期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于网页DOM树比对的SQL注入漏洞检测 被引量:5

SQL Injection Vulnerability Detection Based on Webpage DOM Tree Comparison
下载PDF
导出
摘要 针对传统SQL注入漏洞检测方法准确率不高的问题,提出一种基于网页文档对象模型(DOM)树比对结果的检测方法。通过简化基于节点序列的网页比对方法,减少节点比对次数,加快检测效率,并设计实现一个SQL注入漏洞检测原型系统。实验结果表明,该系统具有较高的SQL注入漏洞检测效率和准确率。 Aiming at the problem that traditional SQL injection vulnerability detection results have low accurateness,this paper presents a detection method based on the comparison results of the Webpage’s Document Object Model(DOM) tree.By simplifying the Web comparison algorithm based on node sequences,it reduces the number of node compare times,and accelerates the detection.A corresponding SQL injection vulnerability detection prototype system is designed and implied.Experimental results indicate that the system has high detection efficiency and accurateness.
作者 张晨 汪永益 王雄 施凡
机构地区 电子工程学院网络工程系
出处 《计算机工程》 CAS CSCD 2012年第18期111-115,共5页 Computer Engineering
关键词 网页比对 SQL注入 注入漏洞检测 文档对象模型树 DOM树快速比对 Webpage comparison; SQL injection; injection vulnerability detection; Document Object Model(DOM) tree; fast DOM tree comparison
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1OWASP-Top10-2010 Document[EB/OL]. [2011-11-16]. http:// www.owasp.org/index.php/Category:OWASP_Top_ten_Project.
  • 2Clarke J. SQL注入攻击与防御[M]. 黄晓磊, 李化, 译. 北京: 清华大学出版社, 2010.
  • 3Hickson I, Hyatt D. HTML 5: A Vocabulary and Associated APIs for HTML and XHTML[EB/OL]. [2011-11-16]. http://www. w3.org/TR/2009/WD-htm15-20090212/.
  • 4吴恒亮.基于本体和DOM树的Web信息抽取技术研究[J].情报科学,2010,28(7):1055-1059. 被引量:3
  • 5Fallside D C, Walmsley P. XML Schema Part 0: Primer 2nd Edition[EB/OL]. [2011-11-13]. http://www.w3.org/TR/xmlschema -0/.
  • 6Document Object Model[EB/OL]. [2011-11-16]. http://www. w3.org/DOM/.
  • 7黄歆,桑楠.基于DOM树和递归X-Y分割算法的Zone树模型[J].计算机工程,2009,35(5):53-55. 被引量:4
  • 8何昕,谢志鹏.基于简单树匹配算法的Web页面结构相似性度量[J].计算机研究与发展,2007,44(z3):1-6. 被引量:15
  • 9HTML Parser 2.0[EB/OL]. [2011-11-11]. http://www.sourceforge. net/javadoc/index.html.
  • 10Raggett D. Clean Up Your Web Pages with HTML Tidy[EB/OL]. [2011-11-10]. http://www.w3.org/People/Raggetc/tidy.

二级参考文献19

  • 1崔继馨,张鹏,杨文柱.基于DOM的Web信息抽取[J].河北农业大学学报,2005,28(3):90-93. 被引量:12
  • 2Ha J, Haralick R, Phillips I. Recursive X-Y Cut Using Bounding Boxes of Connected Components[C]//Proc. of the 3rd International Conference on Document Analysis and Recognition. Montreal, Canada: [s. n.], 1995: 952-955.
  • 3Chen Jinlin, Zhou Baoyao, Shi Jin, et al. Function-based Object Model Towards Website Adaptation[EB/OL]. (2001-05-01/ 2001-05-05 ). http://www 10.org/cdrom/papers/296/.
  • 4Cai Deng, Yu Shipeng, Wen Jirong, et al. VIPS: A Vision-based Page Segmentation Algorithm[R]. Beijing Microsoft Research, Technical Report: MSR-TR-2003-79, 2003.
  • 5Shafait E Keysers D, Breuel T M. Performance Comparison of Six Algorithms for Page Segmentation[J]. Document Analysis SystemsⅦ, 2006, 38(6): 368-379.
  • 6Cai Deng, Yu Shipeng, Wen Jirong, et al. Extracting Content Structure for Web Pages Based on Visual Representation[C]//Proc. of the 5th Asia Pacific Web Conference. Xi'an, China: [s. n.], 2003.
  • 7[1]Zhenjiang Lin,Michael R Lyu,Irwin King.PageSim:A novel linkbased measure of Web page similarity.In:Proc of the 15th WWW Conf.Los Alamitos:IEEE Computer Society Press,2006.1019-1020
  • 8[2]Anastasios Tombros,Zeeshan Ali.Factors affecting Web page similarity.In:Proc of the ECIR 2005.Berlin:Springer,2005.487-501
  • 9[3]K Tai.The tree to tree correction problem.Journal of the ACM,1979,26(3):422-433
  • 10[4]Sachindra Joshi,Neeraj Agrawal,Raghu Krishnapuram,et al.A bag of paths model for measuring structural similarity in Web documents.In:Proc of the 9th ACM SIGKDD Conf.New York:ACM Press,2003.577-582

共引文献19

同被引文献46

  • 1赵志滨,贾岩峰,姚兰,鲍玉斌.含有丰富结构化数据的Web页面分类技术的研究[J].计算机研究与发展,2013,50(S1):53-60. 被引量:5
  • 2陈小兵,张汉煜,骆力明,黄河.SQL注入攻击及其防范检测技术研究[J].计算机工程与应用,2007,43(11):150-152. 被引量:72
  • 3Clarke J.SQL注入攻击与防御[M].黄晓磊,李化,译.北京:清华大学出版社,2010.
  • 4CLARKE J,黄晓磊,李化译.SQL注入攻击与防御[M].清华大学出版社,2010.
  • 5Indrani Balasundaram,Ramaraj E.An efficient technique for detection and prevention of SQL injection attack using ASCII based string matching[J] .Procedia Engineering,2012,30:183-190.
  • 6Inyong Lee,Soonki Jeong,Sangsoo Yeo,et al.A novel method for SQL injection attack detection based on removing SQL query attribute values[J] .Mathematical and Computer Modelling,2011,55(1):58-68.
  • 7Shar Lwin Khin,Tan Hee Beng Kuan.Defeating SQL injection[J] .Computer,2013,46(3):69-77.
  • 8中国互联网信息中心.第36次中国互联网络发展状况统计报告[EB/OL].http://ww.cnnic.cn,20159.
  • 9国际电信联盟. 2014年信息与通信技术[EB/OL]. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf, 2014-05-08.
  • 10国家互联网应急中心. 互联网安全威胁报告[EB/OL]. http://www.cert.org.cn/publish/main/upload/File/2015 monthly08.pdf, 2015-08-10.

引证文献5

二级引证文献11

计算机工程
2012年 第18期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部