计算机科学 ›› 2019, Vol. 46 ›› Issue (7): 108-113.doi: 10.11896/j.issn.1002-137X.2019.07.017
万卓昊,徐冬冬,梁生,黄保华
WAN Zhuo-hao,XU Dong-dong,LIANG Sheng,HUANG Bao-hua
摘要: SQL注入攻击是Web面临的主要安全威胁,文中针对SQL注入难以检测的问题,提出基于N-Gram的SQL注入检测方法。该方法基于N-Gram将SQL语句转换成固定维数的特征向量,并采用改变不同特征子序列权重的方法改进距离,将改进距离和卡方距离通过BP神经网络计算得到的模糊距离作为向量间的距离标准。首先计算安全SQL语句的平均特征向量,然后计算各SQL语句与平均特征向量的距离以确定距离的阈值,接着将据待测SQL语句与平均特征向量的距离与阈值进行对比,以判断待测SQL语句的安全性。实验结果表明,与直接使用单词构成的特征向量相比,所提方法能有效提高检测率、降低误报率。
中图分类号:
[1]LI H L,ZOU J X.Research of SQL Injection Detection Based on SVM and Text Feature Extraction[J].Netinfo Security,2017,17(12):40-46.(in Chinese) 李红灵,邹建鑫.基于SVM和文本特征向量提取的SQL注入检测研究[J].信息网络安全,2017,17(12):40-46. [2]KAMTUO K,SOOMLEK C.Machine Learning for SQL injection prevention on server-side scripting[C]∥Computer Science and Engineering Conference.IEEE,2017:1-6. [3]WU S H,CHENG S B,HU Y.Web Attack Detection Method Based on Support Vector Machines[J].Computer Science,2015,42(S1):362-364.(in Chinese) 吴少华,程书宝,胡勇.基于SVM的Web攻击检测技术[J].计算机科学,2015,42(S1):362-364. [4]SHEYKHKANLOO N M.A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks[C]∥International Conference on Information Systems Security(ICISS 2014).2015:16-41. [5]CHOI J H,CHOI C,KO B K,et al.Detection of cross site scripting attack in wireless networks using n-Gram and SVM[J].Mobile Information Systems,2012,8(3):275-286. [6]CHEN Z,GUO M.Research on SQL injection detection techno- logy based on SVM[C]∥MATEC Web of Conferences.EDP Scie-nces,2018:01004. [7]KAR D,SAHOO A K,AGARWAL K,et al.Learning to detect SQLIA using node centrality with feature selection[C]∥International Conference on Computing,Analytics and Security Trends.IEEE,2017:18-23. [8]KAR D,PANIGRAHI S,SUNDARARAJAN S.SQLiGoT:Detecting SQL injection attacks using graph of tokens and SVM[J].Computers & Security,2016,60:206-225. [9]PRIYAA B D,DEVI M I.Hybrid SQL injection detection system[C]∥International Conference on Advanced Computing and Communication Systems.IEEE,2016:1-5. [10]KIM M Y,DONG H L.Data-mining based SQL injection attack detection using internal query trees[J].Expert Systems with Applications,2014,41(11):5416-5430. [11]CHOI J,KIM H,CHANG C,et al.Efficient Malicious Code Detection Using N-Gram Analysis and SVM[C]∥International Conference on Network-Based Information Systems.IEEE Computer Society,2011:618-621. [12]YANG Y,JIANG G P.Improved Method of Computer Virus Signature Automatic Extraction Based on N-Gram[J].Compu-ter Science,2017,44(S2):338-341.(in Chinese) 杨燕,蒋国平.基于N-Gram的计算机病毒特征码自动提取的改进方法[J].计算机科学,2017,44(S2):338-341. [13]SHI C C,ZHANG T,YU Y,et al.New Approach for SQL-injection Detection[J].Computer Science,2012,39(S1):60-64.(in Chinese) 石聪聪,张涛,余勇,等.一种新的SQL注入防护方法的研究与实现[J].计算机科学,2012,39(S1):60-64. [14]APPIAH B,OPOKU-MENSAH E,QIN Z.SQL injection attack detection using fingerprints and pattern matching technique[C]∥2017 8th IEEE International Conference on Software Enginee-ring and Service Science (ICSESS).IEEE,2017:583-587. [15]TIAN Y J,ZHAO Z M,WANG L J,et al.Research on Double Layer Defense Model for SQL Injection Attack Based on Classification[J].Netinfo Security,2015(6):1-6.(in Chinese) 田玉杰,赵泽茂,王丽君,等.基于分类的SQL注入攻击双层防御模型研究[J].信息网络安全,2015(6):1-6. [16]DOGBE E,MILLHAM R,SINGH P.A combined approach to prevent SQL Injection Attacks[C]∥Science and Information Conference.IEEE,2013:406-410. [17]RAIKAR D D,KULKARNI S,DANDANNAVAR P.Preven- ting SQL Injection Attacks Using Combinatorial Approach[J].International Journal of Advanced Research in Computer Engineering & Technology,2012,1(8):46-52. [18]ZHOU J L,WANG X F,YU S S,et al.A New Policy to Defend against SQL Injection Attacks[J].Computer Science,2006,33(11):64-68.(in Chinese) 周敬利,王晓锋,余胜生,等.一种新的反SQL注入策略的研究与实现[J].计算机科学,2006,33(11):64-68. [19]闻新.应用MATLAB实现神经网络[M].北京:国防工业出版社,2015. |
[1] | 周芳泉, 成卫青. 基于全局增强图神经网络的序列推荐 Sequence Recommendation Based on Global Enhanced Graph Neural Network 计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085 |
[2] | 周乐员, 张剑华, 袁甜甜, 陈胜勇. 多层注意力机制融合的序列到序列中国连续手语识别和翻译 Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion 计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026 |
[3] | 宁晗阳, 马苗, 杨波, 刘士昌. 密码学智能化研究进展与分析 Research Progress and Analysis on Intelligent Cryptology 计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053 |
[4] | 王润安, 邹兆年. 基于物理操作级模型的查询执行时间预测方法 Query Performance Prediction Based on Physical Operation-level Models 计算机科学, 2022, 49(8): 49-55. https://doi.org/10.11896/jsjkx.210700074 |
[5] | 陈泳全, 姜瑛. 基于卷积神经网络的APP用户行为分析方法 Analysis Method of APP User Behavior Based on Convolutional Neural Network 计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121 |
[6] | 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥. 基于注意力机制的医学影像深度哈希检索算法 Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism 计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153 |
[7] | 檀莹莹, 王俊丽, 张超波. 基于图卷积神经网络的文本分类方法研究综述 Review of Text Classification Methods Based on Graph Convolutional Network 计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064 |
[8] | 闫佳丹, 贾彩燕. 基于双图神经网络信息融合的文本分类方法 Text Classification Method Based on Information Fusion of Dual-graph Neural Network 计算机科学, 2022, 49(8): 230-236. https://doi.org/10.11896/jsjkx.210600042 |
[9] | 李宗民, 张玉鹏, 刘玉杰, 李华. 基于可变形图卷积的点云表征学习 Deformable Graph Convolutional Networks Based Point Cloud Representation Learning 计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023 |
[10] | 郝志荣, 陈龙, 黄嘉成. 面向文本分类的类别区分式通用对抗攻击方法 Class Discriminative Universal Adversarial Attack for Text Classification 计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077 |
[11] | 齐秀秀, 王佳昊, 李文雄, 周帆. 基于概率元学习的矩阵补全预测融合算法 Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning 计算机科学, 2022, 49(7): 18-24. https://doi.org/10.11896/jsjkx.210600126 |
[12] | 杨炳新, 郭艳蓉, 郝世杰, 洪日昌. 基于数据增广和模型集成策略的图神经网络在抑郁症识别上的应用 Application of Graph Neural Network Based on Data Augmentation and Model Ensemble in Depression Recognition 计算机科学, 2022, 49(7): 57-63. https://doi.org/10.11896/jsjkx.210800070 |
[13] | 张颖涛, 张杰, 张睿, 张文强. 全局信息引导的真实图像风格迁移 Photorealistic Style Transfer Guided by Global Information 计算机科学, 2022, 49(7): 100-105. https://doi.org/10.11896/jsjkx.210600036 |
[14] | 戴朝霞, 李锦欣, 张向东, 徐旭, 梅林, 张亮. 基于DNGAN的磁共振图像超分辨率重建算法 Super-resolution Reconstruction of MRI Based on DNGAN 计算机科学, 2022, 49(7): 113-119. https://doi.org/10.11896/jsjkx.210600105 |
[15] | 刘月红, 牛少华, 神显豪. 基于卷积神经网络的虚拟现实视频帧内预测编码 Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network 计算机科学, 2022, 49(7): 127-131. https://doi.org/10.11896/jsjkx.211100179 |
|