Journal of Computer Applications ›› 2023, Vol. 43 ›› Issue (5): 1534-1542.DOI: 10.11772/j.issn.1001-9081.2022040636
Special Issue: 网络空间安全
• Cyber security • Previous Articles Next Articles
Received:
2022-05-07
Revised:
2022-06-21
Online:
2022-07-26
Published:
2023-05-10
Contact:
Chengwan HE
About author:
LIU Jihui, born in 1996, M. S. candidate. His research interests include data security.Supported by:
通讯作者:
何成万
作者简介:
刘吉会(1996—),男,湖北麻城人,硕士研究生,主要研究方向:数据安全基金资助:
CLC Number:
Jihui LIU, Chengwan HE. Online detection of SQL injection attacks based on ECA rules and dynamic taint analysis[J]. Journal of Computer Applications, 2023, 43(5): 1534-1542.
刘吉会, 何成万. 基于ECA规则和动态污点分析的SQL注入攻击在线检测[J]. 《计算机应用》唯一官方网站, 2023, 43(5): 1534-1542.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2022040636
编号 | 类型 | 测试用例 | 攻击字符信息 | 检测结果 |
---|---|---|---|---|
1 | 重言式 | SELECT * FROM user_data WHERE last_name = 'Smith' or '1'='1' | ',or,',',=,' | √ |
2 | 非法或逻辑错误查询 | SELECT * FROM user_data WHERE last_name = 'Smith'' | ' | √ |
3 | 联合查询 | SELECT * FROM user_data WHERE last_name ='' union select userid,user_name,password,null,null,cookie,null from user_system_data -- ' | ',password,null,null,null,from,select,union,-- | √ |
4 | 堆叠查询 | SELECT * FROM user_data WHERE last_name = ''; select * from user_system_data -- ' | ',from,select,;,-- | √ |
5 | 构造函数 | select * from users where pwd=system_user() | system_user,(,) | √ |
6 | 推理查询 | select * from users where name='Smith' and '1'='1' select * from users where name='Smith' and '1'='2' | ',and,',',=,' | √ |
Tab. 1 SQL injection test cases and detection results
编号 | 类型 | 测试用例 | 攻击字符信息 | 检测结果 |
---|---|---|---|---|
1 | 重言式 | SELECT * FROM user_data WHERE last_name = 'Smith' or '1'='1' | ',or,',',=,' | √ |
2 | 非法或逻辑错误查询 | SELECT * FROM user_data WHERE last_name = 'Smith'' | ' | √ |
3 | 联合查询 | SELECT * FROM user_data WHERE last_name ='' union select userid,user_name,password,null,null,cookie,null from user_system_data -- ' | ',password,null,null,null,from,select,union,-- | √ |
4 | 堆叠查询 | SELECT * FROM user_data WHERE last_name = ''; select * from user_system_data -- ' | ',from,select,;,-- | √ |
5 | 构造函数 | select * from users where pwd=system_user() | system_user,(,) | √ |
6 | 推理查询 | select * from users where name='Smith' and '1'='1' select * from users where name='Smith' and '1'='2' | ',and,',',=,' | √ |
Web应用 | SQL注入攻击 的样本数 | 成功检测到 攻击的样本数 | 准确率/% |
---|---|---|---|
bookstore | 679 | 679 | 99.42 |
WebGoat | 527 | 520 |
Tab. 2 Detection results of malicious request samples
Web应用 | SQL注入攻击 的样本数 | 成功检测到 攻击的样本数 | 准确率/% |
---|---|---|---|
bookstore | 679 | 679 | 99.42 |
WebGoat | 527 | 520 |
Web应用 | 正常请求的样本数 | 检测到SQL注入行为的样本数 |
---|---|---|
bookstore | 449 | 0 |
WebGoat | 396 | 0 |
Tab. 3 Detection results of normal request samples
Web应用 | 正常请求的样本数 | 检测到SQL注入行为的样本数 |
---|---|---|
bookstore | 449 | 0 |
WebGoat | 396 | 0 |
检测方法来源 | SQL注入类型 | |||||
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
文献[ | * | * | * | * | * | * |
文献[ | √ | × | × | × | × | × |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
本文 | √ | √ | √ | √ | √ | √ |
Tab. 4 Comparison of detection capability of different methods
检测方法来源 | SQL注入类型 | |||||
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
文献[ | * | * | * | * | * | * |
文献[ | √ | × | × | × | × | × |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
文献[ | √ | √ | √ | √ | √ | √ |
本文 | √ | √ | √ | √ | √ | √ |
检测方法来源 | 额外配置 | 自动化程度 | 加载检测模块 |
---|---|---|---|
文献[ | 无 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
文献[ | PHP解释器 | automated | 离线加载 |
文献[ | C++重载 | automated | 离线加载 |
文献[ | 继承和替代字符串类 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
本文 | 无 | automated | 在线加载 |
Tab. 5 Comparison of deployment requirements for different methods
检测方法来源 | 额外配置 | 自动化程度 | 加载检测模块 |
---|---|---|---|
文献[ | 无 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
文献[ | PHP解释器 | automated | 离线加载 |
文献[ | C++重载 | automated | 离线加载 |
文献[ | 继承和替代字符串类 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
文献[ | 无 | automated | 离线加载 |
本文 | 无 | automated | 在线加载 |
应用 | 注入点 | 请求 类型 | 平均响应时间 | |
---|---|---|---|---|
加载前 | 加载后 | |||
WebGoat | attack5a | 正常 | 18 | 29 |
恶意 | 12 | 16 | ||
attack5b | 正常 | 9 | 15 | |
恶意 | 9 | 14 | ||
bookstore | Login.jsp | 正常 | 23 | 24 |
恶意 | 17 | 30 |
Tab. 6 Comparison of average response time before and after loading injection points
应用 | 注入点 | 请求 类型 | 平均响应时间 | |
---|---|---|---|---|
加载前 | 加载后 | |||
WebGoat | attack5a | 正常 | 18 | 29 |
恶意 | 12 | 16 | ||
attack5b | 正常 | 9 | 15 | |
恶意 | 9 | 14 | ||
bookstore | Login.jsp | 正常 | 23 | 24 |
恶意 | 17 | 30 |
1 | GUPTA H, MONDAL S, RAY S, et al. Impact of SQL injection in database security[C]// Proceedings of the 2019 International Conference on Computational Intelligence and Knowledge Economy. Piscataway: IEEE, 2019: 296- 299. 10.1109/iccike47802.2019.9004430 |
2 | LEKSHMI A S SAI, DEVIPRIYA V S. An emulation of SQL injection disclosure and deterrence[C]// Proceedings of the 2017 International Conference on Networks and Advances in Computational Technologies. Piscataway: IEEE, 2017: 314- 316. 10.1109/netact.2017.8076787 |
3 | 王小群, 丁丽, 严寒冰, 等. 2020年我国互联网网络安全态势综述[J]. 保密科学技术, 2021( 5): 3- 10. |
WANG X Q, DING L, YAN H B, et al. Review of Internet network security situation of China in 2020[J]. Secrecy Science and Technology, 2021( 5): 3- 10. | |
4 | Open Web Application Security Project. OWASP TOP 10 — 2017: the ten most critical Web application security risks[EB/OL]. [ 2022-04-25]. . |
5 | RAY D, LIGATTI J. Defining code-injection attacks[J]. ACM SIGPLAN Notices, 2012, 47( 1): 179- 190. 10.1145/2103621.2103678 |
6 | RAY D, LIGATTI J. Defining injection attacks[C]// Proceedings of the 2014 International Conference on Information Security, LNCS 8783. Cham: Springer, 2014: 425- 441. |
7 | 张慧琳, 丁羽, 张利华, 等. 基于敏感字符的SQL注入攻击防御方法[J]. 计算机研究与发展, 2016, 53( 10): 2262- 2276. 10.7544/issn1000-1239.2016.20160443 |
ZHANG H L, DING Y, ZHANG L H, et al. SQL injection attack defense method based on sensitive characters[J]. Journal of Computer Research and Development, 2016, 53( 10): 2262- 2276. 10.7544/issn1000-1239.2016.20160443 | |
8 | 白鑫玉. SQL注入攻击检测技术研究[D]. 北京: 北京交通大学, 2021: 1- 5. |
BAI X Y. Research on the SQL injection attack detection technology[D]. Beijing: Beijing Jiaotong University, 2021: 1- 5. | |
9 | GOULD C, SU Z D, DEVANBU P. JDBC checker: a static analysis tool for SQL/JDBC applications[C]// Proceedings of the 26th International Conference on Software Engineering. Piscataway: IEEE, 2004: 697- 698. |
10 | BANDHAKAVI S, BISHT P, MADHUSUDAN P, et al. CANDID: preventing SQL injection attacks using dynamic candidate evaluations[C]// Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007: 12- 24. 10.1145/1315245.1315249 |
11 | HALFOND W G J, ORSO A. AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks[C]// Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering. New York: ACM, 2005: 174- 183. 10.1145/1101908.1101935 |
12 | DINN A. Byteman programmer's guide 4. 0. 13 [EB/OL]. [ 2021-10-10]. . 10.1145/1960314.1960325 |
13 | Open Web Application Security Project. WebGoat[EB/OL]. [ 2021-11-21]. . |
14 | HALFOND W G J, VIEGAS J, ORSO A. A classification of SQL injection attacks and countermeasures[C/OL]// Proceedings of the 2006 International Conference on Secure Software Engineering [2022-03-21]. . |
15 | SOEWITO B, GUNAWAN F E, HIRZI, et al. Prevention structured query language injection using regular expression and escape string[J]. Procedia Computer Science, 2018, 135: 678- 687. 10.1016/j.procs.2018.08.218 |
16 | 何成万, 青旺, 徐雅琴, 等. 基于AOP与SQL结构分析的SQLIAs动态检测及防御[J]. 计算机工程, 2018, 44( 4): 154- 160. 10.3969/j.issn.1000-3428.2018.04.025 |
HE C W, QING W, XU Y Q, et al. Dynamic detection and defense of SQLIAs based on AOP and SQL structure analysis[J]. Computer Engineering, 2018, 44( 4): 154- 160. 10.3969/j.issn.1000-3428.2018.04.025 | |
17 | MANOJ R J, CHANDRASEKHAR A, PRAVEENA M D A. An approach to detect and prevent tautology type SQL injection in Web service based on XSchema validation[J]. International Journal of Engineering and Computer Science, 2014, 10: 2319- 7242. |
18 | JOVANOVIC N, KRUEGEL C, KIRDA E. Pixy: a static analysis tool for detecting Web application vulnerabilities[C]// Proceedings of the 2006 IEEE Conference on Security and Privacy. Piscataway: IEEE, 2006: 258- 263. 10.1109/sp.2006.29 |
19 | LIVSHITS V B, LAM M S. Finding security vulnerabilities in java applications with static analysis[C]// Proceedings of the 14th USENIX Security Symposium. Berkeley: USENIX Association, 2005: 271- 286. 10.1109/msp.2004.9 |
20 | WASSERMANN G, SU Z D. Sound and precise analysis of Web applications for injection vulnerabilities[C]// Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2007: 32- 41. 10.1145/1250734.1250739 |
21 | HALDAR V, CHANDRA D, FRANZ M. Dynamic taint propagation for Java[C]// Proceedings of the 21st Annual Computer Security Applications Conference. Piscataway: IEEE, 2006: 303- 311. |
22 | WALL L, CHRISTIANSEN T, ORWANT J. Programming Perl[M]. 3rd ed. Sebastopol, CA: O’Reilly Media, Inc., 2000: 503- 503. |
23 | NGUYEN-TUONG A, GUARNIERI S, GREENE D, et al. Automatically hardening Web applications using precise tainting[C]// Proceedings of 2005 IFIP International Information Security Conference, IFIPAICT 181. Boston: Springer, 2005: 295- 307. 10.1007/0-387-25660-1_20 |
24 | RAFAILIDIS F, PANAGOS I, KATSAROS P, et al. Inlined monitors for security policy enforcement in Web applications[C]// Proceedings of the 17th Panhellenic Conference on Informatics. New York: ACM, 2013: 75- 82. 10.1145/2491845.2491861 |
25 | CHIN E, WAGNER D. Efficient character-level taint tracking for Java[C]// Proceedings of the 2009 ACM Workshop on Secure Web Services. New York: ACM, 2009: 3- 12. 10.1145/1655121.1655125 |
26 | 董敏. 基于动态污点分析的SQL注入攻击检测问题的研究[D]. 北京: 北京工业大学, 2014: 23- 39. |
DONG M. Research on the attack detection of SQL injection based on dynamic analysis[D]. Beijing: Beijing University of Technology, 2014: 23- 39. | |
27 | HALFOND W, ORSO A, MANOLIOS P. WASP: protecting Web applications using positive tainting and syntax-aware evaluation[J]. IEEE Transactions on Software Engineering, 2008, 34( 1): 65- 81. 10.1109/tse.2007.70748 |
28 | 何成万, 叶志鹏. 基于AOP和动态污点分析的SQL注入行为检测方法[J]. 电子学报, 2019, 47( 11): 2413- 2419. 10.3969/j.issn.0372-2112.2019.11.025 |
HE C W, YE Z P. SQL injection behavior detection method based on AOP and dynamic taint analysis[J]. Acta Electronica Sinica, 2019, 47( 11): 2413- 2419. 10.3969/j.issn.0372-2112.2019.11.025 | |
29 | HE C W, HE Y. A reusable SQL injection detection method for Java Web applications[J]. KSII Transactions on Internet and Information Systems, 2020, 14( 6): 2576- 2590. 10.3837/tiis.2020.06.014 |
30 | 李红灵, 邹建鑫. 基于SVM和文本特征向量提取的SQL注入检测研究[J]. 信息网络安全, 2017( 12): 40- 46. 10.3969/j.issn.1671-1122.2017.12.008 |
LI H L, ZOU J X. Research of SQL injection detection based on SVM and text feature extraction[J]. Netinfo Security, 2017( 12): 40- 46. 10.3969/j.issn.1671-1122.2017.12.008 | |
31 | 苏林萍, 刘小倩, 陈飞, 等. 基于N-Gram和TFIDF的SQL注入检测方法[J]. 计算机与数字工程, 2021, 49( 6): 1177- 1181. 10.3969/j.issn.1672-9722.2021.06.027 |
SU L P, LIU X Q, CHEN F, et al. SQL injection detection method based on N-Gram and TFIDF[J]. Computer and Digital Engineering, 2021, 49( 6): 1177- 1181. 10.3969/j.issn.1672-9722.2021.06.027 | |
32 | 任玉柱, 张有为, 艾成炜. 污点分析技术研究综述[J]. 计算机应用, 2019, 39( 8): 2302- 2309. 10.11772/j.issn.1001-9081.2019020238 |
REN Y Z, ZHANG Y W, AI C W. Survey on taint analysis technology[J]. Journal of Computer Applications, 2019, 39( 8): 2302- 2309. 10.11772/j.issn.1001-9081.2019020238 | |
33 | 王蕾, 李丰, 李炼, 等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017, 28( 4): 860- 882. |
WANG L, LI F, LI L, et al. Principle and practice of taint analysis[J]. Journal of Software, 2017, 28( 4): 860- 882. |
[1] | SUN Tianqi, HU Jianpeng, HUANG Juan, FAN Ying. Bandwidth resource prediction and management of Web applications hosted on cloud [J]. Journal of Computer Applications, 2020, 40(1): 181-187. |
[2] | WANG Shuyan, ZHENG Jiani, SUN Jiaze. Test case generation method for Web applications based on page object [J]. Journal of Computer Applications, 2020, 40(1): 212-217. |
[3] | REN Yuzhu, ZHANG Youwei, AI Chengwei. Survey on taint analysis technology [J]. Journal of Computer Applications, 2019, 39(8): 2302-2309. |
[4] | LI Jie, YU Yan, WU Jiashun. Vulnerability detection algorithm of DOM XSS based on dynamic taint analysis [J]. Journal of Computer Applications, 2016, 36(5): 1246-1249. |
[5] | ZENG Xiangfei, GUO Fan, TU Fengtao. Object-based dynamic taint analysis for J2EE program [J]. Journal of Computer Applications, 2015, 35(8): 2386-2391. |
[6] | LIU Xiaoqiang, XIE Xiaomeng, DU Ming, CHANG Shan, CAI Lizhi, LIU Zhenyu. Automated parallel software test case generation for cloud testing [J]. Journal of Computer Applications, 2015, 35(4): 1159-1163. |
[7] | FANG Dingyi, DANG Shufan, WANG Huaijun, DONG Hao, ZHANG Fan. JavaScript code protection method based on temporal diversity [J]. Journal of Computer Applications, 2015, 35(1): 72-76. |
[8] | QIN Zhiguang SONG Xu GENG Ji CHEN Wei. Markov-based survivability model for Web applications [J]. Journal of Computer Applications, 2013, 33(02): 400-403. |
[9] | WENG Lei-lei CAI Wan-dongCAI YAO Ye. Research on pressor strategy of Web application system load testing [J]. Journal of Computer Applications, 2012, 32(10): 2973-2976. |
[10] | WU Yi-lun ZHANG Bo-feng LAI Zhi-quan SU Jin-shu. Software network behavior analysis based on message semantics analysis [J]. Journal of Computer Applications, 2012, 32(01): 25-29. |
[11] | Bin-wu HUI Ming-rui CHEN Deng-pan YANG. Research and application of performance test on Web application system [J]. Journal of Computer Applications, 2011, 31(07): 1769-1772. |
[12] | . Approach to activity diagram model driven testing for Web applications [J]. Journal of Computer Applications, 2010, 30(9): 2365-2369. |
[13] | . Functional testing method for Web applications based on TTCN-3 [J]. Journal of Computer Applications, 2010, 30(8): 2185-2188. |
[14] | He-Gang Fu Lu Yan-Jun Gang Zeng. Web application test model based on action [J]. Journal of Computer Applications, 2009, 29(3): 695-699. |
[15] | TANG Di-Bin Jin-Lin WANG Hong NI. Dynamic data storage scheme in CDN - UbDP [J]. Journal of Computer Applications, 2008, 28(8): 1991-1993. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||