Research On SQL Injection Detection Method Based On Attack Behavior Characteristics

The latest Web security threat assessment report issued by OWASP in 2017 shows that SQL injection attack still ranks the top of all kinds of attacks.Although there are many detecting methods having been put forward both domestically and internationally,SQL injection attack has still happened frequently.The main reason lies in most detecting methods is that they only take SQL injection attack detection under individual circumstances into consideration.Due to the diversity of SQL injection attack,many of them cannot be detected by these detecting methods.Besides,vulnerability is unavoidable when programmers write web applications,and it is not available to prevent SQL injection attack from single perspective of security code.How to defend SQL injection attacks in the presence of SQL injection vulnerabilities on the website has become a hot topic in research on SQL injection attack detection recently.Firstly,the author illustrates the background and significance of the research,and the present research status at home and aboard in this paper.Through the analysis of current SQL injection attack methods,processes and the flow characteristics of automated tools,a method to detect SQL injection attack based on Simhash algorithm is put forward to solve the problems in real-time performance and detection accuracy of extracting characteristics of attack behaviors.The detection method uses strict White List Strategy which takes “Users' action is either or white” as its core concept.To some extent,it avoids that hacker's attacks get rid of the defense system,and helps to make a complete whitelist by crawler.Using improved Simhash algorithm to measure payload can achieve a more efficient real-time data packet analysis;Secondly,based on the analysis of hacking characteristics of the Webshell written in the late stage of SQL injection,a real-time detecting method of Webshell is proposed.Compared with other traditional Webshell detecting methods,this method has the ability of active detection to find potential risks in the server and detect variant Webshells.Finally,the author verified the effectiveness of the two proposed detecting methods,and use Python and Java language to put these methods into practice.The experimental results show that these two detecting methods have a good performance on detecting and preventing hackers' SQL injection attacks on websites,and Webshells written into the web servers in the later stage of SQL injection attack to maintain permissions.