Research On The Attack Detection Of SQL Injection Based On Dynamic Analysis

With the rapid development of Internet technology, database has been widelyused in Web applications. However, the related security issues become more and moreserious. The SQL injection attack is one of the most serious security threats the Webapplications encountered with, so the research of SQL injection attacks detection stillhas important practical significance.After studied the general detection and defense approaches of SQL injection at-tack, this documentation analyzed the advantages and disadvantages of all approaches.The current common detection methods always has high rate of false negative andfalse positive reports, as well as poor runtime performance, so this doucument pro-poses a SQL injection attack detection approach based on dynamic taint analysis.Combined with the principle of dynamic taint analysis, this documentation designs akind of dynamic taint analysis model embedded in the application to track the spreadof tainted data during runtime, and uses SQL lexical and syntax analysis technologyto parse the SQL statement string into an abstract SQL syntax tree. Finally, the syntaxtree built by taint analysis is used to trigger the alarm mechanism of SQL injectionattacks.The fundamental cause of SQL injection attacks’ occurrence is that dynamic con-structed SQL statements are injected with malicious SQL statements or characters bythe attacker. Based on that, firstly in the shadow memory marking stage of taint anal-ysis, we encapsulate basic types of characters and strings, and mark each taint state ofvariable according to its correspondent identifier; Secondly, we analyzed the opera-tion types of programming languages, with taint propagation function types of opera-tion analyzed, and defines taint propagation rules according to the different operationtypes, which can be used to track and record the tainted data flow in real-time accu-rately; Finally, the model of this document extracts the abs syntax tree of the dynamicconstructed SQL statement according to the principles of parsing SQL statement, andthen determines whether there exists any attack by analyzing whether there is tainteddata inclued the SQL syntax tree.Finally, we test our model to verify its correctness and effectiveness. The experi-mental results proved that the SQL injection attack detection model based on dynamictaint analysis has a very low rate of false positives and false negatives.