期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于序列比对的SQL注入攻击检测方法 被引量:10

Method of defense SQL injection attacks based on sequence alignment
下载PDF
导出
摘要 SQL注入攻击已经严重影响了网络应用的安全,因为它可以使攻击者不受限制地访问数据库中的敏感信息。为此,提出了一种新的基于序列比对的方法进行SQL注入攻击检测,并给出了序列比对算法的实施过程和基于该算法的检测方法;最后对该方法的正确性和性能进行了分析和测试。实验结果表明,本方法是简单有效的。 SQL injection attacks pose a serious threat to the security of Web applications because they can give attackers unrestricted access to databases that contain sensitive information. This paper proposed a new method based on sequence alignment for protecting existing Web applications against SQL injection. Elaborated implementation and detection pattern with sequence alignment algorithm in detail. Finally analyzed and tested the correctness and performance of the method. Experimental results show that this method is simple and effective.
作者 孙义 胡雨霁 黄皓
机构地区 南京大学软件新技术国家重点实验室 南京大学计算机科学与技术系
出处 《计算机应用研究》 CSCD 北大核心 2010年第9期3525-3528,共4页 Application Research of Computers
基金 江苏省高技术研究计划资助项目(BE2008124)
关键词 SQL注入 序列比对 攻击检测 SQL injection sequence alignment attack detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献18

  • 1OWASP Foundation.The ten most critical Web application security vulnerabilities[R].2007.
  • 2MAOR O,SHULMAN A.SQL injection signatures evasion[EB/OL].(2004-12-18).http://www.securiteam.com/securityreviews/5FP0O0KCKM.html.
  • 3LERDORF R,TATROE K,MACLNTYRE P.PHP程序设计[M].北京:电子工业出版社,2007.
  • 4HOWARD M,LeBLANC D.Writing secure code[M].2nd ed.Redmond:Microsoft Press,2003.
  • 5SCOTT D,SHARP R.Abstracting application-level Web security[C]//Proc of the 11th International Conference on World Wide Web.New York:ACM Press,2002:396-407.
  • 6SCOTT D,SHARP R.Specifying and enforcing application-level Web security policies[J].IEEE Trans in Knowledge and Data Engineering,2003,15(4):771-783.
  • 7陈晓苏,匡硕,吴永英,林植.基于XML的安全策略描述语言规范[J].华中科技大学学报(自然科学版),2008,36(6):28-32. 被引量:4
  • 8BRABRAND C,MLLER A,RICKY M,et al.Powerforms:declarative client-side form field validation[J].World Wide Web,2000,3(4):205-214.
  • 9HALFOND W G J,ORSO A.AMNESIA:analysis and monitoring for neutralizing SQL-injection attacks[C]//Proc of IEEE and ACM International Conference on Automated Software Engineering.New York:ACM Press,2005:174-183.
  • 10LEE S,LOW W,WONG P Y.Learning fingerprints for a database intrusion detection system[C]//Proc of the 7th European Symposium on Research in Computer Security.London:Springer-Verlag,2002:264-280.

二级参考文献8

  • 1陈旺,李中学.BLP模型及其研究方向[J].计算机工程与应用,2006,42(13):136-138. 被引量:6
  • 2Lobo J, Bhatia R, Naqvi S. A policy description language[C]//Proceedings of the 16^th National Conference on Artificial Intelligence (AAAI'99). Orlando: MIT Press, 1999:291-298.
  • 3Virmani A, Lobo J, Kohli M. Netmon: network management for the SARAS softswitch[C] //Proceedings of the 2000 IEEE/IFIP Network Operations and Management Symposium (NOMS 2000). Piscataway(NJ).. IEEE, 2000:803-816.
  • 4Damianou N, Dulay N, Lupu E, et al. Ponder.. a language for specifying security and management policies for distributed systems[R].[s. l.]. Imperial College Research Report DoC, 2000.
  • 5Damianou N, Dulay N, Lupu E, et al. The ponder policy specification language[C]// Proceedings of Policy Workshop 2001. Berlin: Springer, 2001:18-38.
  • 6Lalana Kagal. Rei: a policy language for the me-Centric project[R]. [s. l. ]. HP Labs, 2002.
  • 7Stone G, Lundy B, Xie G. Network policy languages:a survey and a new approach[J]. IEEE Net work, 2001, 15(1): 10-21.
  • 8Hull R, Kumar B, Lieuwen D. Towards federated policy management[C]//Policies for Distributed Systems and Networks 2003 (POLICY2003). New York: IEEE, 2003: 183-194.

共引文献4

同被引文献75

引证文献10

二级引证文献37

计算机应用研究
2010年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部