本文選題：SQL注入攻擊 + NDIS中間層驅(qū)動�。� 參考：《中南大學(xué)》2014年碩士論文

【摘要】：近年來,WEB系統(tǒng)遭受著日益頻繁的網(wǎng)絡(luò)安全攻擊。在眾多的網(wǎng)絡(luò)安全攻擊中,SQL注入攻擊具有相當(dāng)大的威脅性,攻擊者通過提交精心構(gòu)造的數(shù)據(jù)庫查詢代碼欺騙服務(wù)器執(zhí)行惡意的SQL命令,以獲取用戶密碼等敏感信息,進(jìn)而獲取主機(jī)控制權(quán)限等。如何防御SQL注入攻擊成為目前網(wǎng)絡(luò)安全界研究的熱點問題。 文章首先介紹了課題的研究背景以及國內(nèi)外對SQL注入攻擊的研究現(xiàn)狀,然后詳細(xì)分析了SQL注入攻擊的原理、特點、攻擊方式以及常見的語句特征,隨后總結(jié)了常見的防SQL注入攻擊的手段,并根據(jù)這些手段的不足提出一種新的解決方案,即開發(fā)一個基于NDIS中間層驅(qū)動的防SQL注入系統(tǒng)。 文章接著給出了防SQL注入系統(tǒng)的總體結(jié)構(gòu)設(shè)計,將防SQL注入系統(tǒng)分為三大模塊：基礎(chǔ)功能模塊、檢測功能模塊、防護(hù)功能模塊。隨后詳細(xì)介紹了檢測功能模塊和防護(hù)功能模塊的設(shè)計與實現(xiàn)。檢測功能模塊包括數(shù)據(jù)包的過濾、捕捉和構(gòu)造以及SQL注入攻擊規(guī)則匹配。其中數(shù)據(jù)包的過濾、捕捉和構(gòu)造利用了NDIS中間層驅(qū)動的相關(guān)技術(shù),SQL注入攻擊規(guī)則匹配則采用正則表達(dá)式來書寫攻擊規(guī)則。防護(hù)功能模塊包括黑名單和應(yīng)用層-驅(qū)動層通信。其中黑名單采用LIST_ENTRY雙向鏈表來實現(xiàn),應(yīng)用層-驅(qū)動層通信則是利用了WINDOWS驅(qū)動開發(fā)的相關(guān)技術(shù)。 文章最后給出了在局域網(wǎng)環(huán)境中對防SQL注入系統(tǒng)進(jìn)行測試的結(jié)果,測試結(jié)果表明,本系統(tǒng)能有效地檢測并防御常見的SQL注入攻擊,并且對機(jī)器的性能影響很小,因此達(dá)到了預(yù)期的設(shè)計目標(biāo)。
[Abstract]:In recent years, the Web system has been subjected to more and more frequent network security attacks.Among the numerous network security attacks, SQL injection attacks are quite threatening. The attacker spoofed the server to execute malicious SQL commands by submitting carefully constructed database query code to obtain sensitive information such as user passwords.Then access to the host control authority and so on.How to defend against SQL injection attack has become a hot issue in network security field.This paper first introduces the research background of the subject and the research status of SQL injection attack at home and abroad, then analyzes the principle, characteristics, attack methods and common sentence features of SQL injection attack in detail.Then it summarizes the common methods of preventing SQL injection attacks and proposes a new solution to prevent SQL injection attacks based on NDIS middle-tier driver.Then the paper gives the overall structure design of anti- injection system, and divides the anti- injection system into three modules: basic function module, detection function module, protection function module.Then the design and implementation of the detection function module and the protection function module are introduced in detail.The detection module includes packet filtering, capture and construction, and SQL injection attack rule matching.The filtering, capturing and constructing of data packets make use of the relevant technology of NDIS mid-layer driver to match the rules of SQL injection attack. The regular expression is used to write the attack rules.The protection function module includes blacklist and application layer-driver layer communication.The blacklist is realized by LIST_ENTRY bidirectional linked list, and the communication between application layer and driver layer is based on the technology of WINDOWS driver development.Finally, the test results of anti- injection system in LAN environment are given. The test results show that the system can effectively detect and defend against common SQL injection attacks, and has little effect on the performance of the machine.Therefore, the expected design goal has been achieved.
【學(xué)位授予單位】：中南大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 袁沛沛;王民;;SQL注入入侵的特點、實現(xiàn)以及防范[J];世界科技研究與發(fā)展;2008年03期

2 趙旭;;SQL注入何去何從[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2008年09期

3 鄭明雄,李輝,蔣朝根;基于NDIS中間層的包截獲及分析處理[J];現(xiàn)代計算機(jī)(專業(yè)版);2004年03期

，

本文編號：1741497