現(xiàn)實(shí)web環(huán)境中的應(yīng)用程序存在著許多的安全威脅。在眾多的安全威脅中，SQL注入攻擊是危險(xiǎn)性最高的攻擊之一，嚴(yán)重威脅著如金融，娛樂(lè)，電子商務(wù)等行業(yè)的系統(tǒng)安全。與此同時(shí)，由于云計(jì)算技術(shù)的發(fā)展，越來(lái)越多的應(yīng)用程序被部署到云中。這些應(yīng)用程序獲得了快速?gòu)椥曰峙溆?jì)算資源的能力以及低廉的運(yùn)營(yíng)成本等優(yōu)勢(shì)。然而，部署在云上的應(yīng)用程序同樣也會(huì)遭受SQL注入攻擊。SQL注入攻擊是一種代碼注入攻擊方式，它通過(guò)利用代碼中存在的SQL注入漏洞來(lái)攻擊后臺(tái)的數(shù)據(jù)庫(kù)系統(tǒng)。該攻擊可以導(dǎo)致很多嚴(yán)重的后果，如攻擊者可以利用它來(lái)繞過(guò)身份認(rèn)證、訪問(wèn)存儲(chǔ)在數(shù)據(jù)庫(kù)中的用戶隱私信息、修改數(shù)據(jù)庫(kù)的結(jié)構(gòu)甚至破壞整個(gè)數(shù)據(jù)庫(kù)。過(guò)去的幾年里，攻擊者設(shè)計(jì)出了多種攻擊手段，如聯(lián)合查詢攻擊、恒真式、多查詢語(yǔ)句和繞過(guò)探測(cè)等技術(shù)。并且，可以融合多種攻擊手段來(lái)達(dá)到破壞后臺(tái)數(shù)據(jù)庫(kù)系統(tǒng)的目的。SQL注入攻擊成功實(shí)行的主要原因是用戶提交的數(shù)據(jù)并沒(méi)有經(jīng)過(guò)充分的安全驗(yàn)證，而被直接拼接成SQL查詢語(yǔ)句。因此，開(kāi)發(fā)人員可以通過(guò)增加非法輸入驗(yàn)證機(jī)制來(lái)阻止SQL注入攻擊。然而這種依靠程序員編程行為的方式并沒(méi)有取得良好的防御效果。開(kāi)發(fā)人員的任何疏忽大意將會(huì)給應(yīng)用程序帶來(lái)SQ... 

【文章來(lái)源】：哈爾濱工業(yè)大學(xué)黑龍江省 211工程院校 985工程院校

【文章頁(yè)數(shù)】：73 頁(yè)

【學(xué)位級(jí)別】：碩士

【文章目錄】：
摘要
ABSTRACT
ACKNOWLEDGEMENTS
LIST OF TABLES
LIST OF FIGURES
LIST OF TABLES
CHAPTER 1 INTRODUCTION
    1.1 Research background
    1.2 Research significance
    1.3 Research status
        1.3.1 Detecting of SQLIAs in web environments
        1.3.2 Detecting SQLIAs in the cloud
        1.3.3 Assisted methods
    1.4 Contributions of this dissertation
    1.5 Organizations of this dissertation
CHAPTER 2 RELATED WORK
    2.1 SQL injection attacks
    2.2 Classification of SQLIAs
        2.2.1 Intentions of SQLIAs
        2.2.2 Attack techniques
    2.3 Detection mechanisms of SQLIAs
        2.3.1. Analysis methods
        2.3.2 Taint tracking
        2.3.3 Machine learning
        2.3.4 Parse tree
    2.4 Summary
CHAPTER 3 A DETECTION MECHANISM OF SQLIAS FOR WEBENVIRONMENTS
    3.1 Web environments
    3.2 SQLIAs in web environments
    3.3 The proposed mechanism
        3.3.1 Architecture
        3.3.2 Detailed algorithms
    3.4 Summary
CHAPTER 4 A DETECTION MECHANISM OF SQLIAS FOR CLOUD-ASSISTED WBANS
    4.1 Cloud-assisted WBANs
    4.2 SQLIAs in cloud-assisted WBANs
    4.3 The proposed mechanism
        4.3.1 Architecture
        4.3.2 Detailed algorithms
    4.4 Chapter summary
CHAPTER 5 EXPERIMENTAL RESULTS AND ANALYSIS
    5.1 Test set
    5.2 Experiments of web environments
        5.2.1 Implementation of DSD
        5.2.2 Environments setting
        5.2.3 Experimental results
    5.3 Experiments of cloud-assisted WBANs
        5.3.1 Environments setting
        5.3.2 Experimental results
    5.4 Comparisons of detection methods
        5.4.1 Comparison of detection methods by attack types
        5.4.2 Comparison of detection methods by characteristics
    5.5 Summary
CONCLUSION
REFERENCES
APPENDICES



本文編號(hào)：3128959