Full-Text Search:
Home|Journal Papers|About CNKI|User Service|FAQ|Contact Us|中文
《Computer Science》 2006-11
Add to Favorite Get Latest Update

A New Policy to Defend against SQL Injection Attacks

ZHOU Jing-Li WANG Xiao-Feng YU Sheng-Sheng XIA Hong-Tao(College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074)  
SQL injection, which is a popular and easy to carry out method of remote attacks, poses a major thread to application level security. In this paper, we introduce Pre-analysis of SQL syntax, a fire-new policy to detect and prevent SQL injection attacks. First, all SQL injection attacks are categorized into some classes and for each class a specified syntagma is abstracted and recorded. Then, the user input is picked up and embedded into prepared SQL sentences. Finally, these embedded SQL sentences are syntactically checked. Any find of underlying syntagma recorded as SQL injection tells a SQL injection attack. The implementation of new policy needs neither modification to Web program codes nor any patch to software of server platform. Experiments prove that new policy provides close to perfect detection rate and avoids the conflict between low false positive rate and low false negative rate.
【Fund】: 国家自然科学基金(60373088);; 国防研究基金(4131605)资助
【CateGory Index】: TP311.13
Download(CAJ format) Download(PDF format)
CAJViewer7.0 supports all the CNKI file formats; AdobeReader only supports the PDF format.
【References】
Chinese Journal Full-text Database 3 Hits
1 Li Yuan Jiang Huawei(School of Information and Science,Henan University of Technology,Zhengzhou 450001);Research on Preventing SQL Injection Attacks Based on ISR[J];Computer & Digital Engineering;2009-01
2 Wang Xianggang(Department of Information Economics,Shenzhen Institute of Information Technology,Shenzhen 518029);An Automated Mechanism of Preventing SQL Injection Attack[J];Computer & Digital Engineering;2010-02
3 Zhao Haiyan Dai Jiazhu Shi Shan(School of Comupter Engineering and Science,Shanghai University,Shanghai 200072,China);DATABASE INTRUSION DETECTION MODEL BASED ON ENCODING OF USER'S BEHAVIOR[J];Computer Applications and Software;2010-02
【Co-references】
Chinese Journal Full-text Database 10 Hits
1 Gai Lin(Center for Studies of Information Resources of Wuhan University,Wuhan,Hubei,430072);Comparison between the Technologies of Preventing the Distortion about the Net pages[J];Library and Information;2007-01
2 LI Dong-feng,XIE-xin (East China JiaoTong University, Jiangxi Nanchang,330013,China);The Research and Realization of Database security Technology[J];Computer Security;2008-01
3 JIANG Ji-ya,LIU Tong,WANG Shu-wei(Beijing Science and Technology Information Institute,Beijing 100044,P.R.China);The research of SQL injection attack and prevention method in Web application[J];Computer Security;2008-05
4 ;网页防篡改技术[J];Computer Security;2008-09
5 ;Research on WEB Information Extraction Technology based on HTTP 1.1 Protocol[J];Computer Development & Applications;2007-04
6 CAI Liang, YANG Xiao Hu, and DONG Jin Xiang (Artificial Intelligence Institute, Zhejiang University, Hangzhou 310027);DATABASE SECURITY IN INFORMATION WARFARE- SPECIAL REQUIREMENTS AND ANTAGONISM IN CHINA[J];Journal of Computer Research and Development;2002-05
7 Liu Meilan(Zhengzhou Information Engineering Institute, Zhengzhou 450002)Yao Jingsong(Beijing North Computation Center, Beijing 100091);Audit Trail and Intrusion Detection[J];COMPUTER ENGINEERING AND APPLICATIONS;1999-07
8 Dong Anbo Chen Long Wang Guoyin Dong Zhenxing(Lab.of Computer Network Security,Chongqing University of Posts&Telecommunications,Chongqing400065);Design and Implementation of an Audit System for Electronic Com merce System[J];Computer Engineering and Applications;2004-07
9 WANG Yong1,2 HUANG Guo-xing1 PENG Dao-gang2 1(Information Institute,East China Normal University,Shanghai 200062) 2(Dept. of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 200090);Models of Computer Network Viruses Spreading[J];Computer Engineering and Applications;2006-30
10 CHEN Xiao-bing1,ZHANG Han-yu2,LUO Li-ming2,HUANG He1 1.College of Software,Beihang University,Beijing 100083,China 2.College of Information Engineering,Capital Normal University,Beijing 100081,China;Research on technique of SQL injection attacks and detection[J];Computer Engineering and Applications;2007-11
©2006 Tsinghua Tongfang Knowledge Network Technology Co., Ltd.(Beijing)(TTKN) All rights reserved