| 新型SQL注入攻击的研究与防范 |
| |
| 引用本文: | 赵阳,郭玉翠. 新型SQL注入攻击的研究与防范[J]. 计算机系统应用, 2016, 25(6): 225-230 |
| |
| 作者姓名: | 赵阳 郭玉翠 |
| |
| 作者单位: | 北京邮电大学 理学院, 北京 100876,北京邮电大学 理学院, 北京 100876 |
| |
| 摘 要: | 针对一种以HTTP Headers为途径的新型SQL注入攻击进行了深入研究.通过分析具体的SQL注入实例,揭示了该新型SQL注入攻击的原理,并提出了针对此类攻击的防范手段.通过ip过滤,数据校验,机器学习等手段建立了一套完整的防御模型,且该模型具有低侵入、易实现、高可用、强扩展等优点.
|
| 关 键 词: | 新型SQL注入攻击 网络安全 HTTP Headers 防御模型 |
| 收稿时间: | 2015-10-06 |
| 修稿时间: | 2015-11-27 |
Research and Defense of a New Type of SQL Injection Attack |
| |
| ZHAO Yang and GUO Yu-Cui. Research and Defense of a New Type of SQL Injection Attack[J]. Computer Systems& Applications, 2016, 25(6): 225-230 |
| |
| Authors: | ZHAO Yang and GUO Yu-Cui |
| |
| Affiliation: | School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China and School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China |
| |
| Abstract: | In this paper, a new type of SQL Injection attack through HTTP Headers is studied. Through analysising an example of the SQL Injection attack, the principle of the new type of SQL Injection attack is revealed, and the defense for the new type of SQL Injection attack is proposed. A defense model is established via such means as the IP filtering, data validation and machine learning, and this model has such advantages as low invasive, easy realization, high availability and strong expandability. |
| |
| Keywords: | new type of SQL injection attack network security HTTP headers defense model |
|
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
