基于异构冗余的拟态数据库模型设计与测试

数据库作为信息系统核心组件，存放着大量重要数据信息，易受到危害最大的SQL注入攻击.传统数据库防御手段需要攻击行为的特征等先验知识才能实施有效防御，具有静态、透明、缺乏多样性等缺陷.本文在此背景下，以拟态防御动态异构冗余原理为基础，使用保留字拟态化模块、指纹过滤模块、拟态化中间件模块实现SQL注入指令的指纹化、去指纹化、相似性判决，提出具有内生安全性的拟态数据库模型，并使用渗透测试演练系统DVWA中的SQL注入模块对该模型进行安全性测试，验证了拟态数据库模型的可用性和安全性.

Design and Test of Mimetic Database Model Based on Heterogeneous Redundancy

As the core component of the information system, the database stores a large amount of important data information and is vulnerable to the most harmful SQL injection attacks. Traditional database defense methods require prior knowledge such as the characteristics of attack behavior to implement effective defense, and have the defects of static, transparent, and lack of diversity. In this context, based on the dynamic heterogeneous redundancy principle of mimicry defense, the reserved word mimicry module, fingerprint filtering module and mimetic middleware module are used to realize fingerprinting, de-fingerprinting and similarity judgment of SQL injection instructions. A mimetic database model with endogenous security is proposed, and the model is tested using the SQL injection module in the penetration test rehearsal system DVWA to verify the availability and security.