###

计算机系统应用英文版:2018,27(1):98-105

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

基于代理模式的SQL注入过滤方法

韩宸望^1,2, 林晖^1,2, 饶绪黎³, 黄川^1,2

(1.福建师范大学数学与计算机科学学院, 福州 350117;2.福建师范大学福建省网络安全与密码技术重点实验室, 福州 350117;3.福州职业技术学院信息技术工程系, 福州 350108)

SQL Injection Filtering Method Based on Proxy Mode

HAN Chen-Wang^1,2, LIN Hui^1,2, RAO Xu-Li³, HUANG Chuan^1,2

(1.School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350117, China;2.Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou 350117, China;3.Department of Information Technology Engineering, Fuzhou Polytechnic, Fuzhou 350108, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1788次下载 1817次
Received:April 16, 2017 Revised:May 02, 2017

中文摘要: 针对Web安全中的SQL注入问题，提出了一种新的SQL注入过滤方法——LFS （length-frequency-SQL syntax tree）过滤方法. LFS方法包括学习和过滤两个阶段，其中，学习阶段在安全的环境下，通过爬虫和数据库代理构建URL和SQL语句映射表；过滤阶段通过对URL长度、访问频率及SQL语法树这三个方面进行检测，以此实现对用户输入进行过滤，防止SQL注入攻击. 仿真实验及结果分析表明LFS方法相较于传统的关键字过滤和正则表达式过滤能够更有效的防止SQL注入攻击.

中文关键词: SQL注入攻击 Web安全用户输入过滤 SQL语法树

Abstract:To solve the SQL injection problem in the Web security, a new SQL injection filtering method named LFS (length-frequency-SQL syntax tree) is proposed in this study. The LFS includes two phases: the learning and the filtering phase. In the learning phase, the URL and the SQL statement mapping table are built based on the crawler and the database agent in a secure environment. In the filtering phase, the URL length, the access frequency, and the SQL syntax tree are detected to filter the user input to prevent SQL injection attacks. Simulation experiments and results analysis denote that the proposed LFS method can prevent SQL injection attacks more effectively than the traditional keyword filtering and regular expression filtering methods.

keywords: SQL injection attack Web security user input filtering SQL syntax tree

文章编号： 中图分类号： 文献标志码：

基金项目:国家自然科学基金（61363068，61472083）；福建省引导基金（2016Y0031）；福州市科技局基金（2015-G-54，2015-G-84）

引用文本：
韩宸望,林晖,饶绪黎,黄川.基于代理模式的SQL注入过滤方法.计算机系统应用,2018,27(1):98-105
HAN Chen-Wang,LIN Hui,RAO Xu-Li,HUANG Chuan.SQL Injection Filtering Method Based on Proxy Mode.COMPUTER SYSTEMS APPLICATIONS,2018,27(1):98-105

Author Name	Affiliation
HAN Chen-Wang	School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350117, China Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou 350117, China
LIN Hui	School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350117, China Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou 350117, China
RAO Xu-Li	Department of Information Technology Engineering, Fuzhou Polytechnic, Fuzhou 350108, China
HUANG Chuan	School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350117, China Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou 350117, China