{"title":"Detection method of SQL injection attack in cloud computing environment","authors":"Kuisheng Wang, Yan Hou","doi":"10.1109/IMCEC.2016.7867260","DOIUrl":null,"url":null,"abstract":"For the issues that the Web service is easy to suffer from SQL injection attacks in cloud computing environment. This paper proposes a kind of SQL detection method which combined with dynamic taint analysis and input filtering. And it is embedded in the cloud environment to achieve the protection of the Web applications in cloud deployment. First, the method obtains the SQL keywords through the analysis of lexical regulation for SQL statement. Then, it analyses the syntax regulation of SQL statement to create the rule tree. Finally, it traverses ternary tree on the basis of the model which established by SQL syntax regulation to detect the attacks. Experimental results show that the method is effective and feasible. Also, the accuracy is improved by adding the detection module.","PeriodicalId":218222,"journal":{"name":"2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMCEC.2016.7867260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
For the issues that the Web service is easy to suffer from SQL injection attacks in cloud computing environment. This paper proposes a kind of SQL detection method which combined with dynamic taint analysis and input filtering. And it is embedded in the cloud environment to achieve the protection of the Web applications in cloud deployment. First, the method obtains the SQL keywords through the analysis of lexical regulation for SQL statement. Then, it analyses the syntax regulation of SQL statement to create the rule tree. Finally, it traverses ternary tree on the basis of the model which established by SQL syntax regulation to detect the attacks. Experimental results show that the method is effective and feasible. Also, the accuracy is improved by adding the detection module.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
