基于SQL注入攻击检测综述

Review of SQL Injection Attack Detection

SQL注入攻击(SQL Injection Attack,SQLIA)是对Web安全产生严重危害的网络入侵方式之一。SQL注入语法简单、入侵收益大,攻击范围甚至可以从云系统到物联网设备中的任何基础设施,这使得SQLIA成为了十大Web威胁报告(OWASP)中最受欢迎的入侵方式。如何有效检测出Web应用中的SQLIA受到研究者的广泛关注。通过对相关文献的调研发现,对SQLIA的检测分为传统检测方法和机器学习检测方法,并进行了简要介绍。在传统检测方法中,针对检测过程是否存在多阶段检测,首次分为一阶段SQLIA检测和两阶段SQLIA检测。在机器学习检测方法中,分为传统机器学习检测方法和深度学习检测方法。把传统的机器学习检测方法分为单一机器学习和集成学习检测方法,深度学习的检测方法分为单一深度学习和算法融合的检测方法。分别从数据集、鲁棒性评估以及模型可解释性等方面提出了对未来SQLIA检测所需考虑的问题并做出了展望。

SQL Injection Attack(SQLIA)is one of the network intrusion methods that can cause serious harm to web security.It is characterized by the simple syntax and the large gain of intrusion,and the range of attack can even be extended from Cloud system to any infrastructure in IoT devices,which makes SQLIA become the most popular intrusion method in the Top 10 Web Threats Report(OWASP).Therefore,how to effectively detect SQLIA in web applications has attracted lots of researchers.By investigating the literature on SQLIA detection,traditional detection methods and machine learning detection methods are categorized and briefly introduced.In the traditional detection methods,for the existence of multi-stage detection process,one-stage SQLIA detection and two-stage SQLIA detection are categorized for the first time.In machine learning detection methods,it is divided into traditional machine learning detection methods and deep learning detection methods.And the traditional machine learning detection methods are further categorized into single machine learning and integrated learning detection methods,and the deep learning detection methods are further categorized into single deep learning and algorithm fusion detection methods.Finally,the issues that need to be considered for future SQLIA detection are presented in terms of dataset,robustness assessment,and model interpretability,and outlooks are also made.