[1] 360安全.2016年中国网站安全漏洞形势分析报告[EB/OL].(2017-01-05)[2017-06-20]. http://bobao.360.cn/news/detail/3905.html.(360 safe. Analysis report of Chinese Website security vulnerability in 2016[EB/OL]. (2017-01-05)[2017-06-20]. http://bobao.360.cn/news/detail/3905.html.) [2] 王丹,赵文兵,丁治明.Web应用常见注入式安全漏洞检测关键技术综述[J].北京工业大学学报,2016,42(12):1822-1832.(WANG D, ZHAO W B, DING Z M. Review of detection for injection vulnerability of Web applications[J]. Journal of Beijing University of Technology, 2016, 42(12):1822-1832.) [3] youyou0635.2016年度Web漏洞统计之Exploit-db[EB/OL].(2017-01-23)[2017-06-20].http://www.freebuf.com/vuls/125382.html. (youyou0635. Web vulnerability statistics from Exploit-db in 2016[EB/OL]. (2017-01-23)[2017-06-20]. http://www.freebuf.com/vuls/125382.html.) [4] KAR D, PANIGRAHI S, SUNDARARAJAN S. SQLiDDS:SQL injection detection using query transformation and document similarity[C]//Proceedings of the 2015 International Conference on Distributed Computing and Internet Technology. Berlin:Springer, 2015:377-390. [5] 赵宇飞,熊刚,贺龙涛,等.面向网络环境的SQL注入行为检测方法[J].通信学报,2016,37(2):88-97.(ZHAO Y F, XIONG G, HE L T, et al. Approach to detection SQL injection behaviors in network environment[J]. Journal on Communications, 2016, 37(2):88-97.) [6] PRIYAA B D, DEVI M I. Fragmented query parse tree based SQL injection detection system for Web applications[C]//Proceedings of the 2016 International Conference on Computing Technologies and Intelligent Data Engineering. Piscataway, NJ:IEEE, 2016:1-5. [7] 范春荣.基于Web日志的入侵检测系统设计与实现[D].石家庄:河北科技大学,2011:4-36.(FAN C R. Design and implementation of the Web log-based intrusion detection system[D]. Shijiazhuang:Hebei University of Science and Technology, 2011:4-36.) [8] NGUYEN-TUONG A, GUARNIERI S, GREENE D, et al. Automatically hardening Web applications using precise tainting[C]//SEC 2005:IFIP International Information Security Conference on Security and Privacy in the Age of Ubiquitous Computing. Berlin:Springer, 2005:295-307. [9] 王溢,李舟军,郭涛.防御代码注入式攻击的字面值污染方法[J].计算机研究与发展,2012,49(11):2414-2423.(WANG Y, LI Z J, GUO T. Literal tainting method for preventing code injection attack in Web application[J]. Journal of Computer Research and Development, 2012, 49(11):2414-2423.) [10] GOLEMON S. Extending and Embedding PHP[M]. Indianapolis, Indiana:SAMS Publishing, 2006:269. [11] WANG Y, WANG D, ZHAO W, et al. Detecting SQL vulnerability attack based on the dynamic and static analysis technology[C]//Proceedings of the 2015 IEEE Computer Software & Applications Conference. Piscataway, NJ:IEEE, 2015:604-607. [12] 陆开奎.基于动态污点分析的漏洞攻击检测技术研究与实现[D].成都:电子科技大学,2013:28-35.(LU K K. The research and realization of dynamic taint analysis based security attack detection technology[D]. Chengdu:University of Electronic Science and Technology of China, 2013:28-35.) [13] BREIMAN L. Random forest[J]. Machine Learning, 2001, 45(1):5-32. [14] The PHP Group. Zend Engine 2 opcode[EB/OL]. (2017-05-25)[2017-08-26]. http://php.net/manual/zh/internals2.opcodes.php. [15] 吴江.SQL语言预编译器的构架——基于Linux操作系统[D].北京:北京化工大学,2002:15-37.(WU J. The construction of complier for SQL-basing on Linux operating system[D]. Beijing:Beijing University of Chemical Technology, 2002:15-37.) [16] 张炘,廖频,郭波.一种挖掘频繁闭项集的深度优先算法[J].计算机应用,2010,30(3):806-809.(ZHANG X, LIAO P, GUO B. Depth-first search algorithm for mining frequent closed itemsets[J]. Journal of Computer Applications, 2010, 30(3):806-809.) [17] LIN D. An information-theoretic definition of similarity[C]//ICML'98:Proceedings of the Fifteenth International Conference on Machine Learning. Madison:Morgan Kaufmann, 1998:296-304. [18] ABOU-ASSALEH T, CERCONE N, KEŠELJ V, et al. N-gram-based detection of new malicious code[C]//Proceedings of the 28th Annual International Computer Software & Applications Conference-Workshops & Fast Abstracts. Washington, DC:IEEE Computer Society, 2004, 2:41-42. [19] SWANHART J. greenlion/PHP-SQL-parser[EB/OL]. (2016-08-01)[2017-06-20]. https://github.com/greenlion/PHP-SQL-Parser. [20] TRIET P T M. SQL-injection-payloads[EB/OL]. (2017-08-20)[2017-08-26]. https://github.com/trietptm/SQL-Injection-Payloads/blob/master/LINKS.md. [21] 360.360_safe3.php[EB/OL]. (2017-05-29)[2017-08-26]. https://github.com/luislv/easycms/blob/master/lib/plugins/filecheck/tool/360_safe3.php. [22] safedog. safedog[EB/OL]. (2017-04-26)[2017-08-26]. http://www.safedog.cn/website_safedog.html. |