[1] |
BOYD S W , KEROMYTIS A D . SQLrand:preventing SQL injection attacks[C]// International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2004: 292-302.
|
[2] |
马博林, 张铮, 陈源 ,等. 基于指令集随机化的抗代码注入攻击方法[J]. 信息安全学报, 2020,5(4): 30-43.
|
|
MA B L , ZHANG Z , CHEN Y ,et al. The defense method for code-injection attacks based on instruction set randomization[J]. Journal of Cyber Security, 2020,5(4): 30-43.
|
[3] |
方滨兴 . 定义网络空间安全[J]. 网络与信息安全学报, 2018,4(1): 1-5.
|
|
FANG B X . Define cyberspace security[J]. Chinese Journal of Network and Information Security, 2018,4(1): 1-5.
|
[4] |
SHAR L K , TAN H B K . Defeating SQL injection[J]. Computer, 2013,46(3): 69-77.
|
[5] |
MCCLURE R A , KRUGER I H . SQL DOM:compile time checking of dynamic SQL statements[C]// Proceedings of 27th International Conference on Software Engineering. Piscataway:IEEE Press, 2005: 88-96.
|
[6] |
COOK W R , RAI S . Safe query objects:statically typed objects as remotely executable queries[C]// Proceedings of 27th International Conference on Software Engineering. Piscataway:IEEE Press, 2005: 97-106.
|
[7] |
KIEYZUN A , GUO P J , JAYARAMAN K ,et al. Automatic creation of SQL Injection and cross-site scripting attacks[C]// 2009 IEEE 31st International Conference on Software Engineering. Piscataway:IEEE Press, 2009: 199-209.
|
[8] |
孙歆, 姚一杨, 卢新岱 ,等. 基于HTTP代理的模糊测试技术研究[J]. 网络与信息安全学报, 2016,2(2): 75-86.
|
|
SUN X , YAO Y Y , LU X D ,et al. Research and implementation of fuzzing testing based on HTTP proxy[J]. Chinese Journal of Network and Information Security, 2016,2(2): 75-86.
|
[9] |
KAR D , PANIGRAHI S , SUNDARARAJAN S . SQLiGoT:detecting SQL injection attacks using graph of tokens and SVM[J]. Computers& Security, 2016,60: 206-225.
|
[10] |
韩宸望, 林晖, 黄川 . 基于SQL语法树的SQL注入过滤方法研究[J]. 网络与信息安全学报, 2016,2(11): 70-77.
|
|
HAN C W , LIN H , HUANG C . Research on the SQL injection filtering based on SQL syntax tree[J]. Chinese Journal of Network and Information Security, 2016,2(11): 70-77.
|
[11] |
赵宇飞, 熊刚, 贺龙涛 ,等. 面向网络环境的SQL注入行为检测方法[J]. 通信学报, 2016,37(2): 88-97.
|
|
ZHAO Y F , XIONG G , HE L T ,et al. Approach to detecting SQL injection behaviors in network environment[J]. Journal on Communications, 2016,37(2): 88-97.
|
[12] |
APPELT D , PANICHELLA A , BRIAND L . Automatically repairing web application firewalls based on successful SQL injection attacks[C]// 2017 IEEE 28th International Symposium on Software Reliability Engineering. Piscataway:IEEE Press, 2017: 339-350.
|
[13] |
张慧琳, 丁羽, 张利华 ,等. 基于敏感字符的SQL注入攻击防御方法[J]. 计算机研究与发展, 2016,53(10): 2262-2276.
|
|
ZHANG H L , DING Y , ZHANG L H ,et al. SQL injection prevention based on sensitive characters[J]. Journal of Computer Research and Development, 2016,53(10): 2262-2276.
|
[14] |
NGUYEN-TUONG A , GUARNIERI S , GREENE D ,et al. Automatically hardening Web applications using precise tainting[C]// IFIP International Information Security Conference. Berlin:Springer, 2005: 295-307.
|
[15] |
PIETRASZEK T , BERGHE C V . Defending against injection attacks through context-sensitive string evaluation[C]// International Conference on Recent Advances in Intrusion Detection. Berlin:Springer, 2005: 124-145.
|
[16] |
HALFOND W G J , ORSO A . AMNESIA:analysis and monitoring for NEutralizing SQL-injection attacks[C]// Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering. New York:ACM Press, 2005: 174-183.
|
[17] |
何成万, 叶志鹏 . 基于AOP和动态污点分析的SQL注入行为检测方法[J]. 电子学报, 2019,47(11): 2413-2419.
|
|
HE C W , YE Z P . SQL injection behavior detection method based on AOP and dynamic taint analysis[J]. Acta Electronica Sinica, 2019,47(11): 2413-2419.
|
[18] |
HRANICKY R , ZOBAL L , RY?AVY O . Distributed password cracking with BOINC and hashcat[J]. Digital Investigation, 2019,30: 161-172.
|
[19] |
KNOWLTON K C . A combination hardware-software debugging system[J]. IEEE Transactions on Computers, 1968,100(1): 84-86.
|
[20] |
COX B , EVANS D , FILIPI A ,et al. N-Variant systems:a secretless framework for security through diversity[C]// Proceedings of the 15th conference on USENIX Security Symposium. New York:ACM Press, 2006: 105-120.
|
[21] |
BERGER E D , ZORN B G . DieHard:probabilistic memory safety for unsafe languages[C]// ACM SIGPLAN Conference on Programming Language Design & Implementation. New York:ACM Press, 2006: 158-168.
|
[22] |
NOVARK G , BERGER E D . DieHarder:securing the heap[C]// Proceedings of the 17th ACM Conference on Computer and Communications Security. New York:ACM Press, 2010: 1-12.
|
[23] |
NOVARK G , BERGER E D , ZORN B G . Exterminator:automatically correcting memory errors with high probability[J]. ACM SIGPLAN Notices, 2007,42(6): 1-11.
|
[24] |
邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
|
|
WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
|
[25] |
WU J X . Cyberspace mimic defense[M]. Cham: Springer International Publishing, 2020.
|
[26] |
张铮, 马博林, 邬江兴 . web服务器拟态防御原理验证系统测试与分析[J]. 信息安全学报, 2017,2(1): 13-28.
|
|
ZHANG Z , MA B L , WU J X . The test and analysis of prototype of mimic defense in web servers[J]. Journal of Cyber Security, 2017,2(1): 13-28.
|
[27] |
马博林, 张铮, 刘健雄 . 应用于动态异构 web 服务器的相似度求解方法[J]. 计算机工程与设计, 2018,39(1): 282-287.
|
|
MA B L , ZHANG Z , LIU J X . Similarity calculation method applied to dynamic heterogeneous web server system[J]. Computer Engineering and Design, 2018,39(1): 282-287.
|
[28] |
唐海娜, 林小拉, 韩春静 . 基于移动指针的数据流冗余消除算法[J]. 通信学报, 2012,33(2): 7-14.
|
|
TANG H N , LIN X L , HAN C J . Duplicate elimination algorithm for data streams with SKIP Bloom filter[J]. Journal on Communications, 2012,33(2): 7-14.
|