Focused on the issue that the existing password evaluation models cannot be used universally, and there is no evaluation model applicable from simple passwords to very complex passwords. A password evaluation model was designed based on multi-model ensemble learning. Firstly, an actual password training set was used to train multiple existing password evaluation models as the sub-models. Secondly, a multiple trained evaluation sub-models were used as the base learners for ensemble learning, and the ensemble learning strategy which designed to be partial to weakness, was used to get all advantages of sub-models. Finally, a common password evaluation model with high accuracy was obtained. Actual user password set that leaked on the network was used as the experimental data set. The experimental results show that the multi-model ensemble learning model used to evaluate the password strength of different complexity passwords, has a high accuracy and is universal. The proposed model has good applicability in the evaluation of passwords.

The SQL (Structured Query Language) injection attack is a threat to Web applications. Aiming at SQL injection behaviors in PHP (Hypertext Preprocessor) applications, a model of detecting SQL injection behaviors based on tainting technology was proposed. Firstly, an SQL statement was obtained when an SQL function was executed, and the identity information of the attacker was recorded through PHP extension technology. Based on the above information, the request log was generated and used as the analysis source. Secondly, the SQL parsing process with taint marking was achieved based on SQL grammar analysis and abstract syntax tree. By using tainting technology, multiple features which reflected SQL injection behaviors were extracted. Finally, the random forest algorithm was used to identify malicious SQL requests. The experimental results indicate that the proposed model gets a high accuracy of 96.9%, which is 7.2 percentage points higher than that of regular matching detection technology. The information acquisition module of the proposed model can be loaded in an extended form in any PHP application; therefore, it is transplantable and applicable in security audit and attack traceability.

For fairing requirements of the T-Bézier curve, the T-Bézier curve was smoothed by using the energy method. A control point of the T-Bézier curve was modified by using the energy method to make the T-Bézier curve smooth, while it was shown how the interference factor α influenced the smoothness of the T-Bézier curve. It was obtained a method that a fairing T-Bézier curve would be obtained by moving a control point: the α could be determined before the new control point would be found out, the new T-Bézier curve was produced by these new control points. The whole curve would be smoothed: firstly, the interference factors {α_i}_i=1ⁿ were determined; secondly, the equation system whose coefficient matrix was a real symmetric matrix tridiagonal was solved; thirdly, the new control points {P_i}_i=0ⁿ were obtained; finally, the new T-Bézier curve could be produced. Not only overall fairness of the T-Bézier curve but also C² continuity of data points was achieved. Finally, it was shown that the proposed algorithm is simple, practical and effective by three examples.