Journal on Communications ›› 2016, Vol. 37 ›› Issue (2): 89-98.doi: 10.11959/j.issn.1000-436x.2016034
• academic paper • Previous Articles Next Articles
Yu-fei ZHAO1,Gang XIONG2,Long-tao HE3,Zhou-jun LI1
Online:
2016-02-26
Published:
2016-02-26
Supported by:
Yu-fei ZHAO,Gang XIONG,Long-tao HE,Zhou-jun LI. Approach to detecting SQL injection behaviors in network environment[J]. Journal on Communications, 2016, 37(2): 89-98.
[1] | OWASP 2013 top 10 risks[EB/OL]. , 2015-3-12. |
[2] | MCDONALD, S . SQL Injection: modes of attack, defense, and why it matters[EB/OL]. , 2015-3-11. |
[3] | ORSO A , HALFOND W G J , VIEGAS J . A classification of SQL injection attacks and countermeasures[C]// The International Symposium on Secure Software Engineering. c2006. |
[4] | APPELT D , NGUYEN D C , BRIAND L . Behind an application irewall, are we safe from SQL injection attacks[C]// IEEE International Conference on Software Testing, Verification and Validation (ICST). c2015: 1-10. |
[5] | 马小婷, 胡国平, 李舟军 . SQL注入漏洞检测与防御技术研究[J]. 计算机安全, 2010(11): 18-24. MA X T , HU G P , LI Z J . Research on detection and prevention technologies for SQL injection vulnerability[J]. Computer Security, 2010(11): 18-24. |
[6] | HALFOND W G J , ORSO A . AMNESIA: analysis and monitorin for NEutralizing SQL-injection attacks[C]// 20th IEEE/ACM International Conference on Automated Software Engineering. ACM, c2005: 174-183. |
[7] | HALFOND W G J , ORSO A . Detection and prevention of SQL injection attacks[J]. Malware Detection, 2006, (27): 85-109. |
[8] | SHAR L K , TAN H B K , BRIAND L C . Mining SQL injection cross site scripting vulnerabilities using hybrid program analysis[C]// 2013 International Conference on Software Engineering. IEEE Press, c2013: 642-651. |
[9] | SHAHRIAR H , NORTH S , CHEN W C . Early detection of SQL injection attacks[J]. International Journal of Network Security & Its Applications, 2013, 5(4): 53-65. |
[10] | VALEUR F , MUTZ D , VIGNA G . A learning-based approach to the detection of SQL attacks[M]. Detection of Intrusions and Malware, and Vulnerability Assessment, Springer Berlin Heidelberg, 2005: 123-140. |
[11] | KEMALIS K , TZOURAMANIS T . SQL-IDS: a specification-based approach for SQL-injection detections[C]// 2008 ACM Symposium on Applied Computing. ACM, c2008: 2153-2158. |
[12] | 陆开奎 . 基于动态污点分析的漏洞攻击检测技术研究与实现[D]. 成都: 电子科技大学, 2013. LU K K . The Research and realization of dynamic taint analysis based security attack detection technology[D]. Chengdu: University of Electronic Science and Technology of China, 2013. |
[13] | HUANG Y W , HUANG S K , TSAI C H . Web application security assessment by fault injection and behavior monitoring[C]// WWW’03 International Conference on World Wide Web. c2003: 148-159. |
[14] | KALS S , KIRDA E , KRUEGEL C , et al. SecuBat: a Web vulnerability scanner[C]// International Conference on World Wide Web. c2006: 247-256. |
[15] | APPELT D , NGUYEN C D , BRIAND L C , et al. Automated testing for SQL injection vulnerabilities: an input mutation approach[C]// In ternational Symposium on Software Testing & Analysis. c2014: 259-269. |
[16] | 王苏南 . 高速复杂网络环境下异常流量检测技术研究[D]. 郑州:解放军信息工程大学, 2012. WANG S N . Research on anomaly detection technology in high-speed complex network environment[D]. Zhengzhou: PLA Information Engineering University, 2012. |
[17] | ZHANG J , XIANG Y , WANG Y , et al. Network traffic classification using correlation information[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 24(1): 104-117. |
[18] | 周爱平, 程光, 郭晓军 . 高速网络流量测量方法[J]. 软件学报, 2014, 25(1): 135-153. ZHOU A P , CHENG G , GUO X J . High-speed network traffic measurement method[J]. Journal of Software, 2014, 25(1): 135-153. |
[19] | 王鹏, 兰巨龙, 陈庶樵 . 粒度自适应的多径流量分割算法[J]. 通信学报, 2015, 36(1): 211-217. WANG P , LAN J L , CHEN S Q . Multipath traffic splitting algorithm based on adaptive granularity[J]. Journal on Communicatio, 2015, 36(1): 211-217. |
[20] | Pangolin-SQLinjection tools[EB/OL]. , 2014-12-22. |
[21] | Sqlmap-Automatic SQL injection and databasetakeover tool[EB/OL]. , 2015-3-5. |
[1] | Debin WEI, Chengsheng PAN, Li YANG, Zuoren YAN. Adaptive random early detection algorithm based on network traffic level grade prediction [J]. Journal on Communications, 2023, 44(6): 154-166. |
[2] | Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN, Yongliang ZHOU, Jiali MA. Method based on contrastive incremental learning for fine-grained malicious traffic classification [J]. Journal on Communications, 2023, 44(3): 1-11. |
[3] | Xueyuan DUAN, Yu FU, Kun WANG, Taotao LIU, Bin LI. Network traffic anomaly detection method based on multi-scale characteristic [J]. Journal on Communications, 2022, 43(10): 65-76. |
[4] | Zhongping ZHANG, Weixiong LIU, Yuting ZHANG, Yu DENG, Mianxin WEI. ERDOF: outlier detection algorithm based on entropy weight distance and relative density outlier factor [J]. Journal on Communications, 2021, 42(9): 133-143. |
[5] | Bolin MA, Zheng ZHANG, Hao LIU, Jiangxing WU. SQLMVED: SQL injection runtime prevention system based on multi-variant execution [J]. Journal on Communications, 2021, 42(4): 127-138. |
[6] | Yongjin HU,Yuanbo GUO,Jun MA,Han ZHANG,Xiuqing MAO. Method to generate cyber deception traffic based on adversarial sample [J]. Journal on Communications, 2020, 41(9): 59-70. |
[7] | Xiaohui YANG,Xiaoming LIU. Local outlier factor algorithm based on correction of bidirectional neighbor [J]. Journal on Communications, 2020, 41(8): 130-140. |
[8] | Debin WEI,Ting SHEN,Li YANG,Yaowen QI. Network queue scheduling algorithm based on self-similar traffic level grading prediction [J]. Journal on Communications, 2020, 41(4): 182-189. |
[9] | Jie WANG,Lili YANG,Min YANG. Multitier ensemble classifiers for malicious network traffic detection [J]. Journal on Communications, 2018, 39(10): 155-165. |
[10] | Yong WANG,Huiyi ZHOU,Hao FENG,Miao YE,Wenlong KE. Network traffic classification method basing on CNN [J]. Journal on Communications, 2018, 39(1): 14-23. |
[11] | De-guang LE,Sheng-rong GONG,Shao-gang WU,Feng XU,Wen-sheng LIU. Penetration test method using blind SQL injection based on second-order fragment and reassembly [J]. Journal on Communications, 2017, 38(Z1): 73-82. |
[12] | Cai-xia SONG,Guo-zhen TAN,Nan DING,Jun-ling BU,Fu-xin ZHANG,Ming-jian LIU. Application oriented cross-layer multi-channel MAC protocol for VANET [J]. Journal on Communications, 2016, 37(5): 95-105. |
[13] | Zhong-da TIAN,Shu-jiang LI,Yan-hong WANG,Xiang-dong WANG. Network traffic multi-step prediction based on chaos theory and improved echo state network [J]. Journal on Communications, 2016, 37(3): 55-70. |
[14] | Yan JIA,He WANG,Shao-qing LYU,Yu-qing ZHANG. Research on HTML5 application cache poison attack [J]. Journal on Communications, 2016, 37(10): 149-157. |
[15] | . Research on second-order SQL injection techniques [J]. Journal on Communications, 2015, 36(Z1): 85-93. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|