基于SQL注入攻击检测综述  

作　　者：刘洋 王慧玲 徐苗 綦小龙 LIU Yang;WANG Huiling;XU Miao;QI Xiaolong(School of Network Security and Information Technology,Yili Normal University,Yining 835000,China;Key Laboratory of Intelligent Computing Research and Application,Yili Normal University,Yining 835000,China)

机构地区：[1]伊犁师范大学网络安全与信息技术学院,新疆伊宁835000 [2]伊犁师范大学伊犁河谷智能计算研究与应用重点实验室,新疆伊宁835000

出　　处：《计算机与网络》2024年第1期63-73,共11页Computer & Network

基　　金：新疆维吾尔自治区自然科学基金(2022D01C337,2021D01C467);计算机软件新技术国家重点实验室(南京大学)(KFKT2022B30);学实高层次人才岗位(YSXSQN22007);伊犁师范大学提升学科综合实力专项自科重点项目(22XKZZ19)。

摘　　要：SQL注入攻击(SQL Injection Attack,SQLIA)是对Web安全产生严重危害的网络入侵方式之一。SQL注入语法简单、入侵收益大,攻击范围甚至可以从云系统到物联网设备中的任何基础设施,这使得SQLIA成为了十大Web威胁报告(OWASP)中最受欢迎的入侵方式。如何有效检测出Web应用中的SQLIA受到研究者的广泛关注。通过对相关文献的调研发现,对SQLIA的检测分为传统检测方法和机器学习检测方法,并进行了简要介绍。在传统检测方法中,针对检测过程是否存在多阶段检测,首次分为一阶段SQLIA检测和两阶段SQLIA检测。在机器学习检测方法中,分为传统机器学习检测方法和深度学习检测方法。把传统的机器学习检测方法分为单一机器学习和集成学习检测方法,深度学习的检测方法分为单一深度学习和算法融合的检测方法。分别从数据集、鲁棒性评估以及模型可解释性等方面提出了对未来SQLIA检测所需考虑的问题并做出了展望。SQL Injection Attack(SQLIA)is one of the network intrusion methods that can cause serious harm to web security.It is characterized by the simple syntax and the large gain of intrusion,and the range of attack can even be extended from Cloud system to any infrastructure in IoT devices,which makes SQLIA become the most popular intrusion method in the Top 10 Web Threats Report(OWASP).Therefore,how to effectively detect SQLIA in web applications has attracted lots of researchers.By investigating the literature on SQLIA detection,traditional detection methods and machine learning detection methods are categorized and briefly introduced.In the traditional detection methods,for the existence of multi-stage detection process,one-stage SQLIA detection and two-stage SQLIA detection are categorized for the first time.In machine learning detection methods,it is divided into traditional machine learning detection methods and deep learning detection methods.And the traditional machine learning detection methods are further categorized into single machine learning and integrated learning detection methods,and the deep learning detection methods are further categorized into single deep learning and algorithm fusion detection methods.Finally,the issues that need to be considered for future SQLIA detection are presented in terms of dataset,robustness assessment,and model interpretability,and outlooks are also made.

关 键 词：SQL注入攻击 传统检测方法 传统机器学习检测方法 深度学习检测方法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]