A novel approach to detect injection attacks was presented by identifying characteristics of injection attacks and using a neural network model to determine the likelihood that a given query is malicious. Based on the recognition of SQL character injec-tion attack, the analysis model comes into being used to determine whether to inject SQL statements of model by using a large number of known data and the neural network algorithm. After that, based on the neural network model presented, the user input SQL statement can be directly analyzed and processed. This approach is implemented in a proxy that locates between a Web ap-plication and a database and prevents suspected malicious queries from being executed. This requires no modification of existing application code and is capable of identifying un-known attacks. Experimental results show that the model can effectively improve the accuracy and efficiency of the detection.%针对SQL注入漏洞检测问题,本文提出一种基于人工神经元网络的SQL注入漏洞的分析模型。该模型在识别SQL关键字注入攻击特点的基础上,利用人工神经元网络算法对SQL注入语句进行检测,能够直接分析SQL语句,判断用户输入的SQL语句是否为SQL注入的语句。实现上,通过在Web应用程序和数据库中间加一个代理来实现分析和检测过程,从而无需修改已有应用的代码。通过对实验结果的分析证明该模型可提高SQL注入漏洞检测的准确率和执行效率。
展开▼
