{"title":"恶意SQL数据注入检测","authors":"Huizi Yan, Jiwei Chen","doi":"10.1117/12.2653531","DOIUrl":null,"url":null,"abstract":"SQL injection attack could obtain sensitive information in the database, tamper or delete illegally obtained information, etc., which causes immeasurable losses to the system. Aiming at SQL injection attack, this paper proposes a new SQL injection detection scheme that combines traditional detection methods with abstract syntax tree structure judgment based on semantic analysis. The solution includes modules such as data preprocessing, SQL statement pre-assembly, and semantic analysis. By assembling the user input content and the actual SQL template statement to form a complete SQL statement, the statement is subjected to structural judgment and semantic analysis to determine the request and precisely identify malicious injection attack.","PeriodicalId":32903,"journal":{"name":"JITeCS Journal of Information Technology and Computer Science","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Malicious SQL data injection detection\",\"authors\":\"Huizi Yan, Jiwei Chen\",\"doi\":\"10.1117/12.2653531\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SQL injection attack could obtain sensitive information in the database, tamper or delete illegally obtained information, etc., which causes immeasurable losses to the system. Aiming at SQL injection attack, this paper proposes a new SQL injection detection scheme that combines traditional detection methods with abstract syntax tree structure judgment based on semantic analysis. The solution includes modules such as data preprocessing, SQL statement pre-assembly, and semantic analysis. By assembling the user input content and the actual SQL template statement to form a complete SQL statement, the statement is subjected to structural judgment and semantic analysis to determine the request and precisely identify malicious injection attack.\",\"PeriodicalId\":32903,\"journal\":{\"name\":\"JITeCS Journal of Information Technology and Computer Science\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"JITeCS Journal of Information Technology and Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1117/12.2653531\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"JITeCS Journal of Information Technology and Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.2653531","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SQL injection attack could obtain sensitive information in the database, tamper or delete illegally obtained information, etc., which causes immeasurable losses to the system. Aiming at SQL injection attack, this paper proposes a new SQL injection detection scheme that combines traditional detection methods with abstract syntax tree structure judgment based on semantic analysis. The solution includes modules such as data preprocessing, SQL statement pre-assembly, and semantic analysis. By assembling the user input content and the actual SQL template statement to form a complete SQL statement, the statement is subjected to structural judgment and semantic analysis to determine the request and precisely identify malicious injection attack.