###

计算机系统应用英文版:2016,25(6):225-230

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

新型SQL注入攻击的研究与防范

赵阳, 郭玉翠

(北京邮电大学理学院, 北京 100876)

Research and Defense of a New Type of SQL Injection Attack

ZHAO Yang, GUO Yu-Cui

(School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1345次下载 2546次
Received:October 06, 2015 Revised:November 27, 2015

中文摘要: 针对一种以HTTP Headers为途径的新型SQL注入攻击进行了深入研究.通过分析具体的SQL注入实例,揭示了该新型SQL注入攻击的原理,并提出了针对此类攻击的防范手段.通过ip过滤,数据校验,机器学习等手段建立了一套完整的防御模型,且该模型具有低侵入、易实现、高可用、强扩展等优点.

中文关键词: 新型SQL注入攻击网络安全 HTTP Headers 防御模型

Abstract:In this paper, a new type of SQL Injection attack through HTTP Headers is studied. Through analysising an example of the SQL Injection attack, the principle of the new type of SQL Injection attack is revealed, and the defense for the new type of SQL Injection attack is proposed. A defense model is established via such means as the IP filtering, data validation and machine learning, and this model has such advantages as low invasive, easy realization, high availability and strong expandability.

keywords: new type of SQL injection attack network security HTTP headers defense model

文章编号： 中图分类号： 文献标志码：

基金项目:

Author Name	Affiliation
ZHAO Yang	School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China
GUO Yu-Cui	School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China

Author Name	Affiliation
ZHAO Yang	School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China
GUO Yu-Cui	School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China

引用文本：
赵阳,郭玉翠.新型SQL注入攻击的研究与防范.计算机系统应用,2016,25(6):225-230
ZHAO Yang,GUO Yu-Cui.Research and Defense of a New Type of SQL Injection Attack.COMPUTER SYSTEMS APPLICATIONS,2016,25(6):225-230