基于Windows环境的SQL注入攻击检测系统设计与实现  被引量：2

作　　者：张令通[1] 罗森林[2] 冯帆[2] 

机构地区：[1]云南大理学院工程学院,云南大理671003 [2]北京理工大学信息系统及安全对抗实验中心,北京100081

出　　处：《信息网络安全》2014年第7期16-19,共4页Netinfo Security

基　　金：国家242计划项目[2005C48];云南省教育厅科研基金项目[2012Y154]

摘　　要：随着基于Internet的Web应用程序和服务在信息系统和商业领域中的应用越来越普及,针对Web应用程序漏洞发起的攻击在各类攻击中所占的比例正在逐步上升,SQL注入攻击已经成为威胁Web安全的首要隐患。为了防范SQL注入攻击对网络信息的危害,根据SQL语法结构,利用树形结构,对可注入的SQL语法进行拆分和分类,并对每一种子类进行特征提取,从而获得了一套SQL注入攻击检测的关键字库,基于关键字匹配技术,采用C/C++语言,设计并实现了基于Windows环境的注入攻击检测系统。系统包括在线模式和离线模式,以关键字库和危险IP库为基础。系统的在线模式可以对动态获取的网络数据包进行检测,离线模式可以对多种嗅探器软件的数据包文件进行解析和检测。实验结果表明,系统针对危险数据包的检测准确率达到92%,误报率为0.6%,并且可以支持Wireshark和TCPDUMP生成的数据包文件格式,对防范SQL注入攻击具有较好的实际意义。With the wide use of Web applications and services based on the Internet, the fraction of attacks using some bugs of Web applications is increasing, compared to all types of attacks. The SQL injection attack has become the most important hidden danger of threatening the Web security. In order to prevent the harm of SQL injection attack to network information, a detection system of the SQL injection attack has been designed and implemented based on the Windows environment. According to the SQL grammar structure, under the help of tree structure, this system extracts a set of keyword library of SQL injection attacks detection by split and classification of the injected SQL grammar, finding the features of each type, and use keyword matching technology. It finally designed a test system based on C/C＋＋language. The system includes both online and offline modes, and it is on the basis of keyword library and dangerous IP library. The online mode can test the data packages that are obtained randomly. The offline mode can analyze and test the data packages of different types of packet sniffing tools. The experiment results show that the system has high accuracy rate （up to 92%） of detection for dangerous packets and can support the data package file format generated by Wireshark and TCPDUMP. So this system has the good actual significance for preventing SQL injection attacks. The false alarm rate is only 0.6 per cent.

关 键 词：SQL 注入攻击 检测 匹配 危险IP库 敏感字符库 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]