Research On Key Technology Of SQL Injection Attacks Detection And Defense

As code injection attacks that usually target the website database,SQL injection attacks are one of the most serious threats to current Web security.They usually take website database as the goal,utilizing the defects of filtering special strings incompletely by Web applications and carefully constructing strings to achieve the purpose of accessing website database contents illegally or executing commands in database.Just like normal requests,SQL injection attacks utilize HTTP protocol to access the website.Ordinary firewalls can?t intercept them because of there is no difference between attack requests and legitimate requests.When attacks occur,there is no obvious change in network traffic and user behaviors,resulting in attacks are not easy to detect and have strong concealment.Therefore,how to defect and defend against SQL injection attacks effectively is the focus and difficulty of current Web security research.This dissertation conducts in-depth research on key technologies for SQL injection attacks detection and defense.The main work and innovations are as follows:1.The current research on SQL injection attack detection and defense often relies on a single or simple combination of several methods to protect against SQL injection attacks,which can easily lead to a single point of failure and lead to defense failure.In order to solve this problem,task-driven,combined with SQL injection attack detection technologies,code layer defense and platform layer defense technologies,the overall framework of detection and defense for SQL injection attack is designed from different perspectives to deal with the SQL injection problem in the flexible web environment,which makes up for the shortcomings of incomplete defense caused by the lack of an effective overall framework when the existing detection and defense technologies face SQL injection attacks in complex environments.Firstly,the design idea of the framework is described.Then the framework structure is designed,and its composition and function are described.Based on the designed framework,the application process is given.Finally,the feasibility of the framework,the technology involved in the framework and the characteristics of the framework are analyzed.2.When the number of statements in the SQL statement dataset containing general word is equal or close to the number of statements containing sensitive character,the characterization of eigenvectors obtained from vectorized SQL statements based on TFIDF(Term Frequency Inverse Document Frequency)algorithm is weak,which results in poor performance of SQL injection attacks detection.This dissertation proposes a SQL injection attack detection method based on improved TFIDF(Improved TFIDF,ITFIDF)algorithm.First of all,TFIDF algorithm is improved: parameter which represents the number of statements related to the words is introduced to the inverse document frequency calculation formula,which is to solve the problem of weak representation of eigenvector caused by the equal or close number of statements containing general words and sensitive characters in the dataset.Secondly,SQL statement text vectorization algorithm is designed based on ITFIDF algorithm.Then,because SMO(Sequential Minimal Optimization)algorithm can decompose and solve complex quadratic programming problems efficiently,the model is trained by combining SMO with SVM to solve the problem that SVM has a low speed in calculating the optimal hyperplane function.3.Combined keywords filtration with sequence alignment filtration technology,this paper proposed a SQL injection attacks filtration method(SQL Injection Attacks Filtration,SQLIAF)based on LD(Levenshtein Distance)algorithm.Firstly,in order to reduce the traffic size,the blacklist technology is used to filter illegal users from the perspective of IP.Secondly,keywords detection is performed on the user input.LD sequence alignment algorithm is used to filter illegal input when keywords don?t exist.Otherwise,in order to solve the false positive of normal requests in traditional keywords filtration,the user request mode is distinguished and the method which ID is added to blacklist directly or the method of LD algorithm is used.The experimental results show that,compared with the traditional keyword filtration and rule matching,the proposed method can filter SQL injection attacks effectively with lower false positive rate and false negative rate and faster filtration speed.4.Combined with the key technologies of the research,the application module of SQL injection attack detection and defense is designed based on ASP.NET.MVC framework by integrating SQL injection vulnerability recurrence,step-by-step implementation of SQL injection attack detection based on ITFIDF algorithm,step-by-step implementation of SQL injection attack filtering based on LD algorithm and application function of SQL injection attack detection and defense.Firstly,the design requirements,design goals and principles of the application module are analyzed.Then the overall structure of the module and each sub-function are designed,and the specific implementation of each module is described.Finally,a specific application example is given.