摘 要:随着基于Web 的应用程序越来越普及,攻击者常通过欺骗服务器管理者执行恶意的SQL 命令,获取数据和用户密码等信息,而获取数据库控制权限。本文阐述了SQL 注入攻击的类型和研究现状,探索利用机器学习方法对其进行检测识别的方法。对URL 进行有效信息提取,将原始数据特征转换为机器可识别的数值型特征,设计随机森林算法模型和规则检验。实验证明当前检测模型具有较高的准确率和召回率。
关键词:SQL 注入;机器学习;随机森林
中图分类号:TP309.7 文献标识码:A 文章编号:2096-4706(2019)15-0146-04
Research on SQL Injection Recognition Algorithms Based on Random Forest
CHEN Yonghua
(Information Center of Sichuan Business Department,Chengdu 610081,China)
Abstract:With Web-based applications are becoming more and more popular. Attackers often obtain database control rights by deceiving server administrators to execute malicious SQL commands,obtain data and user passwords,and so on. This paper describes the types and research status of SQL injection attacks,and explores the use of machine learning methods to detect and identify them. To extract effective information from URL,transform the original data features into machine-recognizable numerical features,and design random forest algorithm model and rule checking. Experiments show that the current detection model has high accuracy and recall rate.
Keywords:SQL injection;machine learning;random forest
参考文献:
[1] 罗丽红,柯灵,杨华琼.web 安全之SQL 注入漏洞及其防御 [J]. 网络安全技术与应用,2017(11):81-82.
[2] 万欣. 网络日志在网络信息安全中的应用 [J]. 网络空间安全,2018,9(3):78-81.
[3] 刘祎璠. 基于静态分析的SQL 注入漏洞检测方法研究 [D].长沙:湖南大学,2015.
[4] 郑彦,蒋磊. 基于机器学习的SQL 注入检测技术研究 [D].南京:南京邮电大学,2017.
作者简介:陈拥华(1971.08-),男,汉族,四川安岳人,工程师,工学学士,研究方向:网络安全、人工智能。