Research And Implementation Of Threat Assessment System Based On HMM For SQL Injection Attack

With the continuous development of Internet business,network security issues have gradually attracted public attention at the same time.And with the development of the Internet,the network has been attacked more frequently,the attack mode is also varied.SQL injection vulnerability is the most serious security problem faced by Internet application system,if attack successful,the system will be mostly paralyzed,so the research on SQL injection vulnerabilities detection has important practical significance.Although there are a large number of SQL injection vulnerability detection tools,but there is common high false positives and other issues,and when the log record of the attack grows as a geometric progression,this question leads to network administrators difficult to grasp the status of network security and can not give a timely response.If the current network security situation can be tracked and evaluated real-timely,the solution to the problem will be found as soon as possible based on the assessment results by the network administrators.In response to these needs,a SQL injection vulnerability detection tool was designed in this paper,and the tool was combined with an improved network security situation assessment system to achieve real-time detection and defense timely.The main work of this paper are as follows:Firstly,we analysis the current situation of SQL injection detection,combined with the actual needs of the project,a tool for detecting SQL injection attacks is designed.The tool integrates optimized crawler technology,AES encryption algorithm and vulnerability verification mechanism and other technologies are integrated to improve the detection accuracy and speed of the scanner.Then analysis of the research status of network security situation evaluation.The traditional hidden Markov model is improved,a primary generation algorithm of state transition matrix was defined,observation vectors which extracted from the fusion of system detection data were using to create the network state transition matrix,and a solving process of the implicit state probability distribution sequence was deduced.Finally,according to the definition of the national standard,the current network risk value was calculated by the method of risk loss vector calculation,then the overall security situation was assessed.Finally,the system is validated with real data and the experimental results show that the model is suitable for practical use and the assessment result is accurate and effective.