基于SQL注入攻击检测综述

扫码查看

原文链接

万方数据
维普

中文摘要：SQL注入攻击(SQL Injection Attack,SQLIA)是对Web安全产生严重危害的网络入侵方式之一.SQL注入语法简单、入侵收益大,攻击范围甚至可以从云系统到物联网设备中的任何基础设施,这使得SQLIA成为了十大Web威胁报告(OWASP)中最受欢迎的入侵方式.如何有效检测出Web应用中的SQLIA受到研究者的广泛关注.通过对相关文献的调研发现,对SQLIA的检测分为传统检测方法和机器学习检测方法,并进行了简要介绍.在传统检测方法中,针对检测过程是否存在多阶段检测,首次分为一阶段SQLIA检测和两阶段SQL1A检测.在机器学习检测方法中,分为传统机器学习检测方法和深度学习检测方法.把传统的机器学习检测方法分为单一机器学习和集成学习检测方法,深度学习的检测方法分为单一深度学习和算法融合的检测方法.分别从数据集、鲁棒性评估以及模型可解释性等方面提出了对未来SQLIA检测所需考虑的问题并做出了展望.

外文标题：Review of SQL Injection Attack Detection

外文摘要：SQL Injection Attack(SQLIA)is one of the network intrusion methods that can cause serious harm to web security.It is characterized by the simple syntax and the large gain of intrusion,and the range of attack can even be extended from Cloud system to any infrastructure in IoT devices,which makes SQLIA become the most popular intrusion method in the Top 10 Web Threats Report(OWASP).Therefore,how to effectively detect SQLIA in web applications has attracted lots of researchers.By investigating the literature on SQLIA detection,traditional detection methods and machine learning detection methods are categorized and briefly introduced.In the traditional detection methods,for the existence of multi-stage detection process,one-stage SQLIA detection and two-stage SQLIA detection are categorized for the first time.In machine learning detection methods,it is divided into traditional machine learning detection methods and deep learning detection methods.And the traditional machine learning detection methods are further categorized into single machine learning and integrated learning detection methods,and the deep learning detection methods are further categorized into single deep learning and algorithm fusion detection methods.Finally,the issues that need to be considered for future SQLIA detection are presented in terms of dataset,robustness assessment,and model interpretability,and outlooks are also made.

外文关键词：

SQLIAtraditional detection methodtraditional machine learning detection methoddeep learning detection method

作者：

刘洋、王慧玲、徐苗、綦小龙

展开 >

作者单位：

伊犁师范大学网络安全与信息技术学院,新疆伊宁 835000

伊犁师范大学伊犁河谷智能计算研究与应用重点实验室,新疆伊宁 835000

关键词：

SQL注入攻击传统检测方法传统机器学习检测方法深度学习检测方法

基金：

新疆维吾尔自治区自然科学基金新疆维吾尔自治区自然科学基金计算机软件新技术国家重点实验室(南京大学)学实高层次人才岗位伊犁师范大学提升学科综合实力专项自科重点项目

项目编号：

2022D01C3372021D01C467KFKT2022B30YSXSQN2200722XKZZ19

出版年：

2024

DOI：

10.20149/j.cnki.issn1008-1739.2024.01.012

计算机与网络

工业和信息化部电子无线通信专业情报网

计算机与网络

CHSSCD

影响因子：0.149

ISSN：1008-1739

年,卷(期)：2024.50(1)

参考文献量35