| 基于SQL语法树的SQL注入过滤方法研究 |
| |
| 引用本文: | 韩宸望,林晖,黄川. 基于SQL语法树的SQL注入过滤方法研究[J]. 网络与信息安全学报, 2016, 2(11): 70-77. DOI: 10.11959/j.issn.2096-109x.2016.00113 |
| |
| 作者姓名: | 韩宸望 林晖 黄川 |
| |
| 作者单位: | 1. 福建师范大学数学与计算机科学学院,福建 福州 350117;2. 福建师范大学福建省网络安全与密码技术重点实验室,福建 福州 350117 |
| |
| 基金项目: | 国家自然科学基金资助项目(61363068);国家自然科学基金资助项目(61472083);福建省引导基金资助项目(2016Y0031);福州市科技局基金资助项目(2015-G-54);福州市科技局基金资助项目(2015-G-84) |
| |
| 摘 要: | Web 应用的发展,使其涉及的领域也越来越广。随之而来的安全问题也越来越严重,尤其是 SQL注入攻击,给Web应用安全带来了巨大的挑战。针对SQL注入攻击,将基于SQL语法树比较的安全策略引入用户输入过滤的设计中,提出了一种新的SQL注入过滤方法。实验结果表明,该方法能够有效地防止SQL注入攻击,并有较高的拦截率和较低的误报率。
|
| 关 键 词: | SQL注入攻击 Web安全 SQL语法树 用户输入过滤 |
Research on the SQL injection filtering based on SQL syntax tree |
| |
| Chen-wang HAN,Hui LIN,Chuan HUANG. Research on the SQL injection filtering based on SQL syntax tree[J]. Chinese Journal of Network and Information Security, 2016, 2(11): 70-77. DOI: 10.11959/j.issn.2096-109x.2016.00113 |
| |
| Authors: | Chen-wang HAN Hui LIN Chuan HUANG |
| |
| Affiliation: | 1. School of Mathematics and Computer Science,Fujian Normal University,Fuzhou 350117,China;2. Fujian Provincial Key Laboratory of Network Security and Cryptology,Fujian Normal University,Fuzhou 350117,China |
| |
| Abstract: | The development of Web application make its areas become more and more widely.Followed by a security problem is becoming more and more serious,especially for the SQL injection attacks,which bring a huge challenge to the Web application security.A new SQL injection filtering method was proposed to detect SQL injection attack by introducing a security strategy based on SQL syntax tree to the design of the user input filtering.The experimental results show that the method can effectively prevent SQL injection attacks,and has higher recognition rate and lower rate of false positives. |
| |
| Keywords: | SQL injection attack Web security SQL syntax tree user input filtering |
|
| 点击此处可从《网络与信息安全学报》浏览原始摘要信息 |
|
点击此处可从《网络与信息安全学报》下载免费的PDF全文 |
