云计算环境下SQL注入攻击的检测方法

2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC) Pub Date : 2016-10-01 DOI:10.1109/IMCEC.2016.7867260

Kuisheng Wang, Yan Hou

{"title":"云计算环境下SQL注入攻击的检测方法","authors":"Kuisheng Wang, Yan Hou","doi":"10.1109/IMCEC.2016.7867260","DOIUrl":null,"url":null,"abstract":"For the issues that the Web service is easy to suffer from SQL injection attacks in cloud computing environment. This paper proposes a kind of SQL detection method which combined with dynamic taint analysis and input filtering. And it is embedded in the cloud environment to achieve the protection of the Web applications in cloud deployment. First, the method obtains the SQL keywords through the analysis of lexical regulation for SQL statement. Then, it analyses the syntax regulation of SQL statement to create the rule tree. Finally, it traverses ternary tree on the basis of the model which established by SQL syntax regulation to detect the attacks. Experimental results show that the method is effective and feasible. Also, the accuracy is improved by adding the detection module.","PeriodicalId":218222,"journal":{"name":"2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Detection method of SQL injection attack in cloud computing environment\",\"authors\":\"Kuisheng Wang, Yan Hou\",\"doi\":\"10.1109/IMCEC.2016.7867260\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"For the issues that the Web service is easy to suffer from SQL injection attacks in cloud computing environment. This paper proposes a kind of SQL detection method which combined with dynamic taint analysis and input filtering. And it is embedded in the cloud environment to achieve the protection of the Web applications in cloud deployment. First, the method obtains the SQL keywords through the analysis of lexical regulation for SQL statement. Then, it analyses the syntax regulation of SQL statement to create the rule tree. Finally, it traverses ternary tree on the basis of the model which established by SQL syntax regulation to detect the attacks. Experimental results show that the method is effective and feasible. Also, the accuracy is improved by adding the detection module.\",\"PeriodicalId\":218222,\"journal\":{\"name\":\"2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMCEC.2016.7867260\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMCEC.2016.7867260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

针对云计算环境下Web服务容易遭受SQL注入攻击的问题。提出了一种将动态污染分析和输入过滤相结合的SQL检测方法。并将其嵌入到云环境中，实现对云部署中的Web应用程序的保护。该方法首先通过分析SQL语句的词法规则，得到SQL关键字。然后，分析SQL语句的语法规则，创建规则树。最后，在SQL语法规则建立的模型的基础上，遍历三叉树进行攻击检测。实验结果表明，该方法是有效可行的。通过增加检测模块，提高了检测精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detection method of SQL injection attack in cloud computing environment

For the issues that the Web service is easy to suffer from SQL injection attacks in cloud computing environment. This paper proposes a kind of SQL detection method which combined with dynamic taint analysis and input filtering. And it is embedded in the cloud environment to achieve the protection of the Web applications in cloud deployment. First, the method obtains the SQL keywords through the analysis of lexical regulation for SQL statement. Then, it analyses the syntax regulation of SQL statement to create the rule tree. Finally, it traverses ternary tree on the basis of the model which established by SQL syntax regulation to detect the attacks. Experimental results show that the method is effective and feasible. Also, the accuracy is improved by adding the detection module.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)

自引率

0.00%

发文量