Abstract:As the core component of the information system, the database stores a large amount of important data information and is vulnerable to the most harmful SQL injection attacks. Traditional database defense methods require prior knowledge such as the characteristics of attack behavior to implement effective defense, and have the defects of static, transparent, and lack of diversity. In this context, based on the dynamic heterogeneous redundancy principle of mimicry defense, the reserved word mimicry module, fingerprint filtering module and mimetic middleware module are used to realize fingerprinting, de-fingerprinting and similarity judgment of SQL injection instructions. A mimetic database model with endogenous security is proposed, and the model is tested using the SQL injection module in the penetration test rehearsal system DVWA to verify the availability and security.