triggers the query, the standard signature is compared with the stored standard signature for similarity calculation; if the similarity exceeds a preset value, the query is identified as an abnormal query.
Further, the signature matching algorithm divides SQL injection detection into two types, static detection and dynamic detection;
for static SQL injection detection, matching the whole SQL query with a stored standard signature, and classifying the query as normal or abnormal according to whether the matching is successful;
for dynamic SQL injection detection, the similarity between the SQL query and the stored standard signature is calculated, and if the similarity exceeds a preset value, the query is classified as abnormal.
Further, the Agent stores an IP address blacklist; before external attack detection is carried out based on the fuzzy genetic algorithm, the method further comprises the following steps:
the Agent judges whether the source IP address of the received data packet is in the IP address blacklist or not; when the source IP address is in the IP address blacklist, ending the detection, and forbidding the access from the source IP address data packet;
after the external attack detection is performed based on the fuzzy genetic algorithm, the method further comprises the following steps: extracting a data packet source IP address for the data packet with the abnormal identification result; adding the source IP address into the IP address blacklist; the user can delete the source IP address in the IP address blacklist in a manual configuration mode.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flow chart of a current common SQL injection attack;
fig. 2 is a SQL injection detection system according to an embodiment of the invention.
Advantageous effects
Aiming at different types of SQL injection attack types, the invention provides a hybrid compatible detection method which can be applied to a multi-terminal system, the external attack which possibly occurs is intercepted by an agent in an agent-terminal mode, an internal intrusion detection mechanism is arranged in each terminal, the effectiveness of the SQL injection attack interception can be further improved, the external attack type and the internal attack type can be compatible, and the detection precision and the compatibility degree of the attack type are superior to those of the existing system.
In addition, the obvious malicious websites are screened by using a blacklist mechanism, the blacklist list is dynamically updated, and after the blacklist mechanism is screened, the SQL injection detection algorithm is further used for detection, so that not only are unnecessary malicious detection steps reduced, but also the accuracy of SQL injection detection is further improved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
An internal attacker to a system refers to an authorized user of the system, but performs malicious activities for some selfish purpose. An attacker can steal the ID and password of an authorized user and enter the system for malicious purposes. Internal attacks include deleting some important files or data and altering some private files. SQL Injection (SQL Injection) vulnerability attacks are one of the most popular hacking methods on the web today. In SQL injection, an attacker uses an authorized ID and password to enter the system and trigger a malicious query on the database. Databases contain very important data about a particular organization. By triggering these malicious queries, the data in the database is altered or deleted. A remote attack is an external attack in which an external attacker sends unwanted data packets to legitimate computers in the network. The intended service of the legitimate user is denied due to traffic created by the attacker. The attacker sends the illegal data packet to the legal user by forging the source IP address of the data packet.
The system proposed by the present invention comprises internal and external intrusion detection mechanisms. As shown in fig. 2, a system comprising one Agent and a plurality of computer devices detects internal and external attacks in an integrated manner. When multiple computers are connected to each other, each computer has its internal intrusion detection mechanism. For external intrusion detection, a fuzzy genetic algorithm is used, and a signature matching algorithm is used in an internal intrusion detection system. When a user triggers a query on the database, it will be checked using an algorithm. In algorithmic processing, the trigger query is compared to the stored signatures of malicious queries. If the similarity index exceeds a defined threshold, it is classified as an anomalous query and the administrator is notified to take further action.
The SQL injection detection method based on the system comprises the following steps:
receiving a data packet sent to any terminal in a multi-terminal system by a uniform Agent in the multi-terminal system; carrying out external attack detection by the Agent based on a fuzzy genetic algorithm;
when the detection result is not abnormal, the Agent sends the data packet to the appointed terminal;
any terminal in the multi-terminal system is provided with an internal intrusion detection mechanism thereof; and after the terminal receives the data packet sent by the Agent, triggering query on the database, and performing internal intrusion detection by using a signature matching algorithm.
Further, the internal intrusion detection based on the use of the signature matching algorithm further comprises: each terminal stores a standard signature of malicious query, and when a user triggers the query, the standard signature is compared with the stored standard signature to calculate the similarity; if the similarity exceeds a preset value, the query is identified as an abnormal query. The internal intrusion detection is divided into two types, static detection and dynamic detection;
for static SQL injection detection, matching the whole SQL query with a stored standard signature, and classifying the query as normal or abnormal according to whether the matching is successful; for dynamic SQL injection detection, the similarity between the SQL query and the stored standard signature is calculated, and if the similarity exceeds a preset value, the query is classified as abnormal.
Pseudo code for an example of signature matching algorithm for internal intrusion detection is as follows:
further, the external attack detection process based on the fuzzy genetic algorithm comprises the following steps: the selection of the external attack type matching rules is completed by utilizing the number of the population and the iteration times; randomly selecting from the initial population, and selecting the optimal probability attribute to generate a matching rule through cross variation; and classifying the data packet into a normal type or an abnormal type through comparative analysis with the generated matching rule.
Examples of pseudo code for external attack detection based on fuzzy genetic algorithm are as follows:
input is a fuzzy function fuzzy with the data and the rules in the rule pool and the return value of double value between 0 and 1.0
Output recorded attack type
To detect an internal intrusion, a query is classified as normal or abnormal when triggered. For external intrusion detection, when a data packet is received, it is divided into a normal data packet and an abnormal data packet.
Further, the Agent stores an IP address blacklist; before external attack detection is carried out based on the fuzzy genetic algorithm, the method further comprises the following steps: the Agent judges whether the source IP address of the received data packet is in the IP address blacklist or not; when the source IP address is in the IP address blacklist, ending the detection, and forbidding the access from the source IP address data packet;
after the external attack detection is performed based on the fuzzy genetic algorithm, the method further comprises the following steps:
extracting a data packet source IP address for the data packet with the abnormal identification result; adding the source IP address into the IP address blacklist; the user can delete the source IP address in the IP address blacklist in a manual configuration mode.
Finally, it should be noted that: it should be understood that the above examples are only for clearly illustrating the present application and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications of this type are intended to be covered by the present invention.
Claims (10)
1. A mixed compatible SQL injection detection method based on genetic algorithm is applied to a multi-terminal system and is characterized in that:
receiving a data packet sent to any terminal in a multi-terminal system by an Agent in the multi-terminal system;
carrying out external attack detection by the Agent based on a fuzzy genetic algorithm;
when the detection result is not abnormal, the Agent sends the data packet to the appointed terminal;
any terminal in the multi-terminal system is provided with an internal intrusion detection mechanism thereof;
and after the terminal receives the data packet sent by the Agent, triggering query on the database, and performing internal intrusion detection by using a signature matching algorithm.
2. The SQL injection detection method of claim 1, wherein the internal intrusion detection based on using a signature matching algorithm further comprises: each terminal stores a standard signature of malicious query, and when a user triggers the query, the standard signature is compared with the stored standard signature to calculate the similarity; if the similarity exceeds a preset value, the query is identified as an abnormal query.
3. The SQL injection detection method of claim 2, wherein the internal intrusion detection based on using a signature matching algorithm further comprises:
SQL injection detection is divided into two types, static detection and dynamic detection;
for static SQL injection detection, matching the whole SQL query with a stored standard signature, and classifying the query as normal or abnormal according to whether the matching is successful;
for dynamic SQL injection detection, the similarity between the SQL query and the stored standard signature is calculated, and if the similarity exceeds a preset value, the query is classified as abnormal.
4. The SQL injection detection method of claim 1, wherein the external attack detection based on the fuzzy genetic algorithm further comprises: the selection of the external attack type matching rules is completed by utilizing the number of the population and the iteration times; randomly selecting from the initial population, and selecting the optimal probability attribute to generate a matching rule through cross variation; and classifying the data packet into a normal type or an abnormal type through comparative analysis with the generated matching rule.
5. The SQL injection detection method of claim 1, wherein an Agent stores an IP address blacklist;
before external attack detection is carried out based on the fuzzy genetic algorithm, the method further comprises the following steps: the Agent judges whether the source IP address of the received data packet is in the IP address blacklist or not;
when the source IP address is in the IP address blacklist, ending the detection, and forbidding the access from the source IP address data packet;
after the external attack detection is performed based on the fuzzy genetic algorithm, the method further comprises the following steps:
extracting a data packet source IP address for the data packet with the abnormal identification result; adding the source IP address into the IP address blacklist; the user can delete the source IP address in the IP address blacklist in a manual configuration mode.
6. A hybrid compatible SQL injection detection system based on genetic algorithm is characterized in that: the system comprises an Agent and at least two terminals; the Agent is used as a uniform Agent of the at least two terminals and is responsible for receiving a data packet sent to any one of the multiple terminals and carrying out external attack detection based on a fuzzy genetic algorithm; when the detection result is not abnormal, the Agent sends the data packet to a specified terminal;
the at least two terminals are provided with respective internal intrusion detection mechanisms; and after any terminal receives the data packet sent by the Agent, triggering query on the database, and performing internal intrusion detection by using a signature matching algorithm.
7. The detection system of claim 6, wherein the internal intrusion detection based on using a signature matching algorithm further comprises: each terminal stores a standard signature of malicious query, and when a user triggers the query, the standard signature is compared with the stored standard signature to calculate the similarity; if the similarity exceeds a preset value, the query is identified as an abnormal query.
8. The detection system of claim 7, wherein the internal intrusion detection based on using a signature matching algorithm further comprises:
SQL injection detection is divided into two types, static detection and dynamic detection;
for static SQL injection detection, matching the whole SQL query with a stored standard signature, and classifying the query as normal or abnormal according to whether the matching is successful;
for dynamic SQL injection detection, the similarity between the SQL query and the stored standard signature is calculated, and if the similarity exceeds a preset value, the query is classified as abnormal.
9. The detection system according to claim 6, wherein the fuzzy genetic algorithm based external attack detection further comprises:
the selection of the external attack type matching rules is completed by utilizing the number of the population and the iteration times;
randomly selecting from the initial population, and selecting the optimal probability attribute to generate a matching rule through cross variation;
and classifying the data packet into a normal type or an abnormal type through comparative analysis with the generated matching rule.
10. The detection system according to claim 6, wherein the Agent stores an IP address blacklist;
before external attack detection is carried out based on the fuzzy genetic algorithm, the method further comprises the following steps:
the Agent judges whether the source IP address of the received data packet is in the IP address blacklist or not;
when the source IP address is in the IP address blacklist, ending the detection, and forbidding the access from the source IP address data packet;
after the external attack detection is performed based on the fuzzy genetic algorithm, the method further comprises the following steps:
extracting a data packet source IP address for the data packet with the abnormal identification result;
adding the source IP address into the IP address blacklist;
the user can delete the source IP address in the IP address blacklist in a manual configuration mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010662424.XA CN111835757B (en) | 2020-07-10 | 2020-07-10 | Hybrid compatible SQL injection detection method and system based on genetic algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010662424.XA CN111835757B (en) | 2020-07-10 | 2020-07-10 | Hybrid compatible SQL injection detection method and system based on genetic algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111835757A true CN111835757A (en) | 2020-10-27 |
| CN111835757B CN111835757B (en) | 2021-04-09 |
Family
ID=72900603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010662424.XA Active CN111835757B (en) | 2020-07-10 | 2020-07-10 | Hybrid compatible SQL injection detection method and system based on genetic algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111835757B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594266A (en) * | 2009-07-01 | 2009-12-02 | 杭州华三通信技术有限公司 | A kind of SQL detection method for injection attack and device |
| CN102332072A (en) * | 2010-11-01 | 2012-01-25 | 卡巴斯基实验室封闭式股份公司 | The system and method that is used for detection of malicious software and management Malware relevant information |
| US20190104152A1 (en) * | 2017-09-29 | 2019-04-04 | Paypal, Inc. | Blind injection attack mitigation |
| CN110061986A (en) * | 2019-04-19 | 2019-07-26 | 长沙理工大学 | A kind of network intrusions method for detecting abnormality combined based on genetic algorithm and ANFIS |
| CN111078660A (en) * | 2018-10-19 | 2020-04-28 | 厦门靠谱云股份有限公司 | Cloud database performance safety monitoring method |
| CN111371783A (en) * | 2020-03-02 | 2020-07-03 | 中国建设银行股份有限公司 | SQL injection attack detection method, device, equipment and storage medium |
-
2020
- 2020-07-10 CN CN202010662424.XA patent/CN111835757B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594266A (en) * | 2009-07-01 | 2009-12-02 | 杭州华三通信技术有限公司 | A kind of SQL detection method for injection attack and device |
| CN102332072A (en) * | 2010-11-01 | 2012-01-25 | 卡巴斯基实验室封闭式股份公司 | The system and method that is used for detection of malicious software and management Malware relevant information |
| US20190104152A1 (en) * | 2017-09-29 | 2019-04-04 | Paypal, Inc. | Blind injection attack mitigation |
| CN111078660A (en) * | 2018-10-19 | 2020-04-28 | 厦门靠谱云股份有限公司 | Cloud database performance safety monitoring method |
| CN110061986A (en) * | 2019-04-19 | 2019-07-26 | 长沙理工大学 | A kind of network intrusions method for detecting abnormality combined based on genetic algorithm and ANFIS |
| CN111371783A (en) * | 2020-03-02 | 2020-07-03 | 中国建设银行股份有限公司 | SQL injection attack detection method, device, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| ROBERT BRONTE: ""A Signature-Based Intrusion Detection System for Web Applications based on Genetic Algorithm"", 《PROCEEDINGS OF THE 9TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS》 * |
| 张冰琦: ""SQL注入检测算法和代码静态检测***的实现"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111835757B (en) | 2021-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9455981B2 (en) | Method and system for protection against information stealing software | |
| KR100351306B1 (en) | Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof | |
| US8959634B2 (en) | Method and system for protection against information stealing software | |
| US6405318B1 (en) | Intrusion detection system | |
| Desai et al. | Real time hybrid intrusion detection system using signature matching algorithm and fuzzy-GA | |
| US20080256624A1 (en) | Systems and method for distributed network protection | |
| US20090241196A1 (en) | Method and system for protection against information stealing software | |
| Nadeem et al. | Intercept the cloud network from brute force and DDoS attacks via intrusion detection and prevention system | |
| Biju et al. | Cyber attacks and its different types | |
| JP3967550B2 (en) | Method and system for protecting communication devices from intrusion | |
| Kizza | System intrusion detection and prevention | |
| Dhir et al. | Study of machine and deep learning classifications in cyber physical system | |
| Hashem et al. | A proposed technique for simultaneously detecting DDoS and SQL injection attacks | |
| Kamarudin et al. | Packet header intrusion detection with binary logistic regression approach in detecting R2L and U2R attacks | |
| CN111835757B (en) | Hybrid compatible SQL injection detection method and system based on genetic algorithm | |
| Veena et al. | An advanced intrusion detection solution for networks based on Honeypot servers | |
| Lal et al. | Data Exfiltration: Preventive and detective countermeasures | |
| Saeed et al. | Machine Learning Based Intrusion Detection System in Cloud Environment | |
| Jain et al. | A literature review on machine learning for cyber security issues | |
| KR102671718B1 (en) | Weblog new threat detection security system that predicts new intrusions through machine learning | |
| Priyalakshmi et al. | Intrusion Detection Using Enhanced Transductive Support Vector Machine | |
| Nayak | Research on application of intrusion detection system in data mining | |
| Aloffi | Real time network security intrusions and risk management: a survey | |
| Alotibi et al. | The feasibility of using behavioural profiling technique for mitigating insider threats | |
| Kayikci | Multiple discriminant data analysis for distributed denial of service attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant after: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant before: Xiamen Biebeyun Co.,Ltd. Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210407 Address after: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant before: Xiamen Biebeyun Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| CP03 | Change of name, title or address |
Address after: 361000 3F-A317, Zone C, Innovation Building, Software Park, Torch High tech Zone, Xiamen City, Fujian Province Patentee after: Fujian Reliable Cloud Computing Technology Co.,Ltd. Country or region after: China Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Patentee before: Xiamen Biebeyun Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address |