Guiling Zhang, Yaling Zhang, Yichuan Wang, Lei Zhu, Wenjiang Ji
{"title":"A fine-grained petri model for SQL time-blind injection","authors":"Guiling Zhang, Yaling Zhang, Yichuan Wang, Lei Zhu, Wenjiang Ji","doi":"10.1109/NaNA53684.2021.00035","DOIUrl":null,"url":null,"abstract":"With the background of severe SQL injection attacks, the existing SQL injection modeling methods cannot reflect the process of SQL injection attacks in a fine-grained manner. Based on the discussion of attack technology, this paper takes SQL time-blind injection as an example to model its process with Petri Net. The validity of the model is verified by quantitative analysis and qualitative analysis. Try to inject 10, 20, 30, 40 and 50 times into target aircraft and Petri Net model respectively. The blind injection time is recorded and compared. The results show that the injection time increases with the increase of injection times. Under the same injection times, the Petri Net model takes less time. The sending time in the token can be set. When the sending time is short, the injection speed is fast, and super real-time simulation can be realized, which can realize the rapid prediction of attacks and resource vulnerability effects. When the sending time is long, the injection process slows down. It is beneficial to observe the details of the injection process and whether conflicts occur at a fine-grained level, analyze the purpose of the attack and achieve the purpose of building a patch model. The patch model can effectively take countermeasures against attacks, predict unknown vulnerabilities and ensure network information security.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
With the background of severe SQL injection attacks, the existing SQL injection modeling methods cannot reflect the process of SQL injection attacks in a fine-grained manner. Based on the discussion of attack technology, this paper takes SQL time-blind injection as an example to model its process with Petri Net. The validity of the model is verified by quantitative analysis and qualitative analysis. Try to inject 10, 20, 30, 40 and 50 times into target aircraft and Petri Net model respectively. The blind injection time is recorded and compared. The results show that the injection time increases with the increase of injection times. Under the same injection times, the Petri Net model takes less time. The sending time in the token can be set. When the sending time is short, the injection speed is fast, and super real-time simulation can be realized, which can realize the rapid prediction of attacks and resource vulnerability effects. When the sending time is long, the injection process slows down. It is beneficial to observe the details of the injection process and whether conflicts occur at a fine-grained level, analyze the purpose of the attack and achieve the purpose of building a patch model. The patch model can effectively take countermeasures against attacks, predict unknown vulnerabilities and ensure network information security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
